summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--kex.c64
-rw-r--r--kex.h4
-rw-r--r--readconf.c25
-rw-r--r--servconf.c24
-rw-r--r--ssh.c35
-rw-r--r--ssh_config.531
-rw-r--r--sshconnect2.c33
-rw-r--r--sshd.c29
-rw-r--r--sshd_config.526
9 files changed, 187 insertions, 84 deletions
diff --git a/kex.c b/kex.c
index af2a41cca..5100c661d 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.108 2015/07/29 08:34:54 djm Exp $ */ 1/* $OpenBSD: kex.c,v 1.109 2015/07/30 00:01:34 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -155,6 +155,68 @@ kex_names_valid(const char *names)
155 return 1; 155 return 1;
156} 156}
157 157
158/*
159 * Concatenate algorithm names, avoiding duplicates in the process.
160 * Caller must free returned string.
161 */
162char *
163kex_names_cat(const char *a, const char *b)
164{
165 char *ret = NULL, *tmp = NULL, *cp, *p;
166 size_t len;
167
168 if (a == NULL || *a == '\0')
169 return NULL;
170 if (b == NULL || *b == '\0')
171 return strdup(a);
172 if (strlen(b) > 1024*1024)
173 return NULL;
174 len = strlen(a) + strlen(b) + 2;
175 if ((tmp = cp = strdup(b)) == NULL ||
176 (ret = calloc(1, len)) == NULL) {
177 free(tmp);
178 return NULL;
179 }
180 strlcpy(ret, a, len);
181 for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) {
182 if (match_list(ret, p, NULL) != NULL)
183 continue; /* Algorithm already present */
184 if (strlcat(ret, ",", len) >= len ||
185 strlcat(ret, p, len) >= len) {
186 free(tmp);
187 free(ret);
188 return NULL; /* Shouldn't happen */
189 }
190 }
191 free(tmp);
192 return ret;
193}
194
195/*
196 * Assemble a list of algorithms from a default list and a string from a
197 * configuration file. The user-provided string may begin with '+' to
198 * indicate that it should be appended to the default.
199 */
200int
201kex_assemble_names(const char *def, char **list)
202{
203 char *ret;
204
205 if (list == NULL || *list == NULL || **list == '\0') {
206 *list = strdup(def);
207 return 0;
208 }
209 if (**list != '+') {
210 return 0;
211 }
212
213 if ((ret = kex_names_cat(def, *list + 1)) == NULL)
214 return SSH_ERR_ALLOC_FAIL;
215 free(*list);
216 *list = ret;
217 return 0;
218}
219
158/* put algorithm proposal into buffer */ 220/* put algorithm proposal into buffer */
159int 221int
160kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX]) 222kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX])
diff --git a/kex.h b/kex.h
index fea5a75dd..d71b53293 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.h,v 1.72 2015/07/29 04:43:06 djm Exp $ */ 1/* $OpenBSD: kex.h,v 1.73 2015/07/30 00:01:34 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -160,6 +160,8 @@ struct kex {
160 160
161int kex_names_valid(const char *); 161int kex_names_valid(const char *);
162char *kex_alg_list(char); 162char *kex_alg_list(char);
163char *kex_names_cat(const char *, const char *);
164int kex_assemble_names(const char *, char **);
163 165
164int kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **); 166int kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **);
165int kex_setup(struct ssh *, char *[PROPOSAL_MAX]); 167int kex_setup(struct ssh *, char *[PROPOSAL_MAX]);
diff --git a/readconf.c b/readconf.c
index f1c860b9c..1d03bdf72 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.238 2015/07/10 06:21:53 markus Exp $ */ 1/* $OpenBSD: readconf.c,v 1.239 2015/07/30 00:01:34 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1086,7 +1086,7 @@ parse_int:
1086 arg = strdelim(&s); 1086 arg = strdelim(&s);
1087 if (!arg || *arg == '\0') 1087 if (!arg || *arg == '\0')
