summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2019-07-12 04:08:40 +0000
committerDamien Miller <djm@cvs.openbsd.org>2019-07-12 04:08:40 +0000
commit77dbe3a6d01aec61ec827f376205fb6e73ab7b26 (patch)
tree5709b9456a79bb42bf8e1943bcf3bdacdfff7767 /usr.bin/ssh
parent256b376b1b8fd35b82e3c618663c0dad45500cff (diff)
include SHA2-variant RSA key algorithms in KEX proposal; allows
ssh-keyscan to harvest keys from servers that disable olde SHA1 ssh-rsa. bz#3029 from Jakub Jelen
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/ssh-keyscan.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c
index 735d4713b27..7dba318a082 100644
--- a/usr.bin/ssh/ssh-keyscan.c
+++ b/usr.bin/ssh/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.128 2019/06/28 13:35:04 deraadt Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.129 2019/07/12 04:08:39 djm Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
@@ -217,7 +217,12 @@ keygrab_ssh2(con *c)
break;
case KT_RSA:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
- "ssh-rsa-cert-v01@openssh.com" : "ssh-rsa";
+ "rsa-sha2-512-cert-v01@openssh.com,"
+ "rsa-sha2-256-cert-v01@openssh.com,"
+ "ssh-rsa-cert-v01@openssh.com" :
+ "rsa-sha2-512,"
+ "rsa-sha2-256,"
+ "ssh-rsa";
break;
case KT_ED25519:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?