summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-04-17 18:11:36 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-04-17 18:11:36 +0000
commit982dbbcfda7ab9e56c4caccfba6f8920529421b7 (patch)
tree1c7d3ed45ad2f89c2e0009a188b76e6171d593a2
parent4c8cff14ddac08f1bdb393d71d9e0907d9a9215e (diff)
- markus@cvs.openbsd.org 2001/04/17 10:53:26
[key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c] add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
-rw-r--r--ChangeLog7
-rw-r--r--key.c24
-rw-r--r--key.h3
-rw-r--r--readconf.c19
-rw-r--r--readconf.h3
-rw-r--r--ssh.17
-rw-r--r--sshconnect2.c5
7 files changed, 59 insertions, 9 deletions
diff --git a/ChangeLog b/ChangeLog
index f5d9863a..011bd960 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,9 +9,12 @@
- markus@cvs.openbsd.org 2001/04/17 08:14:01
[sshconnect1.c]
check for key!=NULL, thanks to costa
- - markus@cvs.openbsd.org 2001/04/17 09:52:48
+ - markus@cvs.openbsd.org 2001/04/17 09:52:48
[clientloop.c]
handle EINTR/EAGAIN on read; ok deraadt@
+ - markus@cvs.openbsd.org 2001/04/17 10:53:26
+ [key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]
+ add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
20010416
- OpenBSD CVS Sync
@@ -5137,4 +5140,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1133 2001/04/17 18:09:42 mouring Exp $
+$Id: ChangeLog,v 1.1134 2001/04/17 18:11:36 mouring Exp $
diff --git a/key.c b/key.c
index fbd9f4ef..3b9f9f78 100644
--- a/key.c
+++ b/key.c
@@ -32,7 +32,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.24 2001/04/16 08:26:04 deraadt Exp $");
+RCSID("$OpenBSD: key.c,v 1.25 2001/04/17 10:53:24 markus Exp $");
#include <openssl/evp.h>
@@ -629,6 +629,28 @@ key_type_from_name(char *name)
return KEY_UNSPEC;
}
+int
+key_names_valid2(const char *names)
+{
+ char *s, *cp, *p;
+
+ if (names == NULL || strcmp(names, "") == 0)
+ return 0;
+ s = cp = xstrdup(names);
+ for ((p = strsep(&cp, ",")); p && *p != '\0';
+ (p = strsep(&cp, ","))) {
+ switch (key_type_from_name(p)) {
+ case KEY_RSA1:
+ case KEY_UNSPEC:
+ xfree(s);
+ return 0;
+ }
+ }
+ debug3("key names ok: [%s]", names);
+ xfree(s);
+ return 1;
+}
+
Key *
key_from_blob(char *blob, int blen)
{
diff --git a/key.h b/key.h
index 251c565a..cee31c30 100644
--- a/key.h
+++ b/key.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.h,v 1.11 2001/03/12 22:02:01 markus Exp $ */
+/* $OpenBSD: key.h,v 1.12 2001/04/17 10:53:24 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -67,6 +67,7 @@ int key_type_from_name(char *name);
Key *key_from_blob(char *blob, int blen);
int key_to_blob(Key *key, u_char **blobp, u_int *lenp);
char *key_ssh_name(Key *k);
+int key_names_valid2(const char *names);
int
key_sign(
diff --git a/readconf.c b/readconf.c
index a14d0a55..b30c61f2 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.75 2001/04/15 21:28:35 stevesk Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.76 2001/04/17 10:53:25 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -110,7 +110,8 @@ typedef enum {
oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
- oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication
+ oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
+ oHostKeyAlgorithms
} OpCodes;
/* Textual representations of the tokens. */
@@ -175,6 +176,7 @@ static struct {
{ "loglevel", oLogLevel },
{ "dynamicforward", oDynamicForward },
{ "preferredauthentications", oPreferredAuthentications },
+ { "hostkeyalgorithms", oHostKeyAlgorithms },
{ NULL, 0 }
};
@@ -527,6 +529,17 @@ parse_int:
options->macs = xstrdup(arg);
break;
+ case oHostKeyAlgorithms:
+ arg = strdelim(&s);
+ if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing argument.", filename, linenum);
+ if (!key_names_valid2(arg))
+ fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
+ filename, linenum, arg ? arg : "<NONE>");
+ if (*activep && options->hostkeyalgorithms == NULL)
+ options->hostkeyalgorithms = xstrdup(arg);
+ break;
+
case oProtocol:
intptr = &options->protocol;
arg = strdelim(&s);
@@ -732,6 +745,7 @@ initialize_options(Options * options)
options->cipher = -1;
options->ciphers = NULL;
options->macs = NULL;
+ options->hostkeyalgorithms = NULL;
options->protocol = SSH_PROTO_UNKNOWN;
options->num_identity_files = 0;
options->hostname = NULL;
@@ -824,6 +838,7 @@ fill_default_options(Options * options)
options->cipher = SSH_CIPHER_NOT_SET;
/* options->ciphers, default set in myproposals.h */
/* options->macs, default set in myproposals.h */
+ /* options->hostkeyalgorithms, default set in myproposals.h */
if (options->protocol == SSH_PROTO_UNKNOWN)
options->protocol = SSH_PROTO_1|SSH_PROTO_2;
if (options->num_identity_files == 0) {
diff --git a/readconf.h b/readconf.h
index 680068b0..9e943f90 100644
--- a/readconf.h
+++ b/readconf.h
@@ -11,7 +11,7 @@
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: readconf.h,v 1.29 2001/04/12 19:15:25 markus Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.30 2001/04/17 10:53:25 markus Exp $"); */
#ifndef READCONF_H
#define READCONF_H
@@ -72,6 +72,7 @@ typedef struct {
int cipher; /* Cipher to use. */
char *ciphers; /* SSH2 ciphers in order of preference. */
char *macs; /* SSH2 macs in order of preference. */
+ char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */
int protocol; /* Protocol in order of preference. */
char *hostname; /* Real host to connect. */
char *host_key_alias; /* hostname alias for .ssh/known_hosts */
diff --git a/ssh.1 b/ssh.1
index e775d0dc..9e0298bd 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.102 2001/04/10 09:13:22 itojun Exp $
+.\" $OpenBSD: ssh.1,v 1.103 2001/04/17 10:53:26 markus Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@@ -776,6 +776,11 @@ real host name when looking up or saving the host key
in the known_hosts files.
This option is useful for tunneling ssh connections
or if you have multiple servers running on a single host.
+.It Cm HostKeyAlgorithms
+Specfies the protocol version 2 host key algorithms
+that the client wants to use in order of preference.
+The default for this option is:
+.Dq ssh-rsa,ssh-dss
.It Cm HostName
Specifies the real host name to log into.
This can be used to specify nicknames or abbreviations for hosts.
diff --git a/sshconnect2.c b/sshconnect2.c
index 4acdd017..baa4e702 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.69 2001/04/15 08:43:47 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.70 2001/04/17 10:53:26 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
@@ -111,6 +111,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
}
+ if (options.hostkeyalgorithms != NULL)
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
+ options.hostkeyalgorithms;
/* start key exchange */
kex = kex_setup(myproposal);