The git commit 97f4d30 [1] introduced a the following change that I suspect is wrong: - if (remote_major == 2 || - (remote_major == 1 && remote_minor == 99)) { - enable_compat20(); - } else { + if (remote_major != 2 || + (remote_major == 1 && remote_minor != 99)) { The first part of condition is correctly negated to leave the same behavior for 2.0 clients, but not the second part. The correct result should look like this: + if (remote_major != 2 && + !(remote_major == 1 && remote_minor == 99)) { So we will not bail out on comparing 2.0 with 1.99 protocol versions. Additionally, if I read the RFC 4253, Section 5.1 [1] correctly, the client should not send the 1.99 identification and therefore it is also a bug of a client. But it worked before OpenSSH 7.6 and the above change is clearly wrong. This was initially discussed in Red Hat bugzilla [3]. [1] https://github.com/openssh/openssh-portable/commit/97f4d3083b036ce3e68d6346a6140a22123d5864#diff-4035368a40ab0fedd413faefcbf832d7 [2] https://tools.ietf.org/html/rfc4253#section-5.1 [3] https://bugzilla.redhat.com/show_bug.cgi?id=1524392#c26
Some discussion on clients sending 1.99 can be found here: https://community.hpe.com/t5/Operating-System-OpenVMS/SSH-1-99-sent-by-client-not-RFC-compliant/td-p/4688885 Jouk
Created attachment 3109 [details] don't refuse SSH-1.99 clients doh, you're quite right
Fix applied, will be in OpenSSH 7.7
closing resolved bugs as of 8.6p1 release