1088 fatal("%.200s line %d: Missing argument.", filename, linenum); 1088 fatal("%.200s line %d: Missing argument.", filename, linenum);
1089 if (!ciphers_valid(arg)) 1089 if (!ciphers_valid(*arg == '+' ? arg + 1 : arg))
1090 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.", 1090 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
1091 filename, linenum, arg ? arg : "<NONE>"); 1091 filename, linenum, arg ? arg : "<NONE>");
1092 if (*activep && options->ciphers == NULL) 1092 if (*activep && options->ciphers == NULL)
@@ -1097,7 +1097,7 @@ parse_int:
1097 arg = strdelim(&s); 1097 arg = strdelim(&s);
1098 if (!arg || *arg == '\0') 1098 if (!arg || *arg == '\0')
1099 fatal("%.200s line %d: Missing argument.", filename, linenum); 1099 fatal("%.200s line %d: Missing argument.", filename, linenum);
1100 if (!mac_valid(arg)) 1100 if (!mac_valid(*arg == '+' ? arg + 1 : arg))
1101 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.", 1101 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
1102 filename, linenum, arg ? arg : "<NONE>"); 1102 filename, linenum, arg ? arg : "<NONE>");
1103 if (*activep && options->macs == NULL) 1103 if (*activep && options->macs == NULL)
@@ -1109,7 +1109,7 @@ parse_int:
1109 if (!arg || *arg == '\0') 1109 if (!arg || *arg == '\0')
1110 fatal("%.200s line %d: Missing argument.", 1110 fatal("%.200s line %d: Missing argument.",
1111 filename, linenum); 1111 filename, linenum);
1112 if (!kex_names_valid(arg)) 1112 if (!kex_names_valid(*arg == '+' ? arg + 1 : arg))
1113 fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.", 1113 fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
1114 filename, linenum, arg ? arg : "<NONE>"); 1114 filename, linenum, arg ? arg : "<NONE>");
1115 if (*activep && options->kex_algorithms == NULL) 1115 if (*activep && options->kex_algorithms == NULL)
@@ -1123,7 +1123,7 @@ parse_keytypes:
1123 if (!arg || *arg == '\0') 1123 if (!arg || *arg == '\0')
1124 fatal("%.200s line %d: Missing argument.", 1124 fatal("%.200s line %d: Missing argument.",
1125 filename, linenum); 1125 filename, linenum);
1126 if (!sshkey_names_valid2(arg, 1)) 1126 if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
1127 fatal("%s line %d: Bad key types '%s'.", 1127 fatal("%s line %d: Bad key types '%s'.",
1128 filename, linenum, arg ? arg : "<NONE>"); 1128 filename, linenum, arg ? arg : "<NONE>");
1129 if (*activep && *charptr == NULL) 1129 if (*activep && *charptr == NULL)
@@ -1762,9 +1762,6 @@ fill_default_options(Options * options)
1762 /* Selected in ssh_login(). */ 1762 /* Selected in ssh_login(). */
1763 if (options->cipher == -1) 1763 if (options->cipher == -1)
1764 options->cipher = SSH_CIPHER_NOT_SET; 1764 options->cipher = SSH_CIPHER_NOT_SET;
1765 /* options->ciphers, default set in myproposals.h */
1766 /* options->macs, default set in myproposals.h */
1767 /* options->kex_algorithms, default set in myproposals.h */
1768 /* options->hostkeyalgorithms, default set in myproposals.h */ 1765 /* options->hostkeyalgorithms, default set in myproposals.h */
1769 if (options->protocol == SSH_PROTO_UNKNOWN) 1766 if (options->protocol == SSH_PROTO_UNKNOWN)
1770 options->protocol = SSH_PROTO_2; 1767 options->protocol = SSH_PROTO_2;
@@ -1858,10 +1855,14 @@ fill_default_options(Options * options)
1858 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; 1855 options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
1859 if (options->update_hostkeys == -1) 1856 if (options->update_hostkeys == -1)
