summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2001-04-17 10:53:27 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2001-04-17 10:53:27 +0000
commitacdf678f7d8d6335607efeb212ba2c6d915b6500 (patch)
tree0bb5a146d6af1fbb4fdbfaf7df0084467dabc653 /usr.bin/ssh
parent30c7cd665348d8d4d740c5c76195c751a8cf6148 (diff)
add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/key.c24
-rw-r--r--usr.bin/ssh/key.h3
-rw-r--r--usr.bin/ssh/readconf.c19
-rw-r--r--usr.bin/ssh/readconf.h3
-rw-r--r--usr.bin/ssh/ssh.17
-rw-r--r--usr.bin/ssh/sshconnect2.c5
6 files changed, 54 insertions, 7 deletions
diff --git a/usr.bin/ssh/key.c b/usr.bin/ssh/key.c
index fbd9f4efc51..3b9f9f78621 100644
--- a/usr.bin/ssh/key.c
+++ b/usr.bin/ssh/key.c
@@ -32,7 +32,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.24 2001/04/16 08:26:04 deraadt Exp $");
+RCSID("$OpenBSD: key.c,v 1.25 2001/04/17 10:53:24 markus Exp $");
#include <openssl/evp.h>
@@ -629,6 +629,28 @@ key_type_from_name(char *name)
return KEY_UNSPEC;
}
+int
+key_names_valid2(const char *names)
+{
+ char *s, *cp, *p;
+
+ if (names == NULL || strcmp(names, "") == 0)
+ return 0;
+ s = cp = xstrdup(names);
+ for ((p = strsep(&cp, ",")); p && *p != '\0';
+ (p = strsep(&cp, ","))) {
+ switch (key_type_from_name(p)) {
+ case KEY_RSA1:
+ case KEY_UNSPEC:
+ xfree(s);
+ return 0;
+ }
+ }
+ debug3("key names ok: [%s]", names);
+ xfree(s);
+ return 1;
+}
+
Key *
key_from_blob(char *blob, int blen)
{
diff --git a/usr.bin/ssh/key.h b/usr.bin/ssh/key.h
index 251c565aa32..cee31c30a68 100644
--- a/usr.bin/ssh/key.h
+++ b/usr.bin/ssh/key.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.h,v 1.11 2001/03/12 22:02:01 markus Exp $ */
+/* $OpenBSD: key.h,v 1.12 2001/04/17 10:53:24 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -67,6 +67,7 @@ int key_type_from_name(char *name);
Key *key_from_blob(char *blob, int blen);
int key_to_blob(Key *key, u_char **blobp, u_int *lenp);
char *key_ssh_name(Key *k);
+int key_names_valid2(const char *names);
int
key_sign(
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c
index e9129258e25..cbb93b7b061 100644
--- a/usr.bin/ssh/readconf.c
+++ b/usr.bin/ssh/readconf.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.75 2001/04/15 21:28:35 stevesk Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.76 2001/04/17 10:53:25 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -110,7 +110,8 @@ typedef enum {
oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
- oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication
+ oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
+ oHostKeyAlgorithms
} OpCodes;
/* Textual representations of the tokens. */
@@ -175,6 +176,7 @@ static struct {
{ "loglevel", oLogLevel },
{ "dynamicforward", oDynamicForward },
{ "preferredauthentications", oPreferredAuthentications },
+ { "hostkeyalgorithms", oHostKeyAlgorithms },
{ NULL, 0 }
};
@@ -525,6 +527,17 @@ parse_int:
options->macs = xstrdup(arg);
break;
+ case oHostKeyAlgorithms:
+ arg = strdelim(&s);
+ if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing argument.", filename, linenum);
+ if (!key_names_valid2(arg))
+ fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
+ filename, linenum, arg ? arg : "<NONE>");
+ if (*activep && options->hostkeyalgorithms == NULL)
+ options->hostkeyalgorithms = xstrdup(arg);
+ break;
+
case oProtocol:
intptr = &options->protocol;
arg = strdelim(&s);
@@ -730,6 +743,7 @@ initialize_options(Options * options)
options->cipher = -1;
options->ciphers = NULL;
options->macs = NULL;
+ options->hostkeyalgorithms = NULL;
options->protocol = SSH_PROTO_UNKNOWN;
options->num_identity_files = 0;
options->hostname = NULL;
@@ -822,6 +836,7 @@ fill_default_options(Options * options)
options->cipher = SSH_CIPHER_NOT_SET;
/* options->ciphers, default set in myproposals.h */
/* options->macs, default set in myproposals.h */
+ /* options->hostkeyalgorithms, default set in myproposals.h */
if (options->protocol == SSH_PROTO_UNKNOWN)
options->protocol = SSH_PROTO_1|SSH_PROTO_2;
if (options->num_identity_files == 0) {
diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h
index 680068b0934..9e943f905c5 100644
--- a/usr.bin/ssh/readconf.h
+++ b/usr.bin/ssh/readconf.h
@@ -11,7 +11,7 @@
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: readconf.h,v 1.29 2001/04/12 19:15:25 markus Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.30 2001/04/17 10:53:25 markus Exp $"); */
#ifndef READCONF_H
#define READCONF_H
@@ -72,6 +72,7 @@ typedef struct {
int cipher; /* Cipher to use. */
char *ciphers; /* SSH2 ciphers in order of preference. */
char *macs; /* SSH2 macs in order of preference. */
+ char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */
int protocol; /* Protocol in order of preference. */
char *hostname; /* Real host to connect. */
char *host_key_alias; /* hostname alias for .ssh/known_hosts */
diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1
index e775d0dcbba..9e0298bd3e0 100644
--- a/usr.bin/ssh/ssh.1
+++ b/usr.bin/ssh/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.102 2001/04/10 09:13:22 itojun Exp $
+.\" $OpenBSD: ssh.1,v 1.103 2001/04/17 10:53:26 markus Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@@ -776,6 +776,11 @@ real host name when looking up or saving the host key
in the known_hosts files.
This option is useful for tunneling ssh connections
or if you have multiple servers running on a single host.
+.It Cm HostKeyAlgorithms
+Specfies the protocol version 2 host key algorithms
+that the client wants to use in order of preference.
+The default for this option is:
+.Dq ssh-rsa,ssh-dss
.It Cm HostName
Specifies the real host name to log into.
This can be used to specify nicknames or abbreviations for hosts.
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index 4acdd017172..baa4e702851 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.69 2001/04/15 08:43:47 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.70 2001/04/17 10:53:26 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
@@ -111,6 +111,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
}
+ if (options.hostkeyalgorithms != NULL)
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
+ options.hostkeyalgorithms;
/* start key exchange */
kex = kex_setup(myproposal);