summaryrefslogtreecommitdiff
path: root/debian/patches/gssapi.patch
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2020-06-07 10:19:24 +0100
committerColin Watson <cjwatson@debian.org>2020-06-07 11:03:12 +0100
commit30337f8b66c66af6b368d1e3c789e75f1247176c (patch)
tree17e0b8652fea31c04faa19ffc4cd088552ee473a /debian/patches/gssapi.patch
parentaef2be11c5ea90bc66e774923e6570213e54c195 (diff)
parent39b8d128ef980a410bb1ea0ee80e95ac9fff59c3 (diff)
New upstream release (8.3p1)
Also update GSSAPI key exchange patch from https://github.com/openssh-gsskex/openssh-gsskex.
Diffstat (limited to 'debian/patches/gssapi.patch')
-rw-r--r--debian/patches/gssapi.patch181
1 files changed, 100 insertions, 81 deletions
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
index 4bf1d3f73..685923e47 100644
--- a/debian/patches/gssapi.patch
+++ b/debian/patches/gssapi.patch
@@ -1,4 +1,4 @@
1From 34aff3aa136e5a65f441b25811dd466488fda087 Mon Sep 17 00:00:00 2001 1From 79f9d21b406c172878896ef41cdc2502fc2f84a7 Mon Sep 17 00:00:00 2001
2From: Simon Wilkinson <simon@sxw.org.uk> 2From: Simon Wilkinson <simon@sxw.org.uk>
3Date: Sun, 9 Feb 2014 16:09:48 +0000 3Date: Sun, 9 Feb 2014 16:09:48 +0000
4Subject: GSSAPI key exchange support 4Subject: GSSAPI key exchange support
@@ -16,9 +16,12 @@ have it merged into the main openssh package rather than having separate
16-krb5 packages (as we used to have). It seems to have a generally good 16-krb5 packages (as we used to have). It seems to have a generally good
17security history. 17security history.
18 18
19Author: Simon Wilkinson <simon@sxw.org.uk>
20Author: Colin Watson <cjwatson@debian.org>
21Author: Jakub Jelen <jjelen@redhat.com>
19Origin: other, https://github.com/openssh-gsskex/openssh-gsskex/commits/debian/master 22Origin: other, https://github.com/openssh-gsskex/openssh-gsskex/commits/debian/master
20Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 23Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
21Last-Updated: 2020-02-21 24Last-Updated: 2020-06-07
22 25
23Patch-Name: gssapi.patch 26Patch-Name: gssapi.patch
24--- 27---
@@ -49,23 +52,23 @@ Patch-Name: gssapi.patch
49 servconf.c | 47 ++++ 52 servconf.c | 47 ++++
50 servconf.h | 3 + 53 servconf.h | 3 +
51 session.c | 10 +- 54 session.c | 10 +-
52 ssh-gss.h | 50 +++- 55 ssh-gss.h | 54 ++++-
53 ssh.1 | 8 + 56 ssh.1 | 8 +
54 ssh.c | 6 +- 57 ssh.c | 6 +-
55 ssh_config | 2 + 58 ssh_config | 2 +
56 ssh_config.5 | 57 +++++ 59 ssh_config.5 | 57 +++++
57 sshconnect2.c | 142 +++++++++++- 60 sshconnect2.c | 154 +++++++++++-
58 sshd.c | 62 ++++- 61 sshd.c | 62 ++++-
59 sshd_config | 2 + 62 sshd_config | 2 +
60 sshd_config.5 | 30 +++ 63 sshd_config.5 | 30 +++
61 sshkey.c | 3 +- 64 sshkey.c | 3 +-
62 sshkey.h | 1 + 65 sshkey.h | 1 +
63 38 files changed, 2624 insertions(+), 160 deletions(-) 66 38 files changed, 2640 insertions(+), 160 deletions(-)
64 create mode 100644 kexgssc.c 67 create mode 100644 kexgssc.c
65 create mode 100644 kexgsss.c 68 create mode 100644 kexgsss.c
66 69
67diff --git a/Makefile.in b/Makefile.in 70diff --git a/Makefile.in b/Makefile.in
68index e7549470c..b68c1710f 100644 71index c9e4294d3..bf1e1de47 100644
69--- a/Makefile.in 72--- a/Makefile.in
70+++ b/Makefile.in 73+++ b/Makefile.in
71@@ -109,6 +109,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ 74@@ -109,6 +109,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
@@ -336,7 +339,7 @@ index 9351e0428..d6446c0cf 100644
336 "gssapi-with-mic", 339 "gssapi-with-mic",
337 userauth_gssapi, 340 userauth_gssapi,
338diff --git a/auth2.c b/auth2.c 341diff --git a/auth2.c b/auth2.c
339index 0e7762242..1c217268c 100644 342index 91aaf34a6..a4a5e0069 100644
340--- a/auth2.c 343--- a/auth2.c
341+++ b/auth2.c 344+++ b/auth2.c
342@@ -73,6 +73,7 @@ extern Authmethod method_passwd; 345@@ -73,6 +73,7 @@ extern Authmethod method_passwd;
@@ -474,7 +477,7 @@ index 26d62855a..0cadc9f18 100644
474 int get_peer_port(int); 477 int get_peer_port(int);
475 char *get_local_ipaddr(int); 478 char *get_local_ipaddr(int);
476diff --git a/clientloop.c b/clientloop.c 479diff --git a/clientloop.c b/clientloop.c
477index ebd0dbca1..1bdac6a46 100644 480index da396c72a..42ace7789 100644
478--- a/clientloop.c 481--- a/clientloop.c
479+++ b/clientloop.c 482+++ b/clientloop.c
480@@ -112,6 +112,10 @@ 483@@ -112,6 +112,10 @@
@@ -488,7 +491,7 @@ index ebd0dbca1..1bdac6a46 100644
488 /* import options */ 491 /* import options */
489 extern Options options; 492 extern Options options;
490 493
491@@ -1379,9 +1383,18 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, 494@@ -1361,9 +1365,18 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
492 break; 495 break;
493 496
494 /* Do channel operations unless rekeying in progress. */ 497 /* Do channel operations unless rekeying in progress. */
@@ -509,10 +512,10 @@ index ebd0dbca1..1bdac6a46 100644
509 client_process_net_input(ssh, readset); 512 client_process_net_input(ssh, readset);
510 513
511diff --git a/configure.ac b/configure.ac 514diff --git a/configure.ac b/configure.ac