1860 options->update_hostkeys = 0; 1857 options->update_hostkeys = 0;
1861 if (options->hostbased_key_types == NULL) 1858 if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &options->ciphers) != 0 ||
1862 options->hostbased_key_types = xstrdup(KEX_DEFAULT_PK_ALG); 1859 kex_assemble_names(KEX_CLIENT_MAC, &options->macs) != 0 ||
1863 if (options->pubkey_key_types == NULL) 1860 kex_assemble_names(KEX_CLIENT_KEX, &options->kex_algorithms) != 0 ||
1864 options->pubkey_key_types = xstrdup(KEX_DEFAULT_PK_ALG); 1861 kex_assemble_names(KEX_DEFAULT_PK_ALG,
1862 &options->hostbased_key_types) != 0 ||
1863 kex_assemble_names(KEX_DEFAULT_PK_ALG,
1864 &options->pubkey_key_types) != 0)
1865 fatal("%s: kex_assemble_names failed", __func__);
1865 1866
1866#define CLEAR_ON_NONE(v) \ 1867#define CLEAR_ON_NONE(v) \
1867 do { \ 1868 do { \
diff --git a/servconf.c b/servconf.c
index 018f251ca..7506ad21f 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
1 1
2/* $OpenBSD: servconf.c,v 1.276 2015/07/10 06:21:53 markus Exp $ */ 2/* $OpenBSD: servconf.c,v 1.277 2015/07/30 00:01:34 djm Exp $ */
3/* 3/*
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved 5 * All rights reserved
@@ -259,16 +259,12 @@ fill_default_server_options(ServerOptions *options)
259 options->hostbased_authentication = 0; 259 options->hostbased_authentication = 0;
260 if (options->hostbased_uses_name_from_packet_only == -1) 260 if (options->hostbased_uses_name_from_packet_only == -1)
261 options->hostbased_uses_name_from_packet_only = 0; 261 options->hostbased_uses_name_from_packet_only = 0;
262 if (options->hostbased_key_types == NULL)
263 options->hostbased_key_types = xstrdup(KEX_DEFAULT_PK_ALG);
264 if (options->hostkeyalgorithms == NULL) 262 if (options->hostkeyalgorithms == NULL)
265 options->hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG); 263 options->hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);
266 if (options->rsa_authentication == -1) 264 if (options->rsa_authentication == -1)
267 options->rsa_authentication = 1; 265 options->rsa_authentication = 1;
268 if (options->pubkey_authentication == -1) 266 if (options->pubkey_authentication == -1)
269 options->pubkey_authentication = 1; 267 options->pubkey_authentication = 1;
270 if (options->pubkey_key_types == NULL)
271 options->pubkey_key_types = xstrdup(KEX_DEFAULT_PK_ALG);
272 if (options->kerberos_authentication == -1) 268 if (options->kerberos_authentication == -1)
273 options->kerberos_authentication = 0; 269 options->kerberos_authentication = 0;
274 if (options->kerberos_or_local_passwd == -1) 270 if (options->kerberos_or_local_passwd == -1)
@@ -345,6 +341,16 @@ fill_default_server_options(ServerOptions *options)
345 options->fwd_opts.streamlocal_bind_unlink = 0; 341 options->fwd_opts.streamlocal_bind_unlink = 0;
346 if (options->fingerprint_hash == -1) 342 if (options->fingerprint_hash == -1)
347 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; 343 options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
344
345 if (kex_assemble_names(KEX_SERVER_ENCRYPT, &options->ciphers) != 0 ||
346 kex_assemble_names(KEX_SERVER_MAC, &options->macs) != 0 ||
347 kex_assemble_names(KEX_SERVER_KEX, &options->kex_algorithms) != 0 ||
348 kex_assemble_names(KEX_DEFAULT_PK_ALG,
349 &options->hostbased_key_types) != 0 ||
350 kex_assemble_names(KEX_DEFAULT_PK_ALG,
351 &options->pubkey_key_types) != 0)
352 fatal("%s: kex_assemble_names failed", __func__);
353
348 /* Turn privilege separation on by default */ 354 /* Turn privilege separation on by default */
