Home |
Licence |
FAQ |
Docs |
Download |
Keys |
Links
Mirrors |
Updates |
Feedback |
Changes |
Wishlist |
Team
Original report (<007801c2b108$5ad5a200$33db8ad8@alexin.ca>):
I believe I have found a bug in Win32 putty .53b. (found in Win2000, also tested current dev binary). I am connection to a NetBSD server 1.6 running OpenSSH 3.4 on port 443, but had the same problem on an OpenBSD server with OpenSSH 3.4. I am connecting through an authenticated Microsoft Proxy server v2 on Windows 2000, using HTTP proxy services. Using Putty, the connection conversation is: CONNECT 216.138.219.54:443 HTTP/1.1 Host: 216.138.219.54:443 Proxy-Authorization: basic YW1leeljYXNcc3RldmVfYmFya2V5OmluZXNzMTA= HTTP/1.1 407 Proxy Access Denied Server: Microsoft-IIS/5.0 Date: Tue, 31 Dec 2002 19:32:43 GMT Connection: close Proxy-Authenticate: Negotiate Proxy-Authenticate: NTLM Proxy-Authenticate: Basic realm="53.244.73.245" And the connection fails with putty event log: "2002-12-31 14:48:08 Connecting to 216.138.219.54 port 443 2002-12-31 14:48:08 Proxy error: 407 Proxy Access Denied" Using MindTerm 2.0 (an inferior java ssh client), the connection conversation is: CONNECT 216.138.219.54:443 HTTP/1.0 proxy-connection: Keep-Alive pragma: No-Cache user-agent: MindTerm/$Name: $ HTTP/1.1 407 Proxy Access Denied Server: Microsoft-IIS/5.0 Date: Tue, 31 Dec 2002 19:33:05 GMT Proxy-Authenticate: Negotiate Proxy-Authenticate: NTLM Proxy-Authenticate: Basic realm="53.244.73.245" ----------- and then ----------- CONNECT 216.138.219.54:443 HTTP/1.0 proxy-authorization: Basic YW1leeljYXNcc3RldmVfYmFya2V5OmluZXNzMTA= proxy-connection: Keep-Alive pragma: No-Cache user-agent: MindTerm/$Name: $ HTTP/1.1 200 Connection established Via: 1.1 YYZXPROXY01 SSH-1.99-OpenSSH_3.4 NetBSD_Secure_Shell-20020626 SSH-2.0-MindTerm_2.0 2.0 (non-commercial) ... encrypted, successful connection ....
Another user has experimented with this, and concluded that the problem is
that the proxy insists that the authentication scheme be "Basic
"
rather than "basic
".
RFC 2617
states that the scheme token is case-insensitive, but in the interests of
being conservative in what we send, PuTTY should probably use
"Basic
".
This bug should be fixed as of proxy.c rev 1.27.
Audit trail for this semi-bug.