512index b689db4b5..efafb6bd8 100644 515index 460383757..d98e6f74a 100644
513--- a/configure.ac 516--- a/configure.ac
514+++ b/configure.ac 517+++ b/configure.ac
515@@ -674,6 +674,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 518@@ -676,6 +676,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
516 [Use tunnel device compatibility to OpenBSD]) 519 [Use tunnel device compatibility to OpenBSD])
517 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 520 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
518 [Prepend the address family to IP tunnel traffic]) 521 [Prepend the address family to IP tunnel traffic])
@@ -1053,11 +1056,11 @@ index a151bc1e4..ef9beb67c 100644
1053 1056
1054 #endif /* KRB5 */ 1057 #endif /* KRB5 */
1055diff --git a/gss-serv.c b/gss-serv.c 1058diff --git a/gss-serv.c b/gss-serv.c
1056index ab3a15f0f..1d47870e7 100644 1059index b5d4bb2d1..55f4d4bda 100644
1057--- a/gss-serv.c 1060--- a/gss-serv.c
1058+++ b/gss-serv.c 1061+++ b/gss-serv.c
1059@@ -1,7 +1,7 @@ 1062@@ -1,7 +1,7 @@
1060 /* $OpenBSD: gss-serv.c,v 1.31 2018/07/09 21:37:55 markus Exp $ */ 1063 /* $OpenBSD: gss-serv.c,v 1.32 2020/03/13 03:17:07 djm Exp $ */
1061 1064
1062 /* 1065 /*
1063- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. 1066- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -1327,7 +1330,7 @@ index ab3a15f0f..1d47870e7 100644
1327 1330
1328 /* Privileged */ 1331 /* Privileged */
1329diff --git a/kex.c b/kex.c 1332diff --git a/kex.c b/kex.c
1330index ce85f0439..574c76093 100644 1333index 09c7258e0..144dee512 100644
1331--- a/kex.c 1334--- a/kex.c
1332+++ b/kex.c 1335+++ b/kex.c
1333@@ -57,11 +57,16 @@ 1336@@ -57,11 +57,16 @@
@@ -1439,7 +1442,7 @@ index ce85f0439..574c76093 100644
1439 /* put algorithm proposal into buffer */ 1442 /* put algorithm proposal into buffer */
1440 int 1443 int
1441 kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX]) 1444 kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX])
1442@@ -698,6 +755,9 @@ kex_free(struct kex *kex) 1445@@ -697,6 +754,9 @@ kex_free(struct kex *kex)
1443 sshbuf_free(kex->server_version); 1446 sshbuf_free(kex->server_version);
1444 sshbuf_free(kex->client_pub); 1447 sshbuf_free(kex->client_pub);
1445 free(kex->session_id); 1448 free(kex->session_id);
@@ -2653,7 +2656,7 @@ index 000000000..60bc02deb
2653+} 2656+}
2654+#endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */ 2657+#endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */
2655diff --git a/monitor.c b/monitor.c 2658diff --git a/monitor.c b/monitor.c
2656index 2ce89fe90..ebf76c7f9 100644 2659index b6e855d5d..5347e900d 100644
2657--- a/monitor.c 2660--- a/monitor.c
2658+++ b/monitor.c 2661+++ b/monitor.c
2659@@ -148,6 +148,8 @@ int mm_answer_gss_setup_ctx(struct ssh *, int, struct sshbuf *); 2662@@ -148,6 +148,8 @@ int mm_answer_gss_setup_ctx(struct ssh *, int, struct sshbuf *);
@@ -2706,7 +2709,7 @@ index 2ce89fe90..ebf76c7f9 100644
2706 2709
2707 if (auth_opts->permit_pty_flag) { 2710 if (auth_opts->permit_pty_flag) {
2708 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); 2711 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
2709@@ -1713,6 +1730,17 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) 2712@@ -1712,6 +1729,17 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor)
2710 # ifdef OPENSSL_HAS_ECC 2713 # ifdef OPENSSL_HAS_ECC
2711 kex->kex[KEX_ECDH_SHA2] = kex_gen_server; 2714 kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
2712 # endif 2715 # endif
@@ -2724,7 +2727,7 @@ index 2ce89fe90..ebf76c7f9 100644
2724 #endif /* WITH_OPENSSL */ 2727 #endif /* WITH_OPENSSL */
2725 kex->kex[KEX_C25519_SHA256] = kex_gen_server; 2728 kex->kex[KEX_C25519_SHA256] = kex_gen_server;
2726 kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server; 2729 kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server;
2727@@ -1806,8 +1834,8 @@ mm_answer_gss_setup_ctx(struct ssh *ssh, int sock, struct sshbuf *m) 2730@@ -1805,8 +1833,8 @@ mm_answer_gss_setup_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
2728 u_char *p; 2731 u_char *p;
2729 int r; 2732 int r;
2730 2733
@@ -2735,7 +2738,7 @@ index 2ce89fe90..ebf76c7f9 100644
2735 2738
2736 if ((r = sshbuf_get_string(m, &p, &len)) != 0) 2739 if ((r = sshbuf_get_string(m, &p, &len)) != 0)
2737 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 2740 fatal("%s: buffer error: %s", __func__, ssh_err(r));
2738@@ -1839,8 +1867,8 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m) 2741@@ -1838,8 +1866,8 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
2739 OM_uint32 flags = 0; /* GSI needs this */ 2742 OM_uint32 flags = 0; /* GSI needs this */
2740 int r; 2743 int r;
2741 2744
@@ -2746,7 +2749,7 @@ index 2ce89fe90..ebf76c7f9 100644
2746 2749
2747 if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0) 2750 if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0)
2748 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 2751 fatal("%s: buffer error: %s", __func__, ssh_err(r));