349 if (use_privsep == -1) 355 if (use_privsep == -1)
350 use_privsep = PRIVSEP_NOSANDBOX; 356 use_privsep = PRIVSEP_NOSANDBOX;
@@ -1181,7 +1187,7 @@ process_server_config_line(ServerOptions *options, char *line,
1181 if (!arg || *arg == '\0') 1187 if (!arg || *arg == '\0')
1182 fatal("%s line %d: Missing argument.", 1188 fatal("%s line %d: Missing argument.",
1183 filename, linenum); 1189 filename, linenum);
1184 if (!sshkey_names_valid2(arg, 1)) 1190 if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
1185 fatal("%s line %d: Bad key types '%s'.", 1191 fatal("%s line %d: Bad key types '%s'.",
1186 filename, linenum, arg ? arg : "<NONE>"); 1192 filename, linenum, arg ? arg : "<NONE>");
1187 if (*activep && *charptr == NULL) 1193 if (*activep && *charptr == NULL)
@@ -1434,7 +1440,7 @@ process_server_config_line(ServerOptions *options, char *line,
1434 arg = strdelim(&cp); 1440 arg = strdelim(&cp);
1435 if (!arg || *arg == '\0') 1441 if (!arg || *arg == '\0')
1436 fatal("%s line %d: Missing argument.", filename, linenum); 1442 fatal("%s line %d: Missing argument.", filename, linenum);
1437 if (!ciphers_valid(arg)) 1443 if (!ciphers_valid(*arg == '+' ? arg + 1 : arg))
1438 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1444 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
1439 filename, linenum, arg ? arg : "<NONE>"); 1445 filename, linenum, arg ? arg : "<NONE>");
1440 if (options->ciphers == NULL) 1446 if (options->ciphers == NULL)
@@ -1445,7 +1451,7 @@ process_server_config_line(ServerOptions *options, char *line,
1445 arg = strdelim(&cp); 1451 arg = strdelim(&cp);
1446 if (!arg || *arg == '\0') 1452 if (!arg || *arg == '\0')
1447 fatal("%s line %d: Missing argument.", filename, linenum); 1453 fatal("%s line %d: Missing argument.", filename, linenum);
1448 if (!mac_valid(arg)) 1454 if (!mac_valid(*arg == '+' ? arg + 1 : arg))
1449 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1455 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
1450 filename, linenum, arg ? arg : "<NONE>"); 1456 filename, linenum, arg ? arg : "<NONE>");
1451 if (options->macs == NULL) 1457 if (options->macs == NULL)
@@ -1457,7 +1463,7 @@ process_server_config_line(ServerOptions *options, char *line,
1457 if (!arg || *arg == '\0') 1463 if (!arg || *arg == '\0')
1458 fatal("%s line %d: Missing argument.", 1464 fatal("%s line %d: Missing argument.",
1459 filename, linenum); 1465 filename, linenum);
1460 if (!kex_names_valid(arg)) 1466 if (!kex_names_valid(*arg == '+' ? arg + 1 : arg))
1461 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 1467 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
1462 filename, linenum, arg ? arg : "<NONE>"); 1468 filename, linenum, arg ? arg : "<NONE>");
1463 if (options->kex_algorithms == NULL) 1469 if (options->kex_algorithms == NULL)
diff --git a/ssh.c b/ssh.c
index 3239108ec..59c1f931c 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.419 2015/07/20 18:42:35 millert Exp $ */ 1/* $OpenBSD: ssh.c,v 1.420 2015/07/30 00:01:34 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -108,6 +108,7 @@
108#include "roaming.h" 108#include "roaming.h"
109#include "version.h" 109#include "version.h"
110#include "ssherr.h" 110#include "ssherr.h"
111#include "myproposal.h"
111 112
112#ifdef ENABLE_PKCS11 113#ifdef ENABLE_PKCS11
113#include "ssh-pkcs11.h" 114#include "ssh-pkcs11.h"
@@ -794,26 +795,26 @@ main(int ac, char **av)
794 } 795 }
795 break; 796 break;
796 case 'c': 797 case 'c':
797 if (ciphers_valid(optarg)) { 798 if (ciphers_valid(*optarg == '+' ?
