diff options
author | Damien Miller <djm@mindrot.org> | 2010-09-24 22:11:14 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-09-24 22:11:14 +1000 |
commit | d5f62bf280b0798d7009d4424594a648a4e887fb (patch) | |
tree | 5f18078ea61f6c5503dc4addfb2f17d13844692c /readconf.c | |
parent | 603134e077e667b4819effb0e121803842df621f (diff) |
- djm@cvs.openbsd.org 2010/09/22 05:01:30
[kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
[servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
add a KexAlgorithms knob to the client and server configuration to allow
selection of which key exchange methods are used by ssh(1) and sshd(8)
and their order of preference.
ok markus@
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/readconf.c b/readconf.c index 586422930..da7efd193 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.188 2010/08/31 11:54:45 djm Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.189 2010/09/22 05:01:29 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -132,6 +132,7 @@ typedef enum { | |||
132 | oHashKnownHosts, | 132 | oHashKnownHosts, |
133 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 133 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
134 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, | 134 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, |
135 | oKexAlgorithms, | ||
135 | oDeprecated, oUnsupported | 136 | oDeprecated, oUnsupported |
136 | } OpCodes; | 137 | } OpCodes; |
137 | 138 | ||
@@ -240,6 +241,7 @@ static struct { | |||
240 | #else | 241 | #else |
241 | { "zeroknowledgepasswordauthentication", oUnsupported }, | 242 | { "zeroknowledgepasswordauthentication", oUnsupported }, |
242 | #endif | 243 | #endif |
244 | { "kexalgorithms", oKexAlgorithms }, | ||
243 | 245 | ||
244 | { NULL, oBadOption } | 246 | { NULL, oBadOption } |
245 | }; | 247 | }; |
@@ -699,6 +701,18 @@ parse_int: | |||
699 | options->macs = xstrdup(arg); | 701 | options->macs = xstrdup(arg); |
700 | break; | 702 | break; |
701 | 703 | ||
704 | case oKexAlgorithms: | ||
705 | arg = strdelim(&s); | ||
706 | if (!arg || *arg == '\0') | ||
707 | fatal("%.200s line %d: Missing argument.", | ||
708 | filename, linenum); | ||
709 | if (!kex_names_valid(arg)) | ||
710 | fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.", | ||
711 | filename, linenum, arg ? arg : "<NONE>"); | ||
712 | if (*activep && options->kex_algorithms == NULL) | ||
713 | options->kex_algorithms = xstrdup(arg); | ||
714 | break; | ||
715 | |||
702 | case oHostKeyAlgorithms: | 716 | case oHostKeyAlgorithms: |
703 | arg = strdelim(&s); | 717 | arg = strdelim(&s); |
704 | if (!arg || *arg == '\0') | 718 | if (!arg || *arg == '\0') |
@@ -1078,6 +1092,7 @@ initialize_options(Options * options) | |||
1078 | options->cipher = -1; | 1092 | options->cipher = -1; |
1079 | options->ciphers = NULL; | 1093 | options->ciphers = NULL; |
1080 | options->macs = NULL; | 1094 | options->macs = NULL; |
1095 | options->kex_algorithms = NULL; | ||
1081 | options->hostkeyalgorithms = NULL; | 1096 | options->hostkeyalgorithms = NULL; |
1082 | options->protocol = SSH_PROTO_UNKNOWN; | 1097 | options->protocol = SSH_PROTO_UNKNOWN; |
1083 | options->num_identity_files = 0; | 1098 | options->num_identity_files = 0; |
@@ -1191,6 +1206,7 @@ fill_default_options(Options * options) | |||
1191 | options->cipher = SSH_CIPHER_NOT_SET; | 1206 | options->cipher = SSH_CIPHER_NOT_SET; |
1192 | /* options->ciphers, default set in myproposals.h */ | 1207 | /* options->ciphers, default set in myproposals.h */ |
1193 | /* options->macs, default set in myproposals.h */ | 1208 | /* options->macs, default set in myproposals.h */ |
1209 | /* options->kex_algorithms, default set in myproposals.h */ | ||
1194 | /* options->hostkeyalgorithms, default set in myproposals.h */ | 1210 | /* options->hostkeyalgorithms, default set in myproposals.h */ |
1195 | if (options->protocol == SSH_PROTO_UNKNOWN) | 1211 | if (options->protocol == SSH_PROTO_UNKNOWN) |
1196 | options->protocol = SSH_PROTO_2; | 1212 | options->protocol = SSH_PROTO_2; |