2749@@ -1860,6 +1888,7 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m) 2752@@ -1859,6 +1887,7 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
2750 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); 2753 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
2751 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); 2754 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
2752 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); 2755 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -2754,7 +2757,7 @@ index 2ce89fe90..ebf76c7f9 100644
2754 } 2757 }
2755 return (0); 2758 return (0);
2756 } 2759 }
2757@@ -1871,8 +1900,8 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m) 2760@@ -1870,8 +1899,8 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m)
2758 OM_uint32 ret; 2761 OM_uint32 ret;
2759 int r; 2762 int r;
2760 2763
@@ -2765,7 +2768,7 @@ index 2ce89fe90..ebf76c7f9 100644
2765 2768
2766 if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 || 2769 if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 ||
2767 (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0) 2770 (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0)
2768@@ -1898,13 +1927,17 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m) 2771@@ -1897,13 +1926,17 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m)
2769 int 2772 int
2770 mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) 2773 mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m)
2771 { 2774 {
@@ -2787,7 +2790,7 @@ index 2ce89fe90..ebf76c7f9 100644
2787 2790
2788 sshbuf_reset(m); 2791 sshbuf_reset(m);
2789 if ((r = sshbuf_put_u32(m, authenticated)) != 0) 2792 if ((r = sshbuf_put_u32(m, authenticated)) != 0)
2790@@ -1913,7 +1946,11 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) 2793@@ -1912,7 +1945,11 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m)
2791 debug3("%s: sending result %d", __func__, authenticated); 2794 debug3("%s: sending result %d", __func__, authenticated);
2792 mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); 2795 mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);
2793 2796
@@ -2800,7 +2803,7 @@ index 2ce89fe90..ebf76c7f9 100644
2800 2803
2801 if ((displayname = ssh_gssapi_displayname()) != NULL) 2804 if ((displayname = ssh_gssapi_displayname()) != NULL)
2802 auth2_record_info(authctxt, "%s", displayname); 2805 auth2_record_info(authctxt, "%s", displayname);
2803@@ -1921,5 +1958,85 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) 2806@@ -1920,5 +1957,85 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m)
2804 /* Monitor loop will terminate if authenticated */ 2807 /* Monitor loop will terminate if authenticated */
2805 return (authenticated); 2808 return (authenticated);
2806 } 2809 }
@@ -2995,7 +2998,7 @@ index 23ab096aa..485590c18 100644
2995 2998
2996 #ifdef USE_PAM 2999 #ifdef USE_PAM
2997diff --git a/readconf.c b/readconf.c 3000diff --git a/readconf.c b/readconf.c
2998index f3cac6b3a..da8022dd0 100644 3001index 2afcbaeca..fb585e248 100644
2999--- a/readconf.c 3002--- a/readconf.c
3000+++ b/readconf.c 3003+++ b/readconf.c
3001@@ -67,6 +67,7 @@ 3004@@ -67,6 +67,7 @@
@@ -3038,7 +3041,7 @@ index f3cac6b3a..da8022dd0 100644
3038 #endif 3041 #endif
3039 #ifdef ENABLE_PKCS11 3042 #ifdef ENABLE_PKCS11
3040 { "pkcs11provider", oPKCS11Provider }, 3043 { "pkcs11provider", oPKCS11Provider },
3041@@ -1029,10 +1044,42 @@ parse_time: 3044@@ -1053,10 +1068,42 @@ parse_time:
3042 intptr = &options->gss_authentication; 3045 intptr = &options->gss_authentication;
3043 goto parse_flag; 3046 goto parse_flag;
3044 3047
@@ -3081,7 +3084,7 @@ index f3cac6b3a..da8022dd0 100644
3081 case oBatchMode: 3084 case oBatchMode:
3082 intptr = &options->batch_mode; 3085 intptr = &options->batch_mode;
3083 goto parse_flag; 3086 goto parse_flag;
3084@@ -1911,7 +1958,13 @@ initialize_options(Options * options) 3087@@ -1935,7 +1982,13 @@ initialize_options(Options * options)
3085 options->pubkey_authentication = -1; 3088 options->pubkey_authentication = -1;
3086 options->challenge_response_authentication = -1; 3089 options->challenge_response_authentication = -1;
3087 options->gss_authentication = -1; 3090 options->gss_authentication = -1;
@@ -3095,7 +3098,7 @@ index f3cac6b3a..da8022dd0 100644
3095 options->password_authentication = -1; 3098 options->password_authentication = -1;
3096 options->kbd_interactive_authentication = -1; 3099 options->kbd_interactive_authentication = -1;
3097 options->kbd_interactive_devices = NULL; 3100 options->kbd_interactive_devices = NULL;
3098@@ -2059,8 +2112,18 @@ fill_default_options(Options * options) 3101@@ -2083,8 +2136,18 @@ fill_default_options(Options * options)
3099 options->challenge_response_authentication = 1; 3102 options->challenge_response_authentication = 1;
3100 if (options->gss_authentication == -1) 3103 if (options->gss_authentication == -1)
3101 options->gss_authentication = 0; 3104 options->gss_authentication = 0;
@@ -3114,7 +3117,7 @@ index f3cac6b3a..da8022dd0 100644
3114 if (options->password_authentication == -1) 3117 if (options->password_authentication == -1)