799 optarg + 1 : optarg)) {
798 /* SSH2 only */ 800 /* SSH2 only */
799 options.ciphers = xstrdup(optarg); 801 options.ciphers = xstrdup(optarg);
800 options.cipher = SSH_CIPHER_INVALID; 802 options.cipher = SSH_CIPHER_INVALID;
801 } else { 803 break;
802 /* SSH1 only */ 804 }
803 options.cipher = cipher_number(optarg); 805 /* SSH1 only */
804 if (options.cipher == -1) { 806 options.cipher = cipher_number(optarg);
805 fprintf(stderr, 807 if (options.cipher == -1) {
806 "Unknown cipher type '%s'\n", 808 fprintf(stderr, "Unknown cipher type '%s'\n",
807 optarg); 809 optarg);
808 exit(255); 810 exit(255);
809 }
810 if (options.cipher == SSH_CIPHER_3DES)
811 options.ciphers = "3des-cbc";
812 else if (options.cipher == SSH_CIPHER_BLOWFISH)
813 options.ciphers = "blowfish-cbc";
814 else
815 options.ciphers = (char *)-1;
816 } 811 }
812 if (options.cipher == SSH_CIPHER_3DES)
813 options.ciphers = xstrdup("3des-cbc");
814 else if (options.cipher == SSH_CIPHER_BLOWFISH)
815 options.ciphers = xstrdup("blowfish-cbc");
816 else
817 options.ciphers = xstrdup(KEX_CLIENT_ENCRYPT);
817 break; 818 break;
818 case 'm': 819 case 'm':
819 if (mac_valid(optarg)) 820 if (mac_valid(optarg))
diff --git a/ssh_config.5 b/ssh_config.5
index e51439849..5b0975f87 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh_config.5,v 1.213 2015/07/10 06:21:53 markus Exp $ 36.\" $OpenBSD: ssh_config.5,v 1.214 2015/07/30 00:01:34 djm Exp $
37.Dd $Mdocdate: July 10 2015 $ 37.Dd $Mdocdate: July 30 2015 $
38.Dt SSH_CONFIG 5 38.Dt SSH_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -373,6 +373,11 @@ The default is
373Specifies the ciphers allowed for protocol version 2 373Specifies the ciphers allowed for protocol version 2
374in order of preference. 374in order of preference.
375Multiple ciphers must be comma-separated. 375Multiple ciphers must be comma-separated.
376If the specified value begins with a
377.Sq +
378character, then the specified ciphers will be appended to the default set
379instead of replacing them.
380.Pp
376The supported ciphers are: 381The supported ciphers are:
377.Pp 382.Pp
378.Bl -item -compact -offset indent 383.Bl -item -compact -offset indent
@@ -781,6 +786,10 @@ is similar to
781.It Cm HostbasedKeyTypes 786.It Cm HostbasedKeyTypes
782Specifies the key types that will be used for hostbased authentication 787Specifies the key types that will be used for hostbased authentication
783as a comma-separated pattern list. 788as a comma-separated pattern list.
789Alternately if the specified value begins with a
790.Sq +
791character, then the specified key types will be appended to the default set
792instead of replacing them.
784The default for this option is: 793The default for this option is:
785.Bd -literal -offset 3n 794.Bd -literal -offset 3n
786ecdsa-sha2-nistp256-cert-v01@openssh.com, 795ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -800,6 +809,10 @@ may be used to list supported key types.
