- djm@cvs.openbsd.org 2013/12/30 23:52:28

[auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c] [sshconnect.c sshconnect2.c sshd.c] refuse RSA keys from old proprietary clients/servers that use the obsolete RSA+MD5 signature scheme. it will still be possible to connect with these clients/servers but only DSA keys will be accepted, and we'll deprecate them entirely in a future release. ok markus@
author: Damien Miller <djm@mindrot.org> 2013-12-31 12:25:40 +1100
committer: Damien Miller <djm@mindrot.org> 2013-12-31 12:25:40 +1100
commit: 324541e5264e1489ca0babfaf2b39612eb80dfb3 (patch)
tree: 3adbfd162c3704e6aeb36f30ca09e4c04fbd25e2 /sshconnect.c
parent: 9f4c8e797ea002a883307ca906f1f1f815010e78 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/sshconnect.c b/sshconnect.c
index b492ce915..791b31c12 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.242 2013/12/29 05:57:02 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.243 2013/12/30 23:52:27 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -662,6 +662,9 @@ ssh_exchange_identification(int timeout_ms)
                fatal("Protocol major versions differ: %d vs. %d",
                    (options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
                    remote_major);
+        if ((datafellows & SSH_BUG_RSASIGMD5) != 0)
+                logit("Server version \"%.100s\" uses unsafe RSA signature "
+                    "scheme; disabling use of RSA keys", remote_version);
        if (!client_banner_sent)
                send_client_banner(connection_out, minor1);
        chop(server_version_string);
author	Damien Miller <djm@mindrot.org>	2013-12-31 12:25:40 +1100
committer	Damien Miller <djm@mindrot.org>	2013-12-31 12:25:40 +1100
commit	324541e5264e1489ca0babfaf2b39612eb80dfb3 (patch)
tree	3adbfd162c3704e6aeb36f30ca09e4c04fbd25e2 /sshconnect.c
parent	9f4c8e797ea002a883307ca906f1f1f815010e78 (diff)