- markus@cvs.openbsd.org 2001/04/17 10:53:26
[key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c] add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
This commit is contained in:
parent
4c8cff14dd
commit
982dbbcfda
|
@ -9,9 +9,12 @@
|
|||
- markus@cvs.openbsd.org 2001/04/17 08:14:01
|
||||
[sshconnect1.c]
|
||||
check for key!=NULL, thanks to costa
|
||||
- markus@cvs.openbsd.org 2001/04/17 09:52:48
|
||||
- markus@cvs.openbsd.org 2001/04/17 09:52:48
|
||||
[clientloop.c]
|
||||
handle EINTR/EAGAIN on read; ok deraadt@
|
||||
- markus@cvs.openbsd.org 2001/04/17 10:53:26
|
||||
[key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]
|
||||
add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
|
||||
|
||||
20010416
|
||||
- OpenBSD CVS Sync
|
||||
|
@ -5137,4 +5140,4 @@
|
|||
- Wrote replacements for strlcpy and mkdtemp
|
||||
- Released 1.0pre1
|
||||
|
||||
$Id: ChangeLog,v 1.1133 2001/04/17 18:09:42 mouring Exp $
|
||||
$Id: ChangeLog,v 1.1134 2001/04/17 18:11:36 mouring Exp $
|
||||
|
|
24
key.c
24
key.c
|
@ -32,7 +32,7 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: key.c,v 1.24 2001/04/16 08:26:04 deraadt Exp $");
|
||||
RCSID("$OpenBSD: key.c,v 1.25 2001/04/17 10:53:24 markus Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
|
@ -629,6 +629,28 @@ key_type_from_name(char *name)
|
|||
return KEY_UNSPEC;
|
||||
}
|
||||
|
||||
int
|
||||
key_names_valid2(const char *names)
|
||||
{
|
||||
char *s, *cp, *p;
|
||||
|
||||
if (names == NULL || strcmp(names, "") == 0)
|
||||
return 0;
|
||||
s = cp = xstrdup(names);
|
||||
for ((p = strsep(&cp, ",")); p && *p != '\0';
|
||||
(p = strsep(&cp, ","))) {
|
||||
switch (key_type_from_name(p)) {
|
||||
case KEY_RSA1:
|
||||
case KEY_UNSPEC:
|
||||
xfree(s);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
debug3("key names ok: [%s]", names);
|
||||
xfree(s);
|
||||
return 1;
|
||||
}
|
||||
|
||||
Key *
|
||||
key_from_blob(char *blob, int blen)
|
||||
{
|
||||
|
|
3
key.h
3
key.h
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: key.h,v 1.11 2001/03/12 22:02:01 markus Exp $ */
|
||||
/* $OpenBSD: key.h,v 1.12 2001/04/17 10:53:24 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
|
@ -67,6 +67,7 @@ int key_type_from_name(char *name);
|
|||
Key *key_from_blob(char *blob, int blen);
|
||||
int key_to_blob(Key *key, u_char **blobp, u_int *lenp);
|
||||
char *key_ssh_name(Key *k);
|
||||
int key_names_valid2(const char *names);
|
||||
|
||||
int
|
||||
key_sign(
|
||||
|
|
19
readconf.c
19
readconf.c
|
@ -12,7 +12,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: readconf.c,v 1.75 2001/04/15 21:28:35 stevesk Exp $");
|
||||
RCSID("$OpenBSD: readconf.c,v 1.76 2001/04/17 10:53:25 markus Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "xmalloc.h"
|
||||
|
@ -110,7 +110,8 @@ typedef enum {
|
|||
oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
|
||||
oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
|
||||
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
|
||||
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication
|
||||
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
|
||||
oHostKeyAlgorithms
|
||||
} OpCodes;
|
||||
|
||||
/* Textual representations of the tokens. */
|
||||
|
@ -175,6 +176,7 @@ static struct {
|
|||
{ "loglevel", oLogLevel },
|
||||
{ "dynamicforward", oDynamicForward },
|
||||
{ "preferredauthentications", oPreferredAuthentications },
|
||||
{ "hostkeyalgorithms", oHostKeyAlgorithms },
|
||||
{ NULL, 0 }
|
||||
};
|
||||
|
||||
|
@ -527,6 +529,17 @@ parse_int:
|
|||
options->macs = xstrdup(arg);
|
