upstream commit

add sshd_config HostbasedAcceptedKeyTypes and
 PubkeyAcceptedKeyTypes options to allow sshd to control what public key types
 will be accepted. Currently defaults to all. Feedback & ok markus@

1 files changed, 5 insertions, 1 deletions

diff --git a/servconf.h b/servconf.h
index 49b228bdf..9922f0c8c 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.115 2014/12/21 22:27:56 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.116 2015/01/13 07:39:19 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -99,8 +99,10 @@ typedef struct {
                                                  * authentication. */
         int     hostbased_authentication;       /* If true, permit ssh2 hostbased auth */
         int     hostbased_uses_name_from_packet_only; /* experimental */
+        char   *hostbased_key_types;    /* Key types allowed for hostbased */
         int     rsa_authentication;     /* If true, permit RSA authentication. */
         int     pubkey_authentication;  /* If true, permit ssh2 pubkey authentication. */
+        char   *pubkey_key_types;       /* Key types allowed for public key */
         int     kerberos_authentication;        /* If true, permit Kerberos
                                                  * authentication. */
         int     kerberos_or_local_passwd;       /* If true, permit kerberos
@@ -215,6 +217,8 @@ struct connection_info {
                 M_CP_STROPT(authorized_principals_file); \
                 M_CP_STROPT(authorized_keys_command); \
                 M_CP_STROPT(authorized_keys_command_user); \
+                M_CP_STROPT(hostbased_key_types); \
+                M_CP_STROPT(pubkey_key_types); \
                 M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
                 M_CP_STRARRAYOPT(allow_users, num_allow_users); \
                 M_CP_STRARRAYOPT(deny_users, num_deny_users); \