3115 options->password_authentication = 1; 3118 options->password_authentication = 1;
3116 if (options->kbd_interactive_authentication == -1) 3119 if (options->kbd_interactive_authentication == -1)
3117@@ -2702,7 +2765,14 @@ dump_client_config(Options *o, const char *host) 3120@@ -2726,7 +2789,14 @@ dump_client_config(Options *o, const char *host)
3118 dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports); 3121 dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports);
3119 #ifdef GSSAPI 3122 #ifdef GSSAPI
3120 dump_cfg_fmtint(oGssAuthentication, o->gss_authentication); 3123 dump_cfg_fmtint(oGssAuthentication, o->gss_authentication);
@@ -3130,7 +3133,7 @@ index f3cac6b3a..da8022dd0 100644
3130 dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts); 3133 dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts);
3131 dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication); 3134 dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication);
3132diff --git a/readconf.h b/readconf.h 3135diff --git a/readconf.h b/readconf.h
3133index feedb3d20..a8a8870d7 100644 3136index e143a1082..c405b837f 100644
3134--- a/readconf.h 3137--- a/readconf.h
3135+++ b/readconf.h 3138+++ b/readconf.h
3136@@ -41,7 +41,13 @@ typedef struct { 3139@@ -41,7 +41,13 @@ typedef struct {
@@ -3148,7 +3151,7 @@ index feedb3d20..a8a8870d7 100644
3148 * authentication. */ 3151 * authentication. */
3149 int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ 3152 int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
3150diff --git a/servconf.c b/servconf.c 3153diff --git a/servconf.c b/servconf.c
3151index 70f5f73f0..191575a16 100644 3154index ba0a92c7b..f38ba9e44 100644
3152--- a/servconf.c 3155--- a/servconf.c
3153+++ b/servconf.c 3156+++ b/servconf.c
3154@@ -69,6 +69,7 @@ 3157@@ -69,6 +69,7 @@
@@ -3221,7 +3224,7 @@ index 70f5f73f0..191575a16 100644
3221 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 3224 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
3222 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 3225 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
3223 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 3226 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
3224@@ -1548,6 +1571,10 @@ process_server_config_line_depth(ServerOptions *options, char *line, 3227@@ -1555,6 +1578,10 @@ process_server_config_line_depth(ServerOptions *options, char *line,
3225 intptr = &options->gss_authentication; 3228 intptr = &options->gss_authentication;
3226 goto parse_flag; 3229 goto parse_flag;
3227 3230
@@ -3232,7 +3235,7 @@ index 70f5f73f0..191575a16 100644
3232 case sGssCleanupCreds: 3235 case sGssCleanupCreds:
3233 intptr = &options->gss_cleanup_creds; 3236 intptr = &options->gss_cleanup_creds;
3234 goto parse_flag; 3237 goto parse_flag;
3235@@ -1556,6 +1583,22 @@ process_server_config_line_depth(ServerOptions *options, char *line, 3238@@ -1563,6 +1590,22 @@ process_server_config_line_depth(ServerOptions *options, char *line,
3236 intptr = &options->gss_strict_acceptor; 3239 intptr = &options->gss_strict_acceptor;
3237 goto parse_flag; 3240 goto parse_flag;
3238 3241
@@ -3255,7 +3258,7 @@ index 70f5f73f0..191575a16 100644
3255 case sPasswordAuthentication: 3258 case sPasswordAuthentication:
3256 intptr = &options->password_authentication; 3259 intptr = &options->password_authentication;
3257 goto parse_flag; 3260 goto parse_flag;
3258@@ -2777,6 +2820,10 @@ dump_config(ServerOptions *o) 3261@@ -2791,6 +2834,10 @@ dump_config(ServerOptions *o)
3259 #ifdef GSSAPI 3262 #ifdef GSSAPI
3260 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 3263 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
3261 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 3264 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
@@ -3267,10 +3270,10 @@ index 70f5f73f0..191575a16 100644
3267 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 3270 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
3268 dump_cfg_fmtint(sKbdInteractiveAuthentication, 3271 dump_cfg_fmtint(sKbdInteractiveAuthentication,
3269diff --git a/servconf.h b/servconf.h 3272diff --git a/servconf.h b/servconf.h
3270index 4202a2d02..3f47ea25e 100644 3273index a420f398d..253cad97e 100644
3271--- a/servconf.h 3274--- a/servconf.h
3272+++ b/servconf.h 3275+++ b/servconf.h
3273@@ -132,8 +132,11 @@ typedef struct { 3276@@ -137,8 +137,11 @@ typedef struct {
3274 int kerberos_get_afs_token; /* If true, try to get AFS token if 3277 int kerberos_get_afs_token; /* If true, try to get AFS token if
3275 * authenticated with Kerberos. */ 3278 * authenticated with Kerberos. */
3276 int gss_authentication; /* If true, permit GSSAPI authentication */ 3279 int gss_authentication; /* If true, permit GSSAPI authentication */
@@ -3283,7 +3286,7 @@ index 4202a2d02..3f47ea25e 100644
3283 * authentication. */ 3286 * authentication. */
3284 int kbd_interactive_authentication; /* If true, permit */ 3287 int kbd_interactive_authentication; /* If true, permit */