800.It Cm HostKeyAlgorithms 809.It Cm HostKeyAlgorithms
801Specifies the protocol version 2 host key algorithms 810Specifies the protocol version 2 host key algorithms
802that the client wants to use in order of preference. 811that the client wants to use in order of preference.
812Alternately if the specified value begins with a
813.Sq +
814character, then the specified key types will be appended to the default set
815instead of replacing them.
803The default for this option is: 816The default for this option is:
804.Bd -literal -offset 3n 817.Bd -literal -offset 3n
805ecdsa-sha2-nistp256-cert-v01@openssh.com, 818ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -981,6 +994,10 @@ and
981.It Cm KexAlgorithms 994.It Cm KexAlgorithms
982Specifies the available KEX (Key Exchange) algorithms. 995Specifies the available KEX (Key Exchange) algorithms.
983Multiple algorithms must be comma-separated. 996Multiple algorithms must be comma-separated.
997Alternately if the specified value begins with a
998.Sq +
999character, then the specified methods will be appended to the default set
1000instead of replacing them.
984The default is: 1001The default is:
985.Bd -literal -offset indent 1002.Bd -literal -offset indent
986curve25519-sha256@libssh.org, 1003curve25519-sha256@libssh.org,
@@ -1069,10 +1086,16 @@ in order of preference.
1069The MAC algorithm is used in protocol version 2 1086The MAC algorithm is used in protocol version 2
1070for data integrity protection. 1087for data integrity protection.
1071Multiple algorithms must be comma-separated. 1088Multiple algorithms must be comma-separated.
1089If the specified value begins with a
1090.Sq +
1091character, then the specified algorithms will be appended to the default set
1092instead of replacing them.
1093.Pp
1072The algorithms that contain 1094The algorithms that contain
1073.Dq -etm 1095.Dq -etm
1074calculate the MAC after encryption (encrypt-then-mac). 1096calculate the MAC after encryption (encrypt-then-mac).
1075These are considered safer and their use recommended. 1097These are considered safer and their use recommended.
1098.Pp
1076The default is: 1099The default is:
1077.Bd -literal -offset indent 1100.Bd -literal -offset indent
1078umac-64-etm@openssh.com,umac-128-etm@openssh.com, 1101umac-64-etm@openssh.com,umac-128-etm@openssh.com,
@@ -1216,6 +1239,10 @@ The default is
1216.It Cm PubkeyAcceptedKeyTypes 1239.It Cm PubkeyAcceptedKeyTypes
1217Specifies the key types that will be used for public key authentication 1240Specifies the key types that will be used for public key authentication
1218as a comma-separated pattern list. 1241as a comma-separated pattern list.
1242Alternately if the specified value begins with a
1243.Sq +
1244character, then the key types after it will be appended to the default
1245instead of replacing it.
1219The default for this option is: 1246The default for this option is:
1220.Bd -literal -offset 3n 1247.Bd -literal -offset 3n
1221ecdsa-sha2-nistp256-cert-v01@openssh.com, 1248ecdsa-sha2-nistp256-cert-v01@openssh.com,
diff --git a/sshconnect2.c b/sshconnect2.c
index 34dbf9a77..775103185 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.225 2015/07/10 06:21:53 markus Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.226 2015/07/30 00:01:34 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -163,18 +163,12 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
163 xxx_host = host; 163 xxx_host = host;
164 xxx_hostaddr = hostaddr; 164 xxx_hostaddr = hostaddr;
165 165
166 if (options.ciphers == (char *)-1) { 166 myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
167 logit("No valid ciphers for protocol version 2 given, using defaults."); 167 options.kex_algorithms);
168 options.ciphers = NULL;
169 }
170 if (options.ciphers != NULL) {
171 myproposal[PROPOSAL_ENC_ALGS_CTOS] =
172 myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
173 }
174 myproposal[PROPOSAL_ENC_ALGS_CTOS] = 168 myproposal[PROPOSAL_ENC_ALGS_CTOS] =
175 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); 169 compat_cipher_proposal(options.ciphers);
176 myproposal[PROPOSAL_ENC_ALGS_STOC] = 170 myproposal[PROPOSAL_ENC_ALGS_STOC] =
177 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]); 171 compat_cipher_proposal(options.ciphers);
178 if (options.compression) { 172 if (options.compression) {
179 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 173 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
180 myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none"; 174 myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none";
@@ -182,14 +176,15 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
182 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 176 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
