Subject: Re: sha1 hash is incorrect

Re: sha1 hash is incorrect

From: Daniel Stenberg <>
Date: Sun, 13 Jun 2010 23:57:07 +0200 (CEST)

On Sun, 13 Jun 2010, Peter Stuge wrote:

> --8<-- RFC 4253 5.1. Old Client, New Server
> Server implementations MAY support a configurable compatibility flag
> that enables compatibility with old versions. When this flag is on,
> the server SHOULD identify its 'protoversion' as "1.99".
> -->8--

There it was, thanks!

However, it says "1.99" is the same as "2.0" for a client like libssh2 so
doing the proper check doesn't help here.

This said, libssh2 doesn't check the received banner at all for version
numbers or similar.

> SSH 1 and SSH 2 protocols are not compatible, and I'm not sure that there
> would be any successful packet exchanges *at all* if the server was SSH 1
> only.

Oh, I didn't know that. I'm completely unaware of SSH1 details... Thanks for
enlightening me!

Received on 2010-06-13