https://gitlab.synchro.net/main/sbbs/-/commit/2b39083e8614601afbacc67c
Modified Files:
src/syncterm/ssh.c
Log Message:
SyncTERM: send TERM environment variable on SSH channel

Add an SSH "env" request (RFC 4254 §6.4) alongside the existing pty-req
TERM, so servers that read TERM from the environment (rather than from
the pty allocation) pick up SyncTERM's emulation string.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

---
￭ Synchronet ￭ Vertrauen ￭ Home of Synchronet ￭ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/4781761a1bdbbe54562ed0b4
Modified Files:
src/syncterm/ssh.c
Log Message:
SyncTERM: warn the user about weak SSH host keys

Treat any RSA-family host key under 2048 bits as weak (NIST 2024 floor;
Ed25519 is always 256 and considered strong). The host-key verify
callback now stashes the algorithm name and key size so the post-
handshake UI can act on it:

- HOSTKEY_NEW + weak: prompt "Weak host key (NNNN-bit algo)" with a
Disconnect/Accept choice instead of silent TOFU. Under hidepopups
(no human present) refuse the connection rather than auto-trust a
weak key.
- HOSTKEY_MISMATCH + weak: existing change-fingerprint dialog grows a
"WARNING: the new key is a NNNN-bit algo, below the 2048-bit safety
floor" block, and the title itself becomes "Fingerprint Changed —
WEAK NNNN-bit algo key" so the warning is visible without F1.
- Strong keys: behaviour unchanged (NEW silently TOFU's, MISMATCH
uses the original dialog).

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

---
￭ Synchronet ￭ Vertrauen ￭ Home of Synchronet ￭ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/54ee6004c208dc090d31703f
Modified Files:
src/syncterm/ssh.c
Log Message:
SyncTERM: display SSH auth banners (RFC 4252 §5.4)

Wire DeuceSSH's per-session banner callback to uifc.showbuf().
Each SSH_MSG_USERAUTH_BANNER from the server is shown modally as it
arrives during authentication; auth resumes when the user dismisses.
Skipped under bbs->hidepopups (automated sessions with no human to
read the banner).

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

---
￭ Synchronet ￭ Vertrauen ￭ Home of Synchronet ￭ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/16c431f72e34453704dcb004
Modified Files:
src/syncterm/ssh.c
Log Message:
syncterm: identify in SSH banner, add RSA-SHA2-512, timeout, cleanse

Four small additions in ssh.c using DeuceSSH APIs we hadn't wired up:

- build_ssh_software_version() derives an RFC 4253 software-version
token from syncterm_version (e.g. "SyncTERM_1.9b") and registers it
via dssh_transport_set_version() so server admins can identify
SyncTERM in their logs. The build flavor (Debug suffix) is
deliberately stripped because the version banner is sent before
encryption is established.

- dssh_register_rsa_sha2_512() rounds out the host-key set; we already
advertised SHA-256. Costs nothing and lets us interoperate with
servers that prefer or require the SHA-512 variant.

- dssh_session_set_timeout(60000) caps the library's peer-response
waits at 60s. The default is 75s; the tighter bound surfaces hung
handshakes before users assume SyncTERM has frozen.

- dssh_cleanse() wipes the local password buffer in ssh_connect()
after the auth attempts finish and the kbd-interactive answer
buffer in kbi_prompt_cb(). Prevents secrets from lingering in
stack slots that the compiler might otherwise leave intact.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

---
￭ Synchronet ￭ Vertrauen ￭ Home of Synchronet ￭ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/cc8f3254781763bddaef82b3
Modified Files:
src/syncterm/ssh.c
Log Message:
syncterm: simplify SSH auth flow; PuTTY-style KBI password autofill

Replace the auth state machine in ssh_connect() with a flat, strongest-to-weakest order driven by the RFC 4252 "none" probe:

1. probe; if "none" was accepted we're done
2. publickey (if advertised)
3. password (if advertised — stored value first, then up to 3 prompts)
4. keyboard-interactive (if advertised)

Each method is gated on the server's advertised list, so users aren't
prompted for credentials the server would reject regardless (e.g. an
OpenSSH target with PasswordAuthentication=no no longer cycles three
dead password prompts before falling through to KBI).

Also fixes a latent bug in the SSHNA path that unconditionally set
auth_rc=0 on any non-error return from dssh_auth_get_methods, even
when the response was "methods available, none-auth not accepted".

In kbi_prompt_cb:

- Auto-fill the saved password when the server sends exactly the
literal prompt "Password: " (PuTTY-style: single prompt, echo off,
literal text match). This avoids burning credentials on 2FA
"Passcode:" prompts, GPG-style "Passphrase:" prompts, password-
change flows, or anything else dressed up to look password-like.
The fire-once latch ensures a wrong saved password doesn't loop;
subsequent prompts fall through to the user.

- Strip a trailing ':' from the server's prompt before passing it
to uifcinput(), since uifc.input always appends ':' itself and
"Password:" would otherwise render as "Password::".

Drops the speculative "Cryptlib mishandles failed ssh-ed25519 publickey
probe" gate — the comment was likely a debugging artifact, not a
verified server behavior, and gating production logic on an
unreproducible claim made the flow harder to reason about than the
risk justified.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

---
￭ Synchronet ￭ Vertrauen ￭ Home of Synchronet ￭ [vert/cvs/bbs].synchro.net