183 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib"; 177 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib";
184 } 178 }
185 if (options.macs != NULL) { 179 myproposal[PROPOSAL_MAC_ALGS_CTOS] =
186 myproposal[PROPOSAL_MAC_ALGS_CTOS] = 180 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
187 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; 181 if (options.hostkeyalgorithms != NULL) {
188 } 182 if (kex_assemble_names(KEX_DEFAULT_PK_ALG,
189 if (options.hostkeyalgorithms != NULL) 183 &options.hostkeyalgorithms) != 0)
184 fatal("%s: kex_assemble_namelist", __func__);
190 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = 185 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
191 compat_pkalg_proposal(options.hostkeyalgorithms); 186 compat_pkalg_proposal(options.hostkeyalgorithms);
192 else { 187 } else {
193 /* Enforce default */ 188 /* Enforce default */
194 options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG); 189 options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);
195 /* Prefer algorithms that we already have keys for */ 190 /* Prefer algorithms that we already have keys for */
@@ -197,10 +192,6 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
197 compat_pkalg_proposal( 192 compat_pkalg_proposal(
198 order_hostkeyalgs(host, hostaddr, port)); 193 order_hostkeyalgs(host, hostaddr, port));
199 } 194 }
200 if (options.kex_algorithms != NULL)
201 myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
202 myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
203 myproposal[PROPOSAL_KEX_ALGS]);
204 195
205 if (options.rekey_limit || options.rekey_interval) 196 if (options.rekey_limit || options.rekey_interval)
206 packet_set_rekey_limits((u_int32_t)options.rekey_limit, 197 packet_set_rekey_limits((u_int32_t)options.rekey_limit,
diff --git a/sshd.c b/sshd.c
index 5c7c6c221..c7dd8cb7a 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.456 2015/07/17 02:47:45 djm Exp $ */ 1/* $OpenBSD: sshd.c,v 1.457 2015/07/30 00:01:34 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2539,19 +2539,15 @@ do_ssh2_kex(void)
2539 struct kex *kex; 2539 struct kex *kex;
2540 int r; 2540 int r;
2541 2541
2542 if (options.ciphers != NULL) { 2542 myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
2543 myproposal[PROPOSAL_ENC_ALGS_CTOS] = 2543 options.kex_algorithms);
2544 myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; 2544 myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(
2545 } 2545 options.ciphers);
2546 myproposal[PROPOSAL_ENC_ALGS_CTOS] = 2546 myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(
2547 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); 2547 options.ciphers);
2548 myproposal[PROPOSAL_ENC_ALGS_STOC] = 2548 myproposal[PROPOSAL_MAC_ALGS_CTOS] =
2549 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]); 2549 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
2550 2550
2551 if (options.macs != NULL) {
2552 myproposal[PROPOSAL_MAC_ALGS_CTOS] =
2553 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
2554 }
2555 if (options.compression == COMP_NONE) { 2551 if (options.compression == COMP_NONE) {
2556 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 2552 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
2557 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; 2553 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
@@ -2559,11 +2555,6 @@ do_ssh2_kex(void)
2559 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 2555 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
2560 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com"; 2556 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com";
2561 } 2557 }
2562 if (options.kex_algorithms != NULL)
2563 myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
2564
2565 myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
2566 myproposal[PROPOSAL_KEX_ALGS]);
2567 2558
2568 if (options.rekey_limit || options.rekey_interval) 2559 if (options.rekey_limit || options.rekey_interval)
2569 packet_set_rekey_limits((u_int32_t)options.rekey_limit, 2560 packet_set_rekey_limits((u_int32_t)options.rekey_limit,
diff --git a/sshd_config.5 b/sshd_config.5
index 0614531c5..2808576a9 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: sshd_config.5,v 1.207 2015/07/20 00:30:01 djm Exp $ 36.\" $OpenBSD: sshd_config.5,v 1.208 2015/07/30 00:01:34 djm Exp $
37.Dd $Mdocdate: July 20 2015 $ 37.Dd $Mdocdate: July 30 2015 $
38.Dt SSHD_CONFIG 5 38.Dt SSHD_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -434,6 +434,11 @@ The default is not to
434.It Cm Ciphers 434.It Cm Ciphers
435Specifies the ciphers allowed for protocol version 2. 435Specifies the ciphers allowed for protocol version 2.
