diff --git a/myproposal.h b/myproposal.h index 45db30e5b..5f528e4e1 100644 --- a/myproposal.h +++ b/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.58 2019/02/23 08:20:43 djm Exp $ */ +/* $OpenBSD: myproposal.h,v 1.59 2019/10/31 21:17:49 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -144,6 +144,24 @@ "rsa-sha2-256," \ "ssh-rsa" +#define PUBKEY_DEFAULT_PK_ALG \ + "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com," \ + "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ + "ecdsa-sha2-nistp384-cert-v01@openssh.com," \ + "ecdsa-sha2-nistp521-cert-v01@openssh.com," \ + "ssh-ed25519-cert-v01@openssh.com," \ + "rsa-sha2-512-cert-v01@openssh.com," \ + "rsa-sha2-256-cert-v01@openssh.com," \ + "ssh-rsa-cert-v01@openssh.com," \ + "sk-ecdsa-sha2-nistp256@openssh.com," \ + "ecdsa-sha2-nistp256," \ + "ecdsa-sha2-nistp384," \ + "ecdsa-sha2-nistp521," \ + "ssh-ed25519," \ + "rsa-sha2-512," \ + "rsa-sha2-256," \ + "ssh-rsa" + #else /* WITH_OPENSSL */ #define KEX_SERVER_KEX \ @@ -152,6 +170,7 @@ #define KEX_DEFAULT_PK_ALG \ "ssh-ed25519-cert-v01@openssh.com," \ "ssh-ed25519" +#define PUBKEY_DEFAULT_PK_ALG KEX_DEFAULT_PK_ALG #define KEX_SERVER_ENCRYPT \ "chacha20-poly1305@openssh.com," \ "aes128-ctr,aes192-ctr,aes256-ctr" @@ -173,6 +192,10 @@ #define SSH_ALLOWED_CA_SIGALGS "ssh-ed25519" +#define PUBKEY_DEFAULT_PK_ALG \ + "ssh-ed25519-cert-v01@openssh.com," \ + "ssh-ed25519" + #endif /* WITH_OPENSSL */ #define KEX_DEFAULT_COMP "none,zlib@openssh.com" diff --git a/servconf.c b/servconf.c index e76f9c39e..e2f44d38d 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.352 2019/09/06 14:45:34 naddy Exp $ */ +/* $OpenBSD: servconf.c,v 1.353 2019/10/31 21:17:49 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -210,7 +210,7 @@ assemble_algorithms(ServerOptions *o) ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex); ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key); ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); - ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); + ASSEMBLE(pubkey_key_types, PUBKEY_DEFAULT_PK_ALG, all_key); ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig); #undef ASSEMBLE free(all_cipher); @@ -2641,7 +2641,7 @@ dump_config(ServerOptions *o) dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ? o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG); dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ? - o->pubkey_key_types : KEX_DEFAULT_PK_ALG); + o->pubkey_key_types : PUBKEY_DEFAULT_PK_ALG); dump_cfg_string(sRDomain, o->routing_domain); /* string arguments requiring a lookup */