diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2001-04-17 10:53:27 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2001-04-17 10:53:27 +0000 |
commit | acdf678f7d8d6335607efeb212ba2c6d915b6500 (patch) | |
tree | 0bb5a146d6af1fbb4fdbfaf7df0084467dabc653 /usr.bin/ssh | |
parent | 30c7cd665348d8d4d740c5c76195c751a8cf6148 (diff) |
add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r-- | usr.bin/ssh/key.c | 24 | ||||
-rw-r--r-- | usr.bin/ssh/key.h | 3 | ||||
-rw-r--r-- | usr.bin/ssh/readconf.c | 19 | ||||
-rw-r--r-- | usr.bin/ssh/readconf.h | 3 | ||||
-rw-r--r-- | usr.bin/ssh/ssh.1 | 7 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect2.c | 5 |
6 files changed, 54 insertions, 7 deletions
diff --git a/usr.bin/ssh/key.c b/usr.bin/ssh/key.c index fbd9f4efc51..3b9f9f78621 100644 --- a/usr.bin/ssh/key.c +++ b/usr.bin/ssh/key.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.24 2001/04/16 08:26:04 deraadt Exp $"); +RCSID("$OpenBSD: key.c,v 1.25 2001/04/17 10:53:24 markus Exp $"); #include <openssl/evp.h> @@ -629,6 +629,28 @@ key_type_from_name(char *name) return KEY_UNSPEC; } +int +key_names_valid2(const char *names) +{ + char *s, *cp, *p; + + if (names == NULL || strcmp(names, "") == 0) + return 0; + s = cp = xstrdup(names); + for ((p = strsep(&cp, ",")); p && *p != '\0'; + (p = strsep(&cp, ","))) { + switch (key_type_from_name(p)) { + case KEY_RSA1: + case KEY_UNSPEC: + xfree(s); + return 0; + } + } + debug3("key names ok: [%s]", names); + xfree(s); + return 1; +} + Key * key_from_blob(char *blob, int blen) { diff --git a/usr.bin/ssh/key.h b/usr.bin/ssh/key.h index 251c565aa32..cee31c30a68 100644 --- a/usr.bin/ssh/key.h +++ b/usr.bin/ssh/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.11 2001/03/12 22:02:01 markus Exp $ */ +/* $OpenBSD: key.h,v 1.12 2001/04/17 10:53:24 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -67,6 +67,7 @@ int key_type_from_name(char *name); Key *key_from_blob(char *blob, int blen); int key_to_blob(Key *key, u_char **blobp, u_int *lenp); char *key_ssh_name(Key *k); +int key_names_valid2(const char *names); int key_sign( diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index e9129258e25..cbb93b7b061 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.75 2001/04/15 21:28:35 stevesk Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.76 2001/04/17 10:53:25 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -110,7 +110,8 @@ typedef enum { oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, - oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication + oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, + oHostKeyAlgorithms } OpCodes; /* Textual representations of the tokens. */ @@ -175,6 +176,7 @@ static struct { { "loglevel", oLogLevel }, { "dynamicforward", oDynamicForward }, { "preferredauthentications", oPreferredAuthentications }, + { "hostkeyalgorithms", oHostKeyAlgorithms }, { NULL, 0 } }; @@ -525,6 +527,17 @@ parse_int: options->macs = xstrdup(arg); break; + case oHostKeyAlgorithms: + arg = strdelim(&s); + if (!arg || *arg == '\0') + fatal("%.200s line %d: Missing argument.", filename, linenum); + if (!key_names_valid2(arg)) + fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.", + filename, linenum, arg ? arg : "<NONE>"); + if (*activep && options->hostkeyalgorithms == NULL) + options->hostkeyalgorithms = xstrdup(arg); + break; + case oProtocol: intptr = &options->protocol; arg = strdelim(&s); @@ -730,6 +743,7 @@ initialize_options(Options * options) options->cipher = -1; options->ciphers = NULL; options->macs = NULL; + options->hostkeyalgorithms = NULL; options->protocol = SSH_PROTO_UNKNOWN; options->num_identity_files = 0; options->hostname = NULL; @@ -822,6 +836,7 @@ fill_default_options(Options * options) options->cipher = SSH_CIPHER_NOT_SET; /* options->ciphers, default set in myproposals.h */ /* options->macs, default set in myproposals.h */ + /* options->hostkeyalgorithms, default set in myproposals.h */ if (options->protocol == SSH_PROTO_UNKNOWN) options->protocol = SSH_PROTO_1|SSH_PROTO_2; if (options->num_identity_files == 0) { diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h index 680068b0934..9e943f905c5 100644 --- a/usr.bin/ssh/readconf.h +++ b/usr.bin/ssh/readconf.h @@ -11,7 +11,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* RCSID("$OpenBSD: readconf.h,v 1.29 2001/04/12 19:15:25 markus Exp $"); */ +/* RCSID("$OpenBSD: readconf.h,v 1.30 2001/04/17 10:53:25 markus Exp $"); */ #ifndef READCONF_H #define READCONF_H @@ -72,6 +72,7 @@ typedef struct { int cipher; /* Cipher to use. */ char *ciphers; /* SSH2 ciphers in order of preference. */ char *macs; /* SSH2 macs in order of preference. */ + char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */ int protocol; /* Protocol in order of preference. */ char *hostname; /* Real host to connect. */ char *host_key_alias; /* hostname alias for .ssh/known_hosts */ diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index e775d0dcbba..9e0298bd3e0 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.102 2001/04/10 09:13:22 itojun Exp $ +.\" $OpenBSD: ssh.1,v 1.103 2001/04/17 10:53:26 markus Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -776,6 +776,11 @@ real host name when looking up or saving the host key in the known_hosts files. This option is useful for tunneling ssh connections or if you have multiple servers running on a single host. +.It Cm HostKeyAlgorithms +Specfies the protocol version 2 host key algorithms +that the client wants to use in order of preference. +The default for this option is: +.Dq ssh-rsa,ssh-dss .It Cm HostName Specifies the real host name to log into. This can be used to specify nicknames or abbreviations for hosts. diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 4acdd017172..baa4e702851 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.69 2001/04/15 08:43:47 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.70 2001/04/17 10:53:26 markus Exp $"); #include <openssl/bn.h> #include <openssl/md5.h> @@ -111,6 +111,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; } + if (options.hostkeyalgorithms != NULL) + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = + options.hostkeyalgorithms; /* start key exchange */ kex = kex_setup(myproposal); |