436Multiple ciphers must be comma-separated. 436Multiple ciphers must be comma-separated.
437If the specified value begins with a
438.Sq +
439character, then the specified ciphers will be appended to the default set
440instead of replacing them.
441.Pp
437The supported ciphers are: 442The supported ciphers are:
438.Pp 443.Pp
439.Bl -item -compact -offset indent 444.Bl -item -compact -offset indent
@@ -640,6 +645,10 @@ The default is
640.It Cm HostbasedAcceptedKeyTypes 645.It Cm HostbasedAcceptedKeyTypes
641Specifies the key types that will be accepted for hostbased authentication 646Specifies the key types that will be accepted for hostbased authentication
642as a comma-separated pattern list. 647as a comma-separated pattern list.
648Alternately if the specified value begins with a
649.Sq +
650character, then the specified key types will be appended to the default set
651instead of replacing them.
643The default for this option is: 652The default for this option is:
644.Bd -literal -offset 3n 653.Bd -literal -offset 3n
645ecdsa-sha2-nistp256-cert-v01@openssh.com, 654ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -855,6 +864,10 @@ The default is
855.It Cm KexAlgorithms 864.It Cm KexAlgorithms
856Specifies the available KEX (Key Exchange) algorithms. 865Specifies the available KEX (Key Exchange) algorithms.
857Multiple algorithms must be comma-separated. 866Multiple algorithms must be comma-separated.
867Alternately if the specified value begins with a
868.Sq +
869character, then the specified methods will be appended to the default set
870instead of replacing them.
858The supported algorithms are: 871The supported algorithms are:
859.Pp 872.Pp
860.Bl -item -compact -offset indent 873.Bl -item -compact -offset indent
@@ -953,6 +966,11 @@ Specifies the available MAC (message authentication code) algorithms.
953The MAC algorithm is used in protocol version 2 966The MAC algorithm is used in protocol version 2
954for data integrity protection. 967for data integrity protection.
955Multiple algorithms must be comma-separated. 968Multiple algorithms must be comma-separated.
969If the specified value begins with a
970.Sq +
971character, then the specified algorithms will be appended to the default set
972instead of replacing them.
973.Pp
956The algorithms that contain 974The algorithms that contain
957.Dq -etm 975.Dq -etm
958calculate the MAC after encryption (encrypt-then-mac). 976calculate the MAC after encryption (encrypt-then-mac).
@@ -1313,6 +1331,10 @@ is identical to
1313.It Cm PubkeyAcceptedKeyTypes 1331.It Cm PubkeyAcceptedKeyTypes
1314Specifies the key types that will be accepted for public key authentication 1332Specifies the key types that will be accepted for public key authentication
1315as a comma-separated pattern list. 1333as a comma-separated pattern list.
1334Alternately if the specified value begins with a
1335.Sq +
1336character, then the specified key types will be appended to the default set
1337instead of replacing them.
1316The default for this option is: 1338The default for this option is:
1317.Bd -literal -offset 3n 1339.Bd -literal -offset 3n
1318ecdsa-sha2-nistp256-cert-v01@openssh.com, 1340ecdsa-sha2-nistp256-cert-v01@openssh.com,