conch mishandles MSG_DEBUG always_display field on Python 2

[Colin Watson]

The OpenSSH 7.7p1 interoperability regression tests fail when run against conch. The proximate cause was a change in OpenSSH that resulted in more MSG_DEBUG messages being sent in the test in question, but it's not an OpenSSH bug. Rather, the bug is in conch: when the always_display field (called alwaysDisplay by Twisted) is false, and conch is running under Python 2, it incorrectly interprets the field as true and displays the message anyway.

To reproduce, run an OpenSSH 7.7p1 server on a port of your choice, make sure that you have a key that it will consider as authorized (using ~/.ssh/authorized_keys), then do something like this:

python2 -m twisted.conch.scripts.conch --identity ~/.ssh/id_rsa --port <port> --known-hosts ~/.ssh/known_hosts -n localhost 'cat /etc/hosts' | diff -u /etc/hosts -

There should be no diff, but instead, you'll see something like this at the end, corresponding to MSG_DEBUG messages sent by OpenSSH:

+/home/cjwatson/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
+/home/cjwatson/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding

This is fine under python3 (at least on HEAD - 17.9.0 blew up for some unrelated reason that's since been fixed).

I'm working on a patch.

[Colin Watson]

​https://github.com/twisted/twisted/pull/998

[mark williams]

Thanks for the fantastic explanation and reproducing case!

​https://github.com/twisted/twisted/pull/998#pullrequestreview-112227811

[Mark Williams <mrw@…>]

In 22bc980f:

Merge pull request #998 from cjwatson/9422-conch-debug-always-display

Author: cjwatson

Reviewers: markrwilliams

Fixes: ticket:9422

Fix conch MSG_DEBUG parsing on Python 2