Add pickSSHServerVersion

Server/privatePlugins.go

@@ -23,4 +23,5 @@ package main
 
 import (
 	_ "github.com/Psiphon-Inc/psiphon-tunnel-core-private-plugins/common_plugins"
+	_ "github.com/Psiphon-Inc/psiphon-tunnel-core-private-plugins/server_plugins"
 )

psiphon/common/protocol/protocol.go

@@ -322,10 +322,15 @@ type RandomStreamRequest struct {
 	DownstreamBytes int `json:"d"`
 }
 
-func DeriveServerKEXPRNGSeed(obfuscatedKey string) (*prng.Seed, error) {
-	// By convention, the obfuscatedKey will ofetn be a hex-encoded 32 byte value,
+func DeriveSSHServerKEXPRNGSeed(obfuscatedKey string) (*prng.Seed, error) {
+	// By convention, the obfuscatedKey will often be a hex-encoded 32 byte value,
 	// but this isn't strictly required or validated, so we use SHA256 to map the
 	// obfuscatedKey to tne necessary 32-byte seed value.
 	seed := prng.Seed(sha256.Sum256([]byte(obfuscatedKey)))
-	return prng.NewSaltedSeed(&seed, "ssh-server-kex-randomization")
+	return prng.NewSaltedSeed(&seed, "ssh-server-kex")
+}
+
+func DeriveSSHServerVersionPRNGSeed(obfuscatedKey string) (*prng.Seed, error) {
+	seed := prng.Seed(sha256.Sum256([]byte(obfuscatedKey)))
+	return prng.NewSaltedSeed(&seed, "ssh-server-version")
 }

psiphon/server/config.go

@@ -417,6 +417,19 @@ func LoadConfig(configJSON []byte) (*Config, error) {
 		}
 	}
 
+	if config.ObfuscatedSSHKey != "" {
+		seed, err := protocol.DeriveSSHServerVersionPRNGSeed(config.ObfuscatedSSHKey)
+		if err != nil {
+			return nil, fmt.Errorf(
+				"DeriveSSHServerVersionPRNGSeed failed: %s", err)
+		}
+
+		serverVersion := pickSSHServerVersion(seed)
+		if serverVersion != "" {
+			config.SSHServerVersion = serverVersion
+		}
+	}
+
 	if config.UDPInterceptUdpgwServerAddress != "" {
 		if err := validateNetworkAddress(config.UDPInterceptUdpgwServerAddress, true); err != nil {
 			return nil, fmt.Errorf("UDPInterceptUdpgwServerAddress is invalid: %s", err)

psiphon/server/tunnelServer.go

@@ -1136,7 +1136,7 @@ func (sshClient *sshClient) run(
 		} else {
 			// For TUNNEL_PROTOCOL_SSH only, randomize KEX.
 			if sshClient.sshServer.support.Config.ObfuscatedSSHKey != "" {
-				sshServerConfig.KEXPRNGSeed, err = protocol.DeriveServerKEXPRNGSeed(
+				sshServerConfig.KEXPRNGSeed, err = protocol.DeriveSSHServerKEXPRNGSeed(
 					sshClient.sshServer.support.Config.ObfuscatedSSHKey)
 				if err != nil {
 					err = common.ContextError(err)
@@ -1158,8 +1158,9 @@ func (sshClient *sshClient) run(
 				nil, nil, nil)
 			if err != nil {
 				err = common.ContextError(err)
+			} else {
+				conn = result.obfuscatedSSHConn
 			}
-			conn = result.obfuscatedSSHConn
 
 			// Now seed fragmentor, when present, with seed derived from
 			// initial obfuscator message. See tactics.Listener.Accept.

psiphon/tunnel.go

@@ -755,7 +755,7 @@ func dialTunnel(
 		// its KEX; setting PeerKEXPRNGSeed will ensure successful negotiation
 		// betweem two randomized KEXes.
 		if dialParams.ServerEntry.SshObfuscatedKey != "" {
-			sshClientConfig.PeerKEXPRNGSeed, err = protocol.DeriveServerKEXPRNGSeed(
+			sshClientConfig.PeerKEXPRNGSeed, err = protocol.DeriveSSHServerKEXPRNGSeed(
 				dialParams.ServerEntry.SshObfuscatedKey)
 			if err != nil {
 				return nil, common.ContextError(err)