PuTTY wish zlib-openssh

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Snapshot | Docs | Changes | Wishlist

OpenSSH 4.2 introduces a variety of ZLIB compression called "zlib@openssh.com" which delays starting compression until after the server has sent SSH_MSG_USERAUTH_ACCEPT. It's configured to use only this by default (or with the "Compression delayed" option in sshd_config), which means that PuTTY cannot negotiate compression; ordinary "zlib" compression can be reinstated with "Compression yes".

The new method is specified in draft-miller-secsh-compression-delayed, currently -00.

As far as we can tell, this is inherently subject to a race condition, since the client can't know whether the server has sent that message, and hence whether it should be transmitting compressed or uncompressed packets. After the client has received USERAUTH_ACCEPT, of course, it knows that the server has sent it and can safely send compressed packets. This suggests that the following implementation would be safe (assuming throughout that the user has requested compression):

1. Before USERAUTH_ACCEPT is received, advertise "zlib,none" in KEXINIT.
2. If an incoming KEXINIT includes "zlib@openssh.com", remember that.
3. After receiving USERAUTH_ACCEPT, if the current compression algorithm is "none" and KEXINIT contained "zlib@openssh.com", initiate key re-exchange.
4. In KEXINITs after receiving USERAUTH_ACCEPT, advertise "zlib,zlib@openssh.com,none".

There's no need for PuTTY to stop supporting "zlib", since by the time we send NEWKEYS, we've authenticated the server.

Update, 2011-03-05: this is now supported, using the method described above.