3285diff --git a/session.c b/session.c 3288diff --git a/session.c b/session.c
3286index 8c0e54f79..06a33442a 100644 3289index 18cdfa8cf..f9c2c866e 100644
3287--- a/session.c 3290--- a/session.c
3288+++ b/session.c 3291+++ b/session.c
3289@@ -2678,13 +2678,19 @@ do_cleanup(struct ssh *ssh, Authctxt *authctxt) 3292@@ -2678,13 +2678,19 @@ do_cleanup(struct ssh *ssh, Authctxt *authctxt)
@@ -3309,7 +3312,7 @@ index 8c0e54f79..06a33442a 100644
3309 3312
3310 /* remove agent socket */ 3313 /* remove agent socket */
3311diff --git a/ssh-gss.h b/ssh-gss.h 3314diff --git a/ssh-gss.h b/ssh-gss.h
3312index 36180d07a..70dd36658 100644 3315index 36180d07a..50d80bbca 100644
3313--- a/ssh-gss.h 3316--- a/ssh-gss.h
3314+++ b/ssh-gss.h 3317+++ b/ssh-gss.h
3315@@ -1,6 +1,6 @@ 3318@@ -1,6 +1,6 @@
@@ -3320,7 +3323,7 @@ index 36180d07a..70dd36658 100644
3320 * 3323 *
3321 * Redistribution and use in source and binary forms, with or without 3324 * Redistribution and use in source and binary forms, with or without
3322 * modification, are permitted provided that the following conditions 3325 * modification, are permitted provided that the following conditions
3323@@ -61,10 +61,30 @@ 3326@@ -61,10 +61,34 @@
3324 3327
3325 #define SSH_GSS_OIDTYPE 0x06 3328 #define SSH_GSS_OIDTYPE 0x06
3326 3329
@@ -3340,8 +3343,12 @@ index 36180d07a..70dd36658 100644
3340+#define KEX_GSS_C25519_SHA256_ID "gss-curve25519-sha256-" 3343+#define KEX_GSS_C25519_SHA256_ID "gss-curve25519-sha256-"
3341+ 3344+
3342+#define GSS_KEX_DEFAULT_KEX \ 3345+#define GSS_KEX_DEFAULT_KEX \
3343+ KEX_GSS_GEX_SHA1_ID "," \ 3346+ KEX_GSS_GRP14_SHA256_ID "," \
3344+ KEX_GSS_GRP14_SHA1_ID 3347+ KEX_GSS_GRP16_SHA512_ID "," \
3348+ KEX_GSS_NISTP256_SHA256_ID "," \
3349+ KEX_GSS_C25519_SHA256_ID "," \
3350+ KEX_GSS_GRP14_SHA1_ID "," \
3351+ KEX_GSS_GEX_SHA1_ID
3345+ 3352+
3346 typedef struct { 3353 typedef struct {
3347 char *filename; 3354 char *filename;
@@ -3351,7 +3358,7 @@ index 36180d07a..70dd36658 100644
3351 void *data; 3358 void *data;
3352 } ssh_gssapi_ccache; 3359 } ssh_gssapi_ccache;
3353 3360
3354@@ -72,8 +92,11 @@ typedef struct { 3361@@ -72,8 +96,11 @@ typedef struct {
3355 gss_buffer_desc displayname; 3362 gss_buffer_desc displayname;
3356 gss_buffer_desc exportedname; 3363 gss_buffer_desc exportedname;
3357 gss_cred_id_t creds; 3364 gss_cred_id_t creds;
@@ -3363,7 +3370,7 @@ index 36180d07a..70dd36658 100644
3363 } ssh_gssapi_client; 3370 } ssh_gssapi_client;
3364 3371
3365 typedef struct ssh_gssapi_mech_struct { 3372 typedef struct ssh_gssapi_mech_struct {
3366@@ -84,6 +107,7 @@ typedef struct ssh_gssapi_mech_struct { 3373@@ -84,6 +111,7 @@ typedef struct ssh_gssapi_mech_struct {
3367 int (*userok) (ssh_gssapi_client *, char *); 3374 int (*userok) (ssh_gssapi_client *, char *);
3368 int (*localname) (ssh_gssapi_client *, char **); 3375 int (*localname) (ssh_gssapi_client *, char **);
3369 void (*storecreds) (ssh_gssapi_client *); 3376 void (*storecreds) (ssh_gssapi_client *);
@@ -3371,7 +3378,7 @@ index 36180d07a..70dd36658 100644
3371 } ssh_gssapi_mech; 3378 } ssh_gssapi_mech;
3372 3379
3373 typedef struct { 3380 typedef struct {
3374@@ -94,10 +118,11 @@ typedef struct { 3381@@ -94,10 +122,11 @@ typedef struct {
3375 gss_OID oid; /* client */ 3382 gss_OID oid; /* client */
3376 gss_cred_id_t creds; /* server */ 3383 gss_cred_id_t creds; /* server */
3377 gss_name_t client; /* server */ 3384 gss_name_t client; /* server */
@@ -3384,7 +3391,7 @@ index 36180d07a..70dd36658 100644
3384 3391
3385 int ssh_gssapi_check_oid(Gssctxt *, void *, size_t); 3392 int ssh_gssapi_check_oid(Gssctxt *, void *, size_t);
3386 void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t); 3393 void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t);
3387@@ -109,6 +134,7 @@ OM_uint32 ssh_gssapi_test_oid_supported(OM_uint32 *, gss_OID, int *); 3394@@ -109,6 +138,7 @@ OM_uint32 ssh_gssapi_test_oid_supported(OM_uint32 *, gss_OID, int *);
3388 3395
3389 struct sshbuf; 3396 struct sshbuf;
3390 int ssh_gssapi_get_buffer_desc(struct sshbuf *, gss_buffer_desc *); 3397 int ssh_gssapi_get_buffer_desc(struct sshbuf *, gss_buffer_desc *);
@@ -3392,7 +3399,7 @@ index 36180d07a..70dd36658 100644
3392 3399
3393 OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *); 3400 OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *);
3394 OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int, 3401 OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int,
3395@@ -123,17 +149,33 @@ void ssh_gssapi_delete_ctx(Gssctxt **); 3402@@ -123,17 +153,33 @@ void ssh_gssapi_delete_ctx(Gssctxt **);
3396 OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); 3403 OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
3397 void ssh_gssapi_buildmic(struct sshbuf *, const char *, 3404 void ssh_gssapi_buildmic(struct sshbuf *, const char *,
3398 const char *, const char *); 3405 const char *, const char *);
@@ -3429,10 +3436,10 @@ index 36180d07a..70dd36658 100644
3429 3436
3430 #endif /* _SSH_GSS_H */ 3437 #endif /* _SSH_GSS_H */
