diff options
author | markus@openbsd.org <markus@openbsd.org> | 2015-07-10 06:21:53 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-07-15 15:38:02 +1000 |
commit | 3a1638dda19bbc73d0ae02b4c251ce08e564b4b9 (patch) | |
tree | e74e4219344349a4f9a4393aa4c2c6b7baecb127 /sshd.c | |
parent | 16db0a7ee9a87945cc594d13863cfcb86038db59 (diff) |
upstream commit
Turn off DSA by default; add HostKeyAlgorithms to the
server and PubkeyAcceptedKeyTypes to the client side, so it still can be
tested or turned back on; feedback and ok djm@
Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.453 2015/07/03 03:49:45 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.454 2015/07/10 06:21:53 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -95,6 +95,7 @@ | |||
95 | #include "log.h" | 95 | #include "log.h" |
96 | #include "buffer.h" | 96 | #include "buffer.h" |
97 | #include "misc.h" | 97 | #include "misc.h" |
98 | #include "match.h" | ||
98 | #include "servconf.h" | 99 | #include "servconf.h" |
99 | #include "uidswap.h" | 100 | #include "uidswap.h" |
100 | #include "compat.h" | 101 | #include "compat.h" |
@@ -799,6 +800,13 @@ list_hostkey_types(void) | |||
799 | key = sensitive_data.host_pubkeys[i]; | 800 | key = sensitive_data.host_pubkeys[i]; |
800 | if (key == NULL) | 801 | if (key == NULL) |
801 | continue; | 802 | continue; |
803 | /* Check that the key is accepted in HostkeyAlgorithms */ | ||
804 | if (match_pattern_list(sshkey_ssh_name(key), | ||
805 | options.hostkeyalgorithms, 0) != 1) { | ||
806 | debug3("%s: %s key not permitted by HostkeyAlgorithms", | ||
807 | __func__, sshkey_ssh_name(key)); | ||
808 | continue; | ||
809 | } | ||
802 | switch (key->type) { | 810 | switch (key->type) { |
803 | case KEY_RSA: | 811 | case KEY_RSA: |
804 | case KEY_DSA: | 812 | case KEY_DSA: |