||||
break;
|
||||
|
||||
case oHostKeyAlgorithms:
|
||||
arg = strdelim(&s);
|
||||
if (!arg || *arg == '\0')
|
||||
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
||||
if (!key_names_valid2(arg))
|
||||
fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
|
||||
filename, linenum, arg ? arg : "<NONE>");
|
||||
if (*activep && options->hostkeyalgorithms == NULL)
|
||||
options->hostkeyalgorithms = xstrdup(arg);
|
||||
break;
|
||||
|
||||
case oProtocol:
|
||||
intptr = &options->protocol;
|
||||
arg = strdelim(&s);
|
||||
|
@ -732,6 +745,7 @@ initialize_options(Options * options)
|
|||
options->cipher = -1;
|
||||
options->ciphers = NULL;
|
||||
options->macs = NULL;
|
||||
options->hostkeyalgorithms = NULL;
|
||||
options->protocol = SSH_PROTO_UNKNOWN;
|
||||
options->num_identity_files = 0;
|
||||
options->hostname = NULL;
|
||||
|
@ -824,6 +838,7 @@ fill_default_options(Options * options)
|
|||
options->cipher = SSH_CIPHER_NOT_SET;
|
||||
/* options->ciphers, default set in myproposals.h */
|
||||
/* options->macs, default set in myproposals.h */
|
||||
/* options->hostkeyalgorithms, default set in myproposals.h */
|
||||
if (options->protocol == SSH_PROTO_UNKNOWN)
|
||||
options->protocol = SSH_PROTO_1|SSH_PROTO_2;
|
||||
if (options->num_identity_files == 0) {
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
/* RCSID("$OpenBSD: readconf.h,v 1.29 2001/04/12 19:15:25 markus Exp $"); */
|
||||
/* RCSID("$OpenBSD: readconf.h,v 1.30 2001/04/17 10:53:25 markus Exp $"); */
|
||||
|
||||
#ifndef READCONF_H
|
||||
#define READCONF_H
|
||||
|
@ -72,6 +72,7 @@ typedef struct {
|
|||
int cipher; /* Cipher to use. */
|
||||
char *ciphers; /* SSH2 ciphers in order of preference. */
|
||||
char *macs; /* SSH2 macs in order of preference. */
|
||||
char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */
|
||||
int protocol; /* Protocol in order of preference. */
|
||||
char *hostname; /* Real host to connect. */
|
||||
char *host_key_alias; /* hostname alias for .ssh/known_hosts */
|
||||
|
|
7
ssh.1
7
ssh.1
|
@ -34,7 +34,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh.1,v 1.102 2001/04/10 09:13:22 itojun Exp $
|
||||
.\" $OpenBSD: ssh.1,v 1.103 2001/04/17 10:53:26 markus Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSH 1
|
||||
.Os
|
||||
|
@ -776,6 +776,11 @@ real host name when looking up or saving the host key
|
|||
in the known_hosts files.
|
||||
This option is useful for tunneling ssh connections
|
||||
or if you have multiple servers running on a single host.
|
||||
.It Cm HostKeyAlgorithms
|
||||
Specfies the protocol version 2 host key algorithms
|
||||
that the client wants to use in order of preference.
|
||||
The default for this option is:
|
||||
.Dq ssh-rsa,ssh-dss
|
||||
.It Cm HostName
|
||||
Specifies the real host name to log into.
|
||||
This can be used to specify nicknames or abbreviations for hosts.
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshconnect2.c,v 1.69 2001/04/15 08:43:47 markus Exp $");
|
||||
RCSID("$OpenBSD: sshconnect2.c,v 1.70 2001/04/17 10:53:26 markus Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/md5.h>
|
||||
|
@ -111,6 +111,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
|
|||
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
|
||||
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
||||
}
|
||||
if (options.hostkeyalgorithms != NULL)
|
||||
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
|
||||
options.hostkeyalgorithms;
|
||||
|
||||
/* start key exchange */
|
||||
kex = kex_setup(myproposal);
|
||||
|
|
Loading…
Reference in New Issue