3431diff --git a/ssh.1 b/ssh.1 3438diff --git a/ssh.1 b/ssh.1
3432index 60de6087a..db5c65bc7 100644 3439index dce5f404b..7a3ba31ab 100644
3433--- a/ssh.1 3440--- a/ssh.1
3434+++ b/ssh.1 3441+++ b/ssh.1
3435@@ -503,7 +503,13 @@ For full details of the options listed below, and their possible values, see 3442@@ -506,7 +506,13 @@ For full details of the options listed below, and their possible values, see
3436 .It GatewayPorts 3443 .It GatewayPorts
3437 .It GlobalKnownHostsFile 3444 .It GlobalKnownHostsFile
3438 .It GSSAPIAuthentication 3445 .It GSSAPIAuthentication
@@ -3446,7 +3453,7 @@ index 60de6087a..db5c65bc7 100644
3446 .It HashKnownHosts 3453 .It HashKnownHosts
3447 .It Host 3454 .It Host
3448 .It HostbasedAuthentication 3455 .It HostbasedAuthentication
3449@@ -579,6 +585,8 @@ flag), 3456@@ -582,6 +588,8 @@ flag),
3450 (supported message integrity codes), 3457 (supported message integrity codes),
3451 .Ar kex 3458 .Ar kex
3452 (key exchange algorithms), 3459 (key exchange algorithms),
@@ -3456,10 +3463,10 @@ index 60de6087a..db5c65bc7 100644
3456 (key types), 3463 (key types),
3457 .Ar key-cert 3464 .Ar key-cert
3458diff --git a/ssh.c b/ssh.c 3465diff --git a/ssh.c b/ssh.c
3459index 15aee569e..110cf9c19 100644 3466index 98b6ce788..4a81ef810 100644
3460--- a/ssh.c 3467--- a/ssh.c
3461+++ b/ssh.c 3468+++ b/ssh.c
3462@@ -747,6 +747,8 @@ main(int ac, char **av) 3469@@ -773,6 +773,8 @@ main(int ac, char **av)
3463 else if (strcmp(optarg, "kex") == 0 || 3470 else if (strcmp(optarg, "kex") == 0 ||
3464 strcasecmp(optarg, "KexAlgorithms") == 0) 3471 strcasecmp(optarg, "KexAlgorithms") == 0)
3465 cp = kex_alg_list('\n'); 3472 cp = kex_alg_list('\n');
@@ -3468,7 +3475,7 @@ index 15aee569e..110cf9c19 100644
3468 else if (strcmp(optarg, "key") == 0) 3475 else if (strcmp(optarg, "key") == 0)
3469 cp = sshkey_alg_list(0, 0, 0, '\n'); 3476 cp = sshkey_alg_list(0, 0, 0, '\n');
3470 else if (strcmp(optarg, "key-cert") == 0) 3477 else if (strcmp(optarg, "key-cert") == 0)
3471@@ -772,8 +774,8 @@ main(int ac, char **av) 3478@@ -798,8 +800,8 @@ main(int ac, char **av)
3472 } else if (strcmp(optarg, "help") == 0) { 3479 } else if (strcmp(optarg, "help") == 0) {
3473 cp = xstrdup( 3480 cp = xstrdup(
3474 "cipher\ncipher-auth\ncompression\nkex\n" 3481 "cipher\ncipher-auth\ncompression\nkex\n"
@@ -3493,7 +3500,7 @@ index 5e8ef548b..1ff999b68 100644
3493 # CheckHostIP yes 3500 # CheckHostIP yes
3494 # AddressFamily any 3501 # AddressFamily any
3495diff --git a/ssh_config.5 b/ssh_config.5 3502diff --git a/ssh_config.5 b/ssh_config.5
3496index 06a32d314..3f4906972 100644 3503index dc010ccbd..e2a2359f9 100644
3497--- a/ssh_config.5 3504--- a/ssh_config.5
3498+++ b/ssh_config.5 3505+++ b/ssh_config.5
3499@@ -766,10 +766,67 @@ The default is 3506@@ -766,10 +766,67 @@ The default is
@@ -3559,13 +3566,13 @@ index 06a32d314..3f4906972 100644
3559+.Ed 3566+.Ed
3560+.Pp 3567+.Pp
3561+The default is 3568+The default is
3562+.Dq gss-gex-sha1-,gss-group14-sha1- . 3569+.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-gex-sha1-,gss-group14-sha1- .
3563+This option only applies to protocol version 2 connections using GSSAPI. 3570+This option only applies to connections using GSSAPI.
3564 .It Cm HashKnownHosts 3571 .It Cm HashKnownHosts
3565 Indicates that 3572 Indicates that
3566 .Xr ssh 1 3573 .Xr ssh 1
3567diff --git a/sshconnect2.c b/sshconnect2.c 3574diff --git a/sshconnect2.c b/sshconnect2.c
3568index af00fb30c..03bc87eb4 100644 3575index 1a6545edf..79a22e600 100644
3569--- a/sshconnect2.c 3576--- a/sshconnect2.c
3570+++ b/sshconnect2.c 3577+++ b/sshconnect2.c
3571@@ -80,8 +80,6 @@ 3578@@ -80,8 +80,6 @@
@@ -3589,7 +3596,7 @@ index af00fb30c..03bc87eb4 100644
3589 xxx_host = host; 3596 xxx_host = host;
3590 xxx_hostaddr = hostaddr; 3597 xxx_hostaddr = hostaddr;
3591 3598
3592@@ -206,6 +209,35 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) 3599@@ -206,6 +209,41 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
3593 compat_pkalg_proposal(options.hostkeyalgorithms); 3600 compat_pkalg_proposal(options.hostkeyalgorithms);
3594 } 3601 }
3595 3602
@@ -3599,12 +3606,18 @@ index af00fb30c..03bc87eb4 100644
3599+ * client to the key exchange algorithm proposal */ 3606+ * client to the key exchange algorithm proposal */
3600+ orig = myproposal[PROPOSAL_KEX_ALGS]; 3607+ orig = myproposal[PROPOSAL_KEX_ALGS];
3601+ 3608+
3602+ if (options.gss_server_identity) 3609+ if (options.gss_server_identity) {
3603+ gss_host = xstrdup(options.gss_server_identity); 3610+ gss_host = xstrdup(options.gss_server_identity);
3604+ else if (options.gss_trust_dns) 3611+ } else if (options.gss_trust_dns) {
3605+ gss_host = remote_hostname(ssh); 3612+ gss_host = remote_hostname(ssh);
3606+ else 3613+ /* Fall back to specified host if we are using proxy command
3614+ * and can not use DNS on that socket */
3615+ if (strcmp(gss_host, "UNKNOWN") == 0) {
3616+ gss_host = xstrdup(host);
3617+ }
3618+ } else {
3607+ gss_host = xstrdup(host); 3619+ gss_host = xstrdup(host);
3620+ }
3608+ 3621+
