Key re-exchange bug? (wodSSHServer)
Hello,
We (PuTTY) have had a report that freeSSHd, which appears to be based on WeOnlyDo, freezes when PuTTY initiates a repeat key exchange. (PuTTY only started doing this in 0.58.)
The freeSSHd in question reports a version string of WeOnlyDo-1.2.6 , which presumably corresponds to the latest version of your software. We've added that string to our list of buggy implementations, so that development snapshots of PuTTY won't initiate key re-exchanges with WeOnlyDo.
However, that's not an ideal solution security-wise. Can you confirm this as a problem in your product, and if so, say which versions it's in (and what SSH version strings they report)? In particular, if you fix it, we can restrict PuTTY's idea of buggy servers so that key re-exchange isn't needlessly avoided.
(I realise this could in principle be a freeSSHd problem rather than a WeOnlyDo one. What do you think?)
Cheers -- Jacob Nevins