- markus@cvs.openbsd.org 2001/04/17 08:14:01
[sshconnect1.c]
check for key!=NULL, thanks to costa
- - markus@cvs.openbsd.org 2001/04/17 09:52:48
+ - markus@cvs.openbsd.org 2001/04/17 09:52:48
[clientloop.c]
handle EINTR/EAGAIN on read; ok deraadt@
+ - markus@cvs.openbsd.org 2001/04/17 10:53:26
+ [key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]
+ add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
20010416
- OpenBSD CVS Sync
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.24 2001/04/16 08:26:04 deraadt Exp $");
+RCSID("$OpenBSD: key.c,v 1.25 2001/04/17 10:53:24 markus Exp $");
#include <openssl/evp.h>
return KEY_UNSPEC;
}
+int
+key_names_valid2(const char *names)
+{
+ char *s, *cp, *p;
+
+ if (names == NULL || strcmp(names, "") == 0)
+ return 0;
+ s = cp = xstrdup(names);
+ for ((p = strsep(&cp, ",")); p && *p != '\0';
+ (p = strsep(&cp, ","))) {
+ switch (key_type_from_name(p)) {
+ case KEY_RSA1:
+ case KEY_UNSPEC:
+ xfree(s);
+ return 0;
+ }
+ }
+ debug3("key names ok: [%s]", names);
+ xfree(s);
+ return 1;
+}
+
Key *
key_from_blob(char *blob, int blen)
{
-/* $OpenBSD: key.h,v 1.11 2001/03/12 22:02:01 markus Exp $ */
+/* $OpenBSD: key.h,v 1.12 2001/04/17 10:53:24 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
Key *key_from_blob(char *blob, int blen);
int key_to_blob(Key *key, u_char **blobp, u_int *lenp);
char *key_ssh_name(Key *k);
+int key_names_valid2(const char *names);
int
key_sign(
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.75 2001/04/15 21:28:35 stevesk Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.76 2001/04/17 10:53:25 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
- oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication
+ oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
+ oHostKeyAlgorithms
} OpCodes;
/* Textual representations of the tokens. */
{ "loglevel", oLogLevel },
{ "dynamicforward", oDynamicForward },
{ "preferredauthentications", oPreferredAuthentications },
+ { "hostkeyalgorithms", oHostKeyAlgorithms },
{ NULL, 0 }
};
options->macs = xstrdup(arg);
break;
+ case oHostKeyAlgorithms:
+ arg = strdelim(&s);
+ if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing argument.", filename, linenum);
+ if (!key_names_valid2(arg))
+ fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
+ filename, linenum, arg ? arg : "<NONE>");
+ if (*activep && options->hostkeyalgorithms == NULL)
+ options->hostkeyalgorithms = xstrdup(arg);
+ break;
+
case oProtocol:
intptr = &options->protocol;
arg = strdelim(&s);
options->cipher = -1;
options->ciphers = NULL;
options->macs = NULL;
+ options->hostkeyalgorithms = NULL;
options->protocol = SSH_PROTO_UNKNOWN;
options->num_identity_files = 0;
options->hostname = NULL;
options->cipher = SSH_CIPHER_NOT_SET;
/* options->ciphers, default set in myproposals.h */
/* options->macs, default set in myproposals.h */
+ /* options->hostkeyalgorithms, default set in myproposals.h */
if (options->protocol == SSH_PROTO_UNKNOWN)
options->protocol = SSH_PROTO_1|SSH_PROTO_2;
if (options->num_identity_files == 0) {
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: readconf.h,v 1.29 2001/04/12 19:15:25 markus Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.30 2001/04/17 10:53:25 markus Exp $"); */
#ifndef READCONF_H
#define READCONF_H
int cipher; /* Cipher to use. */
char *ciphers; /* SSH2 ciphers in order of preference. */
char *macs; /* SSH2 macs in order of preference. */
+ char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */
int protocol; /* Protocol in order of preference. */
char *hostname; /* Real host to connect. */
char *host_key_alias; /* hostname alias for .ssh/known_hosts */
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.102 2001/04/10 09:13:22 itojun Exp $
+.\" $OpenBSD: ssh.1,v 1.103 2001/04/17 10:53:26 markus Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
in the known_hosts files.
This option is useful for tunneling ssh connections
or if you have multiple servers running on a single host.
+.It Cm HostKeyAlgorithms
+Specfies the protocol version 2 host key algorithms
+that the client wants to use in order of preference.
+The default for this option is:
+.Dq ssh-rsa,ssh-dss
.It Cm HostName
Specifies the real host name to log into.
This can be used to specify nicknames or abbreviations for hosts.
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.69 2001/04/15 08:43:47 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.70 2001/04/17 10:53:26 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
}
+ if (options.hostkeyalgorithms != NULL)
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
+ options.hostkeyalgorithms;
/* start key exchange */
kex = kex_setup(myproposal);