BBS:      TELESC.NET.BR
Assunto:  src/syncterm/ssh.c
De:       Deuc¨
Data:     Sat, 25 Apr 2026 04:38:43 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/16c431f72e34453704dcb004
Modified Files:
	src/syncterm/ssh.c
Log Message:
syncterm: identify in SSH banner, add RSA-SHA2-512, timeout, cleanse

Four small additions in ssh.c using DeuceSSH APIs we hadn't wired up:

  - build_ssh_software_version() derives an RFC 4253 software-version
    token from syncterm_version (e.g. "SyncTERM_1.9b") and registers it
    via dssh_transport_set_version() so server admins can identify
    SyncTERM in their logs.  The build flavor (Debug suffix) is
    deliberately stripped because the version banner is sent before
    encryption is established.

  - dssh_register_rsa_sha2_512() rounds out the host-key set; we already
    advertised SHA-256.  Costs nothing and lets us interoperate with
    servers that prefer or require the SHA-512 variant.

  - dssh_session_set_timeout(60000) caps the library's peer-response
    waits at 60s.  The default is 75s; the tighter bound surfaces hung
    handshakes before users assume SyncTERM has frozen.

  - dssh_cleanse() wipes the local password buffer in ssh_connect()
    after the auth attempts finish and the kbd-interactive answer
    buffer in kbi_prompt_cb().  Prevents secrets from lingering in
    stack slots that the compiler might otherwise leave intact.

Co-Authored-By: Claude Opus 4.7 (1M context) 
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]