Conversation
When disableHostkeyVerification is set, the verification which is time consuming in debug mode is omitted.
When a sftp session is created with Client:sftp and on client side the sshd is killed it caused unhandled exceptions.
…ha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com" algorithms
Add parameter disableHostkeyVerification
Add support for server initiated re-keying
…hm-corrections Fix implementation of ETM MAC algorithms for SSH transport
…CD-improvements feat: Implement Automated Publishing via Tag & Disable Dependabot
Early SSH 2.0 implementations often used version 1.99 to indicated SSH 2.0 with fallback to SSH 1.0. These should be treated as SSH 2.0 for the purposes of this library.
Added SSHAuthAbortError.reason field to propagate the underlying exception so we actually know what happened. This enables users to handle different error scenarios correctly.
Updated the showcase table to include the NaviTerm title and linked the name and image to the GitHub repository.
Updated alt text for images to improve accessibility and clarity.
…-support Support SSH-1.99 version
…A sign-request flag
…for request failures
…/pr-139-agent-forwarding feat: add SSH agent forwarding support
…g and SFTP packet consistency
…g-coverage-roadmap test: increase coverage and organize unit/integration suites
📝 WalkthroughWalkthrough此 PR 将包版本提升到 2.15.0 并引入多项代码与配置变更:新增 SSH 代理子系统(SSHAgentHandler、SSHKeyPairAgent、SSHAgentChannel)及代理转发请求支持;添加 X11 转发相关 API 与通道类型;在 SSHClient 上暴露并可定制 ident 字段;改进传输关闭时对待处理队列/请求的失败传播并扩展错误类型以携带底层原因;修复 HTTP 响应解析与 SFTP 编码/解码问题;新增并调整大量单元/集成测试;更新项目配置与元文件(.gitignore、codecov.yml、dart_test.yaml、CHANGELOG、README 等)。 Possibly related PRs
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
…iles Fixed redundant library declarations in test files and improved error handling logic: 1. Removed redundant library declarations from test files 2. Added a toString method to SSHAuthAbortError 3. Added a failAll method to AsyncQueue to handle pending waits 4. Improved HTTP header validation and RSA signature verification 5. Updated the contributor format in CHANGELOG.md 6. Enhanced the connection closure logic in SSHClient 7. Added validation logic for the ident parameter
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
…nnection is closed Added a maximum frame size limit for SSHAgentChannel to prevent memory exhaustion Fixed an issue where the authentication timeout timer was not reset when the connection was closed Improved error handling to ensure error messages are properly passed when the connection is closed
There was a problem hiding this comment.
🧹 Nitpick comments (1)
lib/src/ssh_agent.dart (1)
96-104: RSA 回退路径可能忽略客户端请求的签名算法。当
_rsaKeyFrom返回null时(即遇到未知的 RSA 密钥类型),代码回退到identity.sign(data)。但此时signatureType(由 flags 决定,可能是 SHA-256 或 SHA-512)被忽略,签名可能使用默认的 SHA-1 算法,与客户端请求不符。建议在回退路径中记录警告日志,或者在签名类型不匹配时返回失败响应。
♻️ 可选的改进方案
SSHRsaSignature _signRsa( SSHKeyPair identity, Uint8List data, String signatureType, ) { final key = _rsaKeyFrom(identity); if (key == null) { final signature = identity.sign(data); if (signature is SSHRsaSignature) { + // Note: The signature may not use the requested algorithm (signatureType) + // since we're falling back to the identity's default signing behavior. return signature; } throw StateError( 'RSA signing requested but identity produced non-RSA signature: ${signature.runtimeType}'); }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@lib/src/ssh_agent.dart` around lines 96 - 104, When _rsaKeyFrom(identity) returns null, the fallback uses identity.sign(data) but ignores the requested signatureType/flags and may produce a SHA-1 RSA signature; update the fallback in the signer code (the block around _rsaKeyFrom, identity.sign, and SSHRsaSignature) to validate that the produced signature matches the requested signatureType (derived from flags) and if it does not, either log a warning and reject/return a failure response or explicitly produce the correct algorithmed signature; ensure you reference the signatureType/flags when deciding acceptance so callers receive a matching-algorithm result rather than an incorrect default.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@lib/src/ssh_agent.dart`:
- Around line 96-104: When _rsaKeyFrom(identity) returns null, the fallback uses
identity.sign(data) but ignores the requested signatureType/flags and may
produce a SHA-1 RSA signature; update the fallback in the signer code (the block
around _rsaKeyFrom, identity.sign, and SSHRsaSignature) to validate that the
produced signature matches the requested signatureType (derived from flags) and
if it does not, either log a warning and reject/return a failure response or
explicitly produce the correct algorithmed signature; ensure you reference the
signatureType/flags when deciding acceptance so callers receive a
matching-algorithm result rather than an incorrect default.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: de9f7d0b-3f68-4cdd-b223-89c5e973884c
📒 Files selected for processing (2)
lib/src/ssh_agent.dartlib/src/ssh_client.dart
| singleConnection: singleConnection, | ||
| x11AuthenticationProtocol: authenticationProtocol, | ||
| x11AuthenticationCookie: authenticationCookie, | ||
| x11ScreenNumber: screenNumber.toString(), |
There was a problem hiding this comment.
🔴 X11 screen number encoded as UTF-8 string instead of uint32 per RFC 4254
The new sendX11Req method at lib/src/ssh_channel.dart:143 converts the integer screen number to a string via screenNumber.toString() and passes it to the SSH_Message_Channel_Request.x11 factory. The underlying message encoder at lib/src/message/msg_channel.dart:956 then writes this with writeUtf8() (a length-prefixed string). However, RFC 4254 Section 6.3.1 specifies uint32 x11 screen number — a 4-byte unsigned integer, not a string. On the wire, a string-encoded "0" produces 5 bytes (4-byte length prefix + 1-byte ASCII 0), while a uint32 0 produces 4 bytes. This mismatch means the x11-req message will be malformed when sent to any real SSH server, causing X11 forwarding requests to be rejected or misinterpreted. The roundtrip test passes only because both encode (lib/src/message/msg_channel.dart:956) and decode (lib/src/message/msg_channel.dart:852) use the same wrong string format.
Prompt for agents
The x11 screen number must be encoded as a uint32 per RFC 4254 Section 6.3.1, not as a UTF-8 string. This requires changes in multiple files:
1. In lib/src/message/msg_channel.dart:
- Change the field type of x11ScreenNumber from String? to int? (line 609)
- Update the x11 factory constructor parameter type from String to int (line 690)
- In the decode method (line 852), change reader.readUtf8() to reader.readUint32()
- In the encode method (line 956), change writer.writeUtf8(x11ScreenNumber!) to writer.writeUint32(x11ScreenNumber!)
- Update the constructor parameter this.x11ScreenNumber (line 646) accordingly
2. In lib/src/ssh_channel.dart:
- At line 143, change x11ScreenNumber: screenNumber.toString() to x11ScreenNumber: screenNumber (pass the int directly)
3. In test/src/message/msg_channel_test.dart:
- At line 199, change x11ScreenNumber: '0' to x11ScreenNumber: 0
- At line 210, change expect(decoded.x11ScreenNumber, '0') to expect(decoded.x11ScreenNumber, 0)
Was this helpful? React with 👍 or 👎 to provide feedback.
10 participants
Summary by CodeRabbit
发布说明
新功能
Bug 修复
文档
测试
Chore