https://gitlab.synchro.net/main/sbbs/-/commit/16c431f72e34453704dcb004
Modified Files:
src/syncterm/ssh.c
Log Message:
syncterm: identify in SSH banner, add RSA-SHA2-512, timeout, cleanse
Four small additions in ssh.c using DeuceSSH APIs we hadn't wired up:
- build_ssh_software_version() derives an RFC 4253 software-version
token from syncterm_version (e.g. "SyncTERM_1.9b") and registers it
via dssh_transport_set_version() so server admins can identify
SyncTERM in their logs. The build flavor (Debug suffix) is
deliberately stripped because the version banner is sent before
encryption is established.
- dssh_register_rsa_sha2_512() rounds out the host-key set; we already
advertised SHA-256. Costs nothing and lets us interoperate with
servers that prefer or require the SHA-512 variant.
- dssh_session_set_timeout(60000) caps the library's peer-response
waits at 60s. The default is 75s; the tighter bound surfaces hung
handshakes before users assume SyncTERM has frozen.
- dssh_cleanse() wipes the local password buffer in ssh_connect()
after the auth attempts finish and the kbd-interactive answer
buffer in kbi_prompt_cb(). Prevents secrets from lingering in
stack slots that the compiler might otherwise leave intact.
Co-Authored-By: Claude Opus 4.7 (1M context) <
noreply@anthropic.com>
--- SBBSecho 3.37-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)