3609+ gss = ssh_gssapi_client_mechanisms(gss_host, 3622+ gss = ssh_gssapi_client_mechanisms(gss_host,
3610+ options.gss_client_identity, options.gss_kex_algorithms); 3623+ options.gss_client_identity, options.gss_kex_algorithms);
@@ -3625,7 +3638,7 @@ index af00fb30c..03bc87eb4 100644
3625 if (options.rekey_limit || options.rekey_interval) 3638 if (options.rekey_limit || options.rekey_interval)
3626 ssh_packet_set_rekey_limits(ssh, options.rekey_limit, 3639 ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
3627 options.rekey_interval); 3640 options.rekey_interval);
3628@@ -224,16 +256,46 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) 3641@@ -224,16 +262,46 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
3629 # ifdef OPENSSL_HAS_ECC 3642 # ifdef OPENSSL_HAS_ECC
3630 ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client; 3643 ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;
3631 # endif 3644 # endif
@@ -3673,7 +3686,7 @@ index af00fb30c..03bc87eb4 100644
3673 if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0) 3686 if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
3674 fatal("kex_prop2buf: %s", ssh_err(r)); 3687 fatal("kex_prop2buf: %s", ssh_err(r));
3675 3688
3676@@ -330,6 +392,7 @@ static int input_gssapi_response(int type, u_int32_t, struct ssh *); 3689@@ -330,6 +398,7 @@ static int input_gssapi_response(int type, u_int32_t, struct ssh *);
3677 static int input_gssapi_token(int type, u_int32_t, struct ssh *); 3690 static int input_gssapi_token(int type, u_int32_t, struct ssh *);
3678 static int input_gssapi_error(int, u_int32_t, struct ssh *); 3691 static int input_gssapi_error(int, u_int32_t, struct ssh *);
3679 static int input_gssapi_errtok(int, u_int32_t, struct ssh *); 3692 static int input_gssapi_errtok(int, u_int32_t, struct ssh *);
@@ -3681,7 +3694,7 @@ index af00fb30c..03bc87eb4 100644
3681 #endif 3694 #endif
3682 3695
3683 void userauth(struct ssh *, char *); 3696 void userauth(struct ssh *, char *);
3684@@ -346,6 +409,11 @@ static char *authmethods_get(void); 3697@@ -346,6 +415,11 @@ static char *authmethods_get(void);
3685 3698
3686 Authmethod authmethods[] = { 3699 Authmethod authmethods[] = {
3687 #ifdef GSSAPI 3700 #ifdef GSSAPI
@@ -3693,18 +3706,24 @@ index af00fb30c..03bc87eb4 100644
3693 {"gssapi-with-mic", 3706 {"gssapi-with-mic",
3694 userauth_gssapi, 3707 userauth_gssapi,
3695 userauth_gssapi_cleanup, 3708 userauth_gssapi_cleanup,
3696@@ -716,12 +784,25 @@ userauth_gssapi(struct ssh *ssh) 3709@@ -716,12 +790,31 @@ userauth_gssapi(struct ssh *ssh)
3697 OM_uint32 min; 3710 OM_uint32 min;
3698 int r, ok = 0; 3711 int r, ok = 0;
3699 gss_OID mech = NULL; 3712 gss_OID mech = NULL;
3700+ char *gss_host; 3713+ char *gss_host;
3701+ 3714+
3702+ if (options.gss_server_identity) 3715+ if (options.gss_server_identity) {
3703+ gss_host = xstrdup(options.gss_server_identity); 3716+ gss_host = xstrdup(options.gss_server_identity);
3704+ else if (options.gss_trust_dns) 3717+ } else if (options.gss_trust_dns) {
3705+ gss_host = remote_hostname(ssh); 3718+ gss_host = remote_hostname(ssh);
3706+ else 3719+ /* Fall back to specified host if we are using proxy command
3720+ * and can not use DNS on that socket */
3721+ if (strcmp(gss_host, "UNKNOWN") == 0) {
3722+ gss_host = authctxt->host;
3723+ }
3724+ } else {
3707+ gss_host = xstrdup(authctxt->host); 3725+ gss_host = xstrdup(authctxt->host);
3726+ }
3708 3727
3709 /* Try one GSSAPI method at a time, rather than sending them all at 3728 /* Try one GSSAPI method at a time, rather than sending them all at
3710 * once. */ 3729 * once. */
@@ -3720,7 +3739,7 @@ index af00fb30c..03bc87eb4 100644
3720 3739
3721 /* Check to see whether the mechanism is usable before we offer it */ 3740 /* Check to see whether the mechanism is usable before we offer it */
3722 while (authctxt->mech_tried < authctxt->gss_supported_mechs->count && 3741 while (authctxt->mech_tried < authctxt->gss_supported_mechs->count &&
3723@@ -730,13 +811,15 @@ userauth_gssapi(struct ssh *ssh) 3742@@ -730,13 +823,15 @@ userauth_gssapi(struct ssh *ssh)
3724 elements[authctxt->mech_tried]; 3743 elements[authctxt->mech_tried];
3725 /* My DER encoding requires length<128 */ 3744 /* My DER encoding requires length<128 */
3726 if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt, 3745 if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt,
@@ -3737,7 +3756,7 @@ index af00fb30c..03bc87eb4 100644
3737 if (!ok || mech == NULL) 3756 if (!ok || mech == NULL)
3738 return 0; 3757 return 0;
3739 3758
3740@@ -976,6 +1059,55 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) 3759@@ -976,6 +1071,55 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
3741 free(lang); 3760 free(lang);
3742 return r; 3761 return r;
3743 } 3762 }
@@ -3794,10 +3813,10 @@ index af00fb30c..03bc87eb4 100644
3794 3813
3795 static int 3814 static int
3796diff --git a/sshd.c b/sshd.c 3815diff --git a/sshd.c b/sshd.c
3797index 60b2aaf73..d92f03aaf 100644 3816index 6f8f11a3b..02fca5c28 100644
3798--- a/sshd.c 3817--- a/sshd.c
