Expand comment on BUG_SSH2_OLDGEX to make it clear why it's necessary.

I had wondered why we couldn't just catch SSH_MSG_UNIMPLEMENTED, and
now I know: OpenSSH disconnects if the client sends
SSH_MSG_KEX_DH_GEX_REQUEST.

diff --git a/ssh.c b/ssh.c
index 9feed64d38e78611c2c024d1834d2f71ac9d30be..d1e9d71f34c374ceb05124752f74c42baa1e18c7 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -2908,7 +2908,8 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
         (wc_match("OpenSSH_2.[235]*", imp)))) {
        /*
         * These versions only support the original (pre-RFC4419)
-        * SSH-2 GEX request.
+        * SSH-2 GEX request, and disconnect with a protocol error if
+        * we use the newer version.
         */
        ssh->remote_bugs |= BUG_SSH2_OLDGEX;
        logevent("We believe remote version has outdated SSH-2 GEX");