tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: include SHA2-variant RSA key algorithms in KEX proposal; 

allows ssh-keyscan to harvest keys from servers that disable olde SHA1
ssh-rsa. bz#3029 from Jakub Jelen

OpenBSD-Commit-ID: 9f95ebf76a150c2f727ca4780fb2599d50bbab7a
This commit is contained in:
djm@openbsd.org 2019-07-12 04:08:39 +00:00 committed by Damien Miller
parent a0876bd994
commit 7250879c72
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ssh-keyscan.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keyscan.c,v 1.128 2019/06/28 13:35:04 deraadt Exp $ */ /* $OpenBSD: ssh-keyscan.c,v 1.129 2019/07/12 04:08:39 djm Exp $ */
/* /*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
* *
@ -233,7 +233,12 @@ keygrab_ssh2(con *c)
break; break;
case KT_RSA: case KT_RSA:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
"ssh-rsa-cert-v01@openssh.com" : "ssh-rsa"; "rsa-sha2-512-cert-v01@openssh.com,"
"rsa-sha2-256-cert-v01@openssh.com,"
"ssh-rsa-cert-v01@openssh.com" :
"rsa-sha2-512,"
"rsa-sha2-256,"
"ssh-rsa";
break; break;
case KT_ED25519: case KT_ED25519:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?