From e961a8f9344187f5fcf10cb4916d678e9d23722c Mon Sep 17 00:00:00 2001
From: mouring <mouring>
Date: Tue, 17 Apr 2001 18:11:36 +0000
Subject: [PATCH]    - markus@cvs.openbsd.org 2001/04/17 10:53:26      [key.c
 key.h readconf.c readconf.h ssh.1 sshconnect2.c]      add HostKeyAlgorithms;
 based on patch from res@shore.net; ok provos@

---
 ChangeLog     |  5 ++++-
 key.c         | 24 +++++++++++++++++++++++-
 key.h         |  3 ++-
 readconf.c    | 19 +++++++++++++++++--
 readconf.h    |  3 ++-
 ssh.1         |  7 ++++++-
 sshconnect2.c |  5 ++++-
 7 files changed, 58 insertions(+), 8 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 6f7e0b84..f526c7a4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,9 +9,12 @@
    - markus@cvs.openbsd.org 2001/04/17 08:14:01                          
      [sshconnect1.c]                                                     
      check for key!=NULL, thanks to costa  
-  - markus@cvs.openbsd.org 2001/04/17 09:52:48                          
+   - markus@cvs.openbsd.org 2001/04/17 09:52:48                          
      [clientloop.c]                                                      
      handle EINTR/EAGAIN on read; ok deraadt@
+   - markus@cvs.openbsd.org 2001/04/17 10:53:26                          
+     [key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]             
+     add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
 
 20010416
   - OpenBSD CVS Sync
diff --git a/key.c b/key.c
index fbd9f4ef..3b9f9f78 100644
--- a/key.c
+++ b/key.c
@@ -32,7 +32,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.24 2001/04/16 08:26:04 deraadt Exp $");
+RCSID("$OpenBSD: key.c,v 1.25 2001/04/17 10:53:24 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -629,6 +629,28 @@ key_type_from_name(char *name)
 	return KEY_UNSPEC;
 }
 
+int
+key_names_valid2(const char *names)
+{
+	char *s, *cp, *p;
+
+	if (names == NULL || strcmp(names, "") == 0)
+		return 0;
+	s = cp = xstrdup(names);
+	for ((p = strsep(&cp, ",")); p && *p != '\0';
+	     (p = strsep(&cp, ","))) {
+		switch (key_type_from_name(p)) {
+		case KEY_RSA1:
+		case KEY_UNSPEC:
+			xfree(s);
+			return 0;
+		}
+	}
+	debug3("key names ok: [%s]", names);
+	xfree(s);
+	return 1;
+}
+
 Key *
 key_from_blob(char *blob, int blen)
 {
diff --git a/key.h b/key.h
index 251c565a..cee31c30 100644
--- a/key.h
+++ b/key.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: key.h,v 1.11 2001/03/12 22:02:01 markus Exp $	*/
+/*	$OpenBSD: key.h,v 1.12 2001/04/17 10:53:24 markus Exp $	*/
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -67,6 +67,7 @@ int	key_type_from_name(char *name);
 Key	*key_from_blob(char *blob, int blen);
 int	key_to_blob(Key *key, u_char **blobp, u_int *lenp);
 char	*key_ssh_name(Key *k);
+int	key_names_valid2(const char *names);
 
 int
 key_sign(
diff --git a/readconf.c b/readconf.c
index a14d0a55..b30c61f2 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.75 2001/04/15 21:28:35 stevesk Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.76 2001/04/17 10:53:25 markus Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -110,7 +110,8 @@ typedef enum {
 	oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
 	oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
 	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
-	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication
+	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
+	oHostKeyAlgorithms
 } OpCodes;
 
 /* Textual representations of the tokens. */
@@ -175,6 +176,7 @@ static struct {
 	{ "loglevel", oLogLevel },
 	{ "dynamicforward", oDynamicForward },
 	{ "preferredauthentications", oPreferredAuthentications },
+	{ "hostkeyalgorithms", oHostKeyAlgorithms },
 	{ NULL, 0 }
 };
 
