We are having issues with ConfD (6.3.1) accepting SSH connections from clients that use the IUTF8 flag from RFC 8160. Does anyone know if there are plans to add support for this flag to ConfD, or is anyone aware of any ConfD workarounds we could try?
Are you sure you are running 6.3.1? This issue was fixed in ConfD’s builtin SSH server over 2 years ago, in ConfD-6.1.1 and latest releases for older branches, and ConfD-6.2 and all later versions have the fix. Just to make sure, using OpenSSH-7.6p1 I now verified that ConfD-6.1 has the problem, while 6.3.1 does not. Perhaps you can share the output of ssh -v ... for a connection that exhibits the problem?
Below is the CHANGES note from ConfD-6.1.1 (released in January 2016, more than a year before RFC 8160 was published, at the point in time when some OpenSSH variants started to use this flag without any support from the then-current standard RFC 4254).
- confd: If an SSH client sent the non-standard opcode IUTF8 (42) in a
pty-req channel request towards the built-in SSH server, the connection
would go down. This has been fixed.
You are right. The customer complaining of this was using an older version of our product with ConfD 6.0.3. ConfD 6.3.1 does indeed solve the issue. Apologies for the confusion, and thank you very much for the quick and detailed response!