• src/syncterm/ssh.c

    From Deucе@VERT to Git commit to main/sbbs/master on Sun Mar 15 01:06:05 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/a45466867429f3ad7043fb5e
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    Add missing NULL checks on malloc() in ssh_connect()

    conn_api.rd_buf and conn_api.wr_buf were allocated with malloc() but
    never checked for failure. The I/O threads started immediately after
    would dereference the NULL pointers and crash. Other connection types (conn_pty.c, conn_conpty.c, modem.c, rlogin.c) already had these
    checks; ssh.c was an oversight.

    The error paths also free(pubkey), which is either a valid allocation
    from get_public_key() or the initial NULL — both safe for free().

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Sun Mar 15 14:09:13 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/0d4a52ec4893ef1cb472f45f
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    Add missing create_conn_buf() error checks in ssh.c

    Check return values and clean up on failure, matching the pattern
    used by all other connection providers (rlogin, telnet, modem, pty,
    conpty).

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Thu Apr 23 18:36:00 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/2b39083e8614601afbacc67c
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    SyncTERM: send TERM environment variable on SSH channel

    Add an SSH "env" request (RFC 4254 §6.4) alongside the existing pty-req
    TERM, so servers that read TERM from the environment (rather than from
    the pty allocation) pick up SyncTERM's emulation string.

    Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Thu Apr 23 18:36:00 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/4781761a1bdbbe54562ed0b4
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    SyncTERM: warn the user about weak SSH host keys

    Treat any RSA-family host key under 2048 bits as weak (NIST 2024 floor;
    Ed25519 is always 256 and considered strong). The host-key verify
    callback now stashes the algorithm name and key size so the post-
    handshake UI can act on it:

    - HOSTKEY_NEW + weak: prompt "Weak host key (NNNN-bit algo)" with a
    Disconnect/Accept choice instead of silent TOFU. Under hidepopups
    (no human present) refuse the connection rather than auto-trust a
    weak key.
    - HOSTKEY_MISMATCH + weak: existing change-fingerprint dialog grows a
    "WARNING: the new key is a NNNN-bit algo, below the 2048-bit safety
    floor" block, and the title itself becomes "Fingerprint Changed —
    WEAK NNNN-bit algo key" so the warning is visible without F1.
    - Strong keys: behaviour unchanged (NEW silently TOFU's, MISMATCH
    uses the original dialog).

    Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Thu Apr 23 18:36:00 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/54ee6004c208dc090d31703f
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    SyncTERM: display SSH auth banners (RFC 4252 §5.4)

    Wire DeuceSSH's per-session banner callback to uifc.showbuf().
    Each SSH_MSG_USERAUTH_BANNER from the server is shown modally as it
    arrives during authentication; auth resumes when the user dismisses.
    Skipped under bbs->hidepopups (automated sessions with no human to
    read the banner).

    Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Sat Apr 25 04:38:43 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/16c431f72e34453704dcb004
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    syncterm: identify in SSH banner, add RSA-SHA2-512, timeout, cleanse

    Four small additions in ssh.c using DeuceSSH APIs we hadn't wired up:

    - build_ssh_software_version() derives an RFC 4253 software-version
    token from syncterm_version (e.g. "SyncTERM_1.9b") and registers it
    via dssh_transport_set_version() so server admins can identify
    SyncTERM in their logs. The build flavor (Debug suffix) is
    deliberately stripped because the version banner is sent before
    encryption is established.

    - dssh_register_rsa_sha2_512() rounds out the host-key set; we already
    advertised SHA-256. Costs nothing and lets us interoperate with
    servers that prefer or require the SHA-512 variant.

    - dssh_session_set_timeout(60000) caps the library's peer-response
    waits at 60s. The default is 75s; the tighter bound surfaces hung
    handshakes before users assume SyncTERM has frozen.

    - dssh_cleanse() wipes the local password buffer in ssh_connect()
    after the auth attempts finish and the kbd-interactive answer
    buffer in kbi_prompt_cb(). Prevents secrets from lingering in
    stack slots that the compiler might otherwise leave intact.

    Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Sat Apr 25 04:38:43 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/cc8f3254781763bddaef82b3
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    syncterm: simplify SSH auth flow; PuTTY-style KBI password autofill

    Replace the auth state machine in ssh_connect() with a flat, strongest-to-weakest order driven by the RFC 4252 "none" probe:

    1. probe; if "none" was accepted we're done
    2. publickey (if advertised)
    3. password (if advertised — stored value first, then up to 3 prompts)
    4. keyboard-interactive (if advertised)

    Each method is gated on the server's advertised list, so users aren't
    prompted for credentials the server would reject regardless (e.g. an
    OpenSSH target with PasswordAuthentication=no no longer cycles three
    dead password prompts before falling through to KBI).

    Also fixes a latent bug in the SSHNA path that unconditionally set
    auth_rc=0 on any non-error return from dssh_auth_get_methods, even
    when the response was "methods available, none-auth not accepted".

    In kbi_prompt_cb:

    - Auto-fill the saved password when the server sends exactly the
    literal prompt "Password: " (PuTTY-style: single prompt, echo off,
    literal text match). This avoids burning credentials on 2FA
    "Passcode:" prompts, GPG-style "Passphrase:" prompts, password-
    change flows, or anything else dressed up to look password-like.
    The fire-once latch ensures a wrong saved password doesn't loop;
    subsequent prompts fall through to the user.

    - Strip a trailing ':' from the server's prompt before passing it
    to uifcinput(), since uifc.input always appends ':' itself and
    "Password:" would otherwise render as "Password::".

    Drops the speculative "Cryptlib mishandles failed ssh-ed25519 publickey
    probe" gate — the comment was likely a debugging artifact, not a
    verified server behavior, and gating production logic on an
    unreproducible claim made the flow harder to reason about than the
    risk justified.

    Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Tue May 5 05:32:15 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/067482fe2025fe188e3832d1
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    Don't open an SFTP channel if "SSH Public Key" is disabled

    I need to rename that option.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Sat Jul 11 09:16:11 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/3259b99834f1bb55ae4b6e51
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    Allow aborting SFTP init during SSH connect

    Poll the SFTP INIT wait so a keystroke can abort connection
    setup instead of leaving the user stuck at Opening Channel.

    If the init wait is aborted or the SFTP recv thread exits first,
    finish the SFTP client before freeing the pending request so the
    init callback can unwind normally.

    Reference: ticket 265

    Co-Authored-By: OpenAI Codex <noreply@openai.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net