@@ -527,6 +529,17 @@ parse_int:
 			options->macs = xstrdup(arg);
 		break;
 
+	case oHostKeyAlgorithms:
+		arg = strdelim(&s);
+		if (!arg || *arg == '\0')
+			fatal("%.200s line %d: Missing argument.", filename, linenum);
+		if (!key_names_valid2(arg))
+			fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
+			      filename, linenum, arg ? arg : "<NONE>");
+		if (*activep && options->hostkeyalgorithms == NULL)
+			options->hostkeyalgorithms = xstrdup(arg);
+		break;
+
 	case oProtocol:
 		intptr = &options->protocol;
 		arg = strdelim(&s);
@@ -732,6 +745,7 @@ initialize_options(Options * options)
 	options->cipher = -1;
 	options->ciphers = NULL;
 	options->macs = NULL;
+	options->hostkeyalgorithms = NULL;
 	options->protocol = SSH_PROTO_UNKNOWN;
 	options->num_identity_files = 0;
 	options->hostname = NULL;
@@ -824,6 +838,7 @@ fill_default_options(Options * options)
 		options->cipher = SSH_CIPHER_NOT_SET;
 	/* options->ciphers, default set in myproposals.h */
 	/* options->macs, default set in myproposals.h */
+	/* options->hostkeyalgorithms, default set in myproposals.h */
 	if (options->protocol == SSH_PROTO_UNKNOWN)
 		options->protocol = SSH_PROTO_1|SSH_PROTO_2;
 	if (options->num_identity_files == 0) {
diff --git a/readconf.h b/readconf.h
index 680068b0..9e943f90 100644
--- a/readconf.h
+++ b/readconf.h
@@ -11,7 +11,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-/* RCSID("$OpenBSD: readconf.h,v 1.29 2001/04/12 19:15:25 markus Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.30 2001/04/17 10:53:25 markus Exp $"); */
 
 #ifndef READCONF_H
 #define READCONF_H
@@ -72,6 +72,7 @@ typedef struct {
 	int     cipher;		/* Cipher to use. */
 	char   *ciphers;	/* SSH2 ciphers in order of preference. */
 	char   *macs;		/* SSH2 macs in order of preference. */
+	char   *hostkeyalgorithms;	/* SSH2 server key types in order of preference. */
 	int	protocol;	/* Protocol in order of preference. */
 	char   *hostname;	/* Real host to connect. */
 	char   *host_key_alias;	/* hostname alias for .ssh/known_hosts */
diff --git a/ssh.1 b/ssh.1
index e775d0dc..9e0298bd 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.102 2001/04/10 09:13:22 itojun Exp $
+.\" $OpenBSD: ssh.1,v 1.103 2001/04/17 10:53:26 markus Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -776,6 +776,11 @@ real host name when looking up or saving the host key
 in the known_hosts files.
 This option is useful for tunneling ssh connections
 or if you have multiple servers running on a single host.
+.It Cm HostKeyAlgorithms
+Specfies the protocol version 2 host key algorithms
+that the client wants to use in order of preference.
+The default for this option is:
+.Dq ssh-rsa,ssh-dss
 .It Cm HostName
 Specifies the real host name to log into.
 This can be used to specify nicknames or abbreviations for hosts.
diff --git a/sshconnect2.c b/sshconnect2.c
index 4acdd017..baa4e702 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.69 2001/04/15 08:43:47 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.70 2001/04/17 10:53:26 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -111,6 +111,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 		myproposal[PROPOSAL_MAC_ALGS_CTOS] =
 		myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
 	}
+	if (options.hostkeyalgorithms != NULL)
+	        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
+		    options.hostkeyalgorithms;
 
 	/* start key exchange */
 	kex = kex_setup(myproposal);
-- 
2.45.1