summaryrefslogtreecommitdiff
path: root/myproposal.h
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-12-10 22:43:19 +0000
committerDamien Miller <djm@mindrot.org>2019-12-11 19:11:07 +1100
commit75f7f22a43799f6d25dffd9d6683de1601da05a3 (patch)
treeb8d099312c196b56effb067b522564988df75cfd /myproposal.h
parent516605f2d596884cedc2beed6b262716ec76f63d (diff)
upstream: add security key types to list of keys allowed to act as
CAs; spotted by Ron Frederick OpenBSD-Commit-ID: 9bb0dfff927b4f7aa70679f983f84c69d45656c3
Diffstat (limited to 'myproposal.h')
-rw-r--r--myproposal.h6
1 files changed, 4 insertions, 2 deletions
diff --git a/myproposal.h b/myproposal.h
index d6e7977e..b393db8b 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.61 2019/11/12 19:33:08 markus Exp $ */
+/* $OpenBSD: myproposal.h,v 1.62 2019/12/10 22:43:19 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -145,7 +145,9 @@
/* Not a KEX value, but here so all the algorithm defaults are together */
#define SSH_ALLOWED_CA_SIGALGS \
HOSTKEY_ECDSA_METHODS \
+ USERKEY_ECDSA_SK_METHODS \
"ssh-ed25519," \
+ "sk-ssh-ed25519@openssh.com," \
"rsa-sha2-512," \
"rsa-sha2-256," \
"ssh-rsa"
@@ -194,7 +196,7 @@
#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT
#define KEX_CLIENT_MAC KEX_SERVER_MAC
-#define SSH_ALLOWED_CA_SIGALGS "ssh-ed25519"
+#define SSH_ALLOWED_CA_SIGALGS "ssh-ed25519,sk-ssh-ed25519@openssh.com"
#endif /* WITH_OPENSSL */