merged OPENSSH_5_2P1_GSSAPI_20090831 to GPT-branch

[gssapi-openssh.git] / openssh / sshd.c

diff --git a/openssh/sshd.c b/openssh/sshd.c
index 04eeb8bb504ebb9aa62f1620d299222cb36517ea..b52ec48f808387c9573ca409cac546debb09706a 100644 (file)
--- a/openssh/sshd.c
+++ b/openssh/sshd.c
@@ -1802,6 +1802,9 @@ main(int ac, char **av)
                cleanup_exit(255);
        }
 
+       /* set the HPN options for the child */
+       channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
+
        /*
         * We use get_canonical_hostname with usedns = 0 instead of
         * get_remote_ipaddr here so IP options will be checked.
@@ -1893,9 +1896,6 @@ main(int ac, char **av)
        }
 #endif
 
-       /* set the HPN options for the child */
-       channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
-
        /*
         * We don't want to listen forever unless the other side
         * successfully authenticates itself.  So we set up an alarm which is
@@ -2328,7 +2328,6 @@ do_ssh2_kex(void)
        }
 #endif
 
-       /* start key exchange */
        /* start key exchange */
        kex = kex_setup(myproposal);
        kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
@@ -2336,9 +2335,11 @@ do_ssh2_kex(void)
        kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
        kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
 #ifdef GSSAPI
-       kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
-       kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
-       kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
+       if (options.gss_keyex) {
+               kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
+               kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
+               kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
+       }
 #endif
        kex->server = 1;
        kex->client_version_string=client_version_string;