diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/servconf.c b/servconf.c index 80465ecc1..018f251ca 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.275 2015/07/01 02:39:06 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.276 2015/07/10 06:21:53 markus Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -108,6 +108,7 @@ initialize_server_options(ServerOptions *options) | |||
108 | options->hostbased_authentication = -1; | 108 | options->hostbased_authentication = -1; |
109 | options->hostbased_uses_name_from_packet_only = -1; | 109 | options->hostbased_uses_name_from_packet_only = -1; |
110 | options->hostbased_key_types = NULL; | 110 | options->hostbased_key_types = NULL; |
111 | options->hostkeyalgorithms = NULL; | ||
111 | options->rsa_authentication = -1; | 112 | options->rsa_authentication = -1; |
112 | options->pubkey_authentication = -1; | 113 | options->pubkey_authentication = -1; |
113 | options->pubkey_key_types = NULL; | 114 | options->pubkey_key_types = NULL; |
@@ -259,13 +260,15 @@ fill_default_server_options(ServerOptions *options) | |||
259 | if (options->hostbased_uses_name_from_packet_only == -1) | 260 | if (options->hostbased_uses_name_from_packet_only == -1) |
260 | options->hostbased_uses_name_from_packet_only = 0; | 261 | options->hostbased_uses_name_from_packet_only = 0; |
261 | if (options->hostbased_key_types == NULL) | 262 | if (options->hostbased_key_types == NULL) |
262 | options->hostbased_key_types = xstrdup("*"); | 263 | options->hostbased_key_types = xstrdup(KEX_DEFAULT_PK_ALG); |
264 | if (options->hostkeyalgorithms == NULL) | ||
265 | options->hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG); | ||
263 | if (options->rsa_authentication == -1) | 266 | if (options->rsa_authentication == -1) |
264 | options->rsa_authentication = 1; | 267 | options->rsa_authentication = 1; |
265 | if (options->pubkey_authentication == -1) | 268 | if (options->pubkey_authentication == -1) |
266 | options->pubkey_authentication = 1; | 