3799+++ b/sshd.c 3818+++ b/sshd.c
3800@@ -817,8 +817,8 @@ notify_hostkeys(struct ssh *ssh) 3819@@ -816,8 +816,8 @@ notify_hostkeys(struct ssh *ssh)
3801 } 3820 }
3802 debug3("%s: sent %u hostkeys", __func__, nkeys); 3821 debug3("%s: sent %u hostkeys", __func__, nkeys);
3803 if (nkeys == 0) 3822 if (nkeys == 0)
@@ -3808,7 +3827,7 @@ index 60b2aaf73..d92f03aaf 100644
3808 sshpkt_fatal(ssh, r, "%s: send", __func__); 3827 sshpkt_fatal(ssh, r, "%s: send", __func__);
3809 sshbuf_free(buf); 3828 sshbuf_free(buf);
3810 } 3829 }
3811@@ -1852,7 +1852,8 @@ main(int ac, char **av) 3830@@ -1851,7 +1851,8 @@ main(int ac, char **av)
3812 free(fp); 3831 free(fp);
3813 } 3832 }
3814 accumulate_host_timing_secret(cfg, NULL); 3833 accumulate_host_timing_secret(cfg, NULL);
@@ -3818,7 +3837,7 @@ index 60b2aaf73..d92f03aaf 100644
3818 logit("sshd: no hostkeys available -- exiting."); 3837 logit("sshd: no hostkeys available -- exiting.");
3819 exit(1); 3838 exit(1);
3820 } 3839 }
3821@@ -2347,6 +2348,48 @@ do_ssh2_kex(struct ssh *ssh) 3840@@ -2342,6 +2343,48 @@ do_ssh2_kex(struct ssh *ssh)
3822 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( 3841 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
3823 list_hostkey_types()); 3842 list_hostkey_types());
3824 3843
@@ -3867,7 +3886,7 @@ index 60b2aaf73..d92f03aaf 100644
3867 /* start key exchange */ 3886 /* start key exchange */
3868 if ((r = kex_setup(ssh, myproposal)) != 0) 3887 if ((r = kex_setup(ssh, myproposal)) != 0)
3869 fatal("kex_setup: %s", ssh_err(r)); 3888 fatal("kex_setup: %s", ssh_err(r));
3870@@ -2362,7 +2405,18 @@ do_ssh2_kex(struct ssh *ssh) 3889@@ -2357,7 +2400,18 @@ do_ssh2_kex(struct ssh *ssh)
3871 # ifdef OPENSSL_HAS_ECC 3890 # ifdef OPENSSL_HAS_ECC
3872 kex->kex[KEX_ECDH_SHA2] = kex_gen_server; 3891 kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
3873 # endif 3892 # endif
@@ -3901,10 +3920,10 @@ index 19b7c91a1..2c48105f8 100644
3901 # Set this to 'yes' to enable PAM authentication, account processing, 3920 # Set this to 'yes' to enable PAM authentication, account processing,
3902 # and session processing. If this is enabled, PAM authentication will 3921 # and session processing. If this is enabled, PAM authentication will
3903diff --git a/sshd_config.5 b/sshd_config.5 3922diff --git a/sshd_config.5 b/sshd_config.5
3904index 70ccea449..f6b41a2f8 100644 3923index b294efc2d..360e5fb1a 100644
3905--- a/sshd_config.5 3924--- a/sshd_config.5
3906+++ b/sshd_config.5 3925+++ b/sshd_config.5
3907@@ -646,6 +646,11 @@ Specifies whether to automatically destroy the user's credentials cache 3926@@ -644,6 +644,11 @@ Specifies whether to automatically destroy the user's credentials cache
3908 on logout. 3927 on logout.
3909 The default is 3928 The default is
3910 .Cm yes . 3929 .Cm yes .
@@ -3916,7 +3935,7 @@ index 70ccea449..f6b41a2f8 100644
3916 .It Cm GSSAPIStrictAcceptorCheck 3935 .It Cm GSSAPIStrictAcceptorCheck
3917 Determines whether to be strict about the identity of the GSSAPI acceptor 3936 Determines whether to be strict about the identity of the GSSAPI acceptor
3918 a client authenticates against. 3937 a client authenticates against.
3919@@ -660,6 +665,31 @@ machine's default store. 3938@@ -658,6 +663,31 @@ machine's default store.
3920 This facility is provided to assist with operation on multi homed machines. 3939 This facility is provided to assist with operation on multi homed machines.
3921 The default is 3940 The default is
3922 .Cm yes . 3941 .Cm yes .
@@ -3943,13 +3962,13 @@ index 70ccea449..f6b41a2f8 100644
3943+.Ed 3962+.Ed
3944+.Pp 3963+.Pp
3945+The default is 3964+The default is
3946+.Dq gss-gex-sha1-,gss-group14-sha1- . 3965+.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-gex-sha1-,gss-group14-sha1- .
3947+This option only applies to protocol version 2 connections using GSSAPI. 3966+This option only applies to connections using GSSAPI.
3948 .It Cm HostbasedAcceptedKeyTypes 3967 .It Cm HostbasedAcceptedKeyTypes
3949 Specifies the key types that will be accepted for hostbased authentication 3968 Specifies the key types that will be accepted for hostbased authentication
3950 as a list of comma-separated patterns. 3969 as a list of comma-separated patterns.
3951diff --git a/sshkey.c b/sshkey.c 3970diff --git a/sshkey.c b/sshkey.c
3952index 57995ee68..fd5b77246 100644 3971index 1571e3d93..1ac32a0ec 100644
3953--- a/sshkey.c 3972--- a/sshkey.c
3954+++ b/sshkey.c 3973+++ b/sshkey.c
3955@@ -154,6 +154,7 @@ static const struct keytype keytypes[] = { 3974@@ -154,6 +154,7 @@ static const struct keytype keytypes[] = {
@@ -3970,7 +3989,7 @@ index 57995ee68..fd5b77246 100644
3970 if (!include_sigonly && kt->sigonly) 3989 if (!include_sigonly && kt->sigonly)
3971 continue; 3990 continue;
3972diff --git a/sshkey.h b/sshkey.h 3991diff --git a/sshkey.h b/sshkey.h
3973index 71a3fddcb..37a43a67a 100644 3992index 9c1d4f637..f586e8967 100644
3974--- a/sshkey.h 3993--- a/sshkey.h
3975+++ b/sshkey.h 3994+++ b/sshkey.h
3976@@ -69,6 +69,7 @@ enum sshkey_types { 3995@@ -69,6 +69,7 @@ enum sshkey_types {