diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2001-04-17 18:11:36 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-04-17 18:11:36 +0000 |
| commit | 982dbbcfda7ab9e56c4caccfba6f8920529421b7 (patch) | |
| tree | 1c7d3ed45ad2f89c2e0009a188b76e6171d593a2 | |
| parent | 4c8cff14ddac08f1bdb393d71d9e0907d9a9215e (diff) | |
- markus@cvs.openbsd.org 2001/04/17 10:53:26
[key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]
add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | key.c | 24 | ||||
| -rw-r--r-- | key.h | 3 | ||||
| -rw-r--r-- | readconf.c | 19 | ||||
| -rw-r--r-- | readconf.h | 3 | ||||
| -rw-r--r-- | ssh.1 | 7 | ||||
| -rw-r--r-- | sshconnect2.c | 5 |
7 files changed, 59 insertions, 9 deletions
@@ -9,9 +9,12 @@ - markus@cvs.openbsd.org 2001/04/17 08:14:01 [sshconnect1.c] check for key!=NULL, thanks to costa - - markus@cvs.openbsd.org 2001/04/17 09:52:48 + - markus@cvs.openbsd.org 2001/04/17 09:52:48 [clientloop.c] handle EINTR/EAGAIN on read; ok deraadt@ + - markus@cvs.openbsd.org 2001/04/17 10:53:26 + [key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c] + add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@ 20010416 - OpenBSD CVS Sync @@ -5137,4 +5140,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1133 2001/04/17 18:09:42 mouring Exp $ +$Id: ChangeLog,v 1.1134 2001/04/17 18:11:36 mouring Exp $ @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.24 2001/04/16 08:26:04 deraadt Exp $"); +RCSID("$OpenBSD: key.c,v 1.25 2001/04/17 10:53:24 markus Exp $"); #include <openssl/evp.h> @@ -629,6 +629,28 @@ key_type_from_name(char *name) return KEY_UNSPEC; } +int +key_names_valid2(const char *names) +{ + char *s, *cp, *p; + + if (names == NULL || strcmp(names, "") == 0) + return 0; + s = cp = xstrdup(names); + for ((p = strsep(&cp, ",")); p && *p != '\0'; + (p = strsep(&cp, ","))) { + switch (key_type_from_name(p)) { + case KEY_RSA1: + case KEY_UNSPEC: + xfree(s); + return 0; + } + } + debug3("key names ok: [%s]", names); + xfree(s); + return 1; +} + Key * key_from_blob(char *blob, int blen) { @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.11 2001/03/12 22:02:01 markus Exp $ */ +/* $OpenBSD: key.h,v 1.12 2001/04/17 10:53:24 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -67,6 +67,7 @@ int key_type_from_name(char *name); Key *key_from_blob(char *blob, int blen); int key_to_blob(Key *key, u_char **blobp, u_int *lenp); char *key_ssh_name(Key *k); +int key_names_valid2(const char *names); int key_sign( @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.75 2001/04/15 21:28:35 stevesk Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.76 2001/04/17 10:53:25 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -110,7 +110,8 @@ typedef enum { oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, - oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication + oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, + oHostKeyAlgorithms } OpCodes; /* Textual representations of the tokens. */ @@ -175,6 +176,7 @@ static struct { { "loglevel", oLogLevel }, { "dynamicforward", oDynamicForward }, { "preferredauthentications", oPreferredAuthentications }, + { "hostkeyalgorithms", oHostKeyAlgorithms }, { NULL, 0 } }; @@ -527,6 +529,17 @@ parse_int: options->macs = xstrdup(arg); break; + case oHostKeyAlgorithms: + arg = strdelim(&s); + if (!arg || *arg == '\0') + fatal("%.200s line %d: Missing argument.", filename, linenum); + if (!key_names_valid2(arg)) + fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.", + filename, linenum, arg ? arg : "<NONE>"); + if (*activep && options->hostkeyalgorithms == NULL) + options->hostkeyalgorithms = xstrdup(arg); + break; + case oProtocol: intptr = &options->protocol; arg = strdelim(&s); @@ -732,6 +745,7 @@ initialize_options(Options * options) options->cipher = -1; options->ciphers = NULL; options->macs = NULL; + options->hostkeyalgorithms = NULL; options->protocol = SSH_PROTO_UNKNOWN; options->num_identity_files = 0; options->hostname = NULL; @@ -824,6 +838,7 @@ fill_default_options(Options * options) options->cipher = SSH_CIPHER_NOT_SET; /* options->ciphers, default set in myproposals.h */ /* options->macs, default set in myproposals.h */ + /* options->hostkeyalgorithms, default set in myproposals.h */ if (options->protocol == SSH_PROTO_UNKNOWN) options->protocol = SSH_PROTO_1|SSH_PROTO_2; if (options->num_identity_files == 0) { @@ -11,7 +11,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* RCSID("$OpenBSD: readconf.h,v 1.29 2001/04/12 19:15:25 markus Exp $"); */ +/* RCSID("$OpenBSD: readconf.h,v 1.30 2001/04/17 10:53:25 markus Exp $"); */ #ifndef READCONF_H #define READCONF_H @@ -72,6 +72,7 @@ typedef struct { int cipher; /* Cipher to use. */ char *ciphers; /* SSH2 ciphers in order of preference. */ char *macs; /* SSH2 macs in order of preference. */ + char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */ int protocol; /* Protocol in order of preference. */ char *hostname; /* Real host to connect. */ char *host_key_alias; /* hostname alias for .ssh/known_hosts */ @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.102 2001/04/10 09:13:22 itojun Exp $ +.\" $OpenBSD: ssh.1,v 1.103 2001/04/17 10:53:26 markus Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -776,6 +776,11 @@ real host name when looking up or saving the host key in the known_hosts files. This option is useful for tunneling ssh connections or if you have multiple servers running on a single host. +.It Cm HostKeyAlgorithms +Specfies the protocol version 2 host key algorithms +that the client wants to use in order of preference. +The default for this option is: +.Dq ssh-rsa,ssh-dss .It Cm HostName Specifies the real host name to log into. This can be used to specify nicknames or abbreviations for hosts. diff --git a/sshconnect2.c b/sshconnect2.c index 4acdd017..baa4e702 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.69 2001/04/15 08:43:47 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.70 2001/04/17 10:53:26 markus Exp $"); #include <openssl/bn.h> #include <openssl/md5.h> @@ -111,6 +111,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; } + if (options.hostkeyalgorithms != NULL) + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = + options.hostkeyalgorithms; /* start key exchange */ kex = kex_setup(myproposal); |