From 3a1638dda19bbc73d0ae02b4c251ce08e564b4b9 Mon Sep 17 00:00:00 2001 From: "markus@openbsd.org" Date: Fri, 10 Jul 2015 06:21:53 +0000 Subject: upstream commit Turn off DSA by default; add HostKeyAlgorithms to the server and PubkeyAcceptedKeyTypes to the client side, so it still can be tested or turned back on; feedback and ok djm@ Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21 --- clientloop.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'clientloop.c') diff --git a/clientloop.c b/clientloop.c index dc0e557a..87ceb3da 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.274 2015/07/01 02:26:31 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -100,6 +100,7 @@ #include "key.h" #include "cipher.h" #include "kex.h" +#include "myproposal.h" #include "log.h" #include "misc.h" #include "readconf.h" @@ -2362,10 +2363,11 @@ client_input_hostkeys(void) debug3("%s: received %s key %s", __func__, sshkey_type(key), fp); free(fp); + /* Check that the key is accepted in HostkeyAlgorithms */ - if (options.hostkeyalgorithms != NULL && - match_pattern_list(sshkey_ssh_name(key), - options.hostkeyalgorithms, 0) != 1) { + if (match_pattern_list(sshkey_ssh_name(key), + options.hostkeyalgorithms ? options.hostkeyalgorithms : + KEX_DEFAULT_PK_ALG, 0) != 1) { debug3("%s: %s key not permitted by HostkeyAlgorithms", __func__, sshkey_ssh_name(key)); continue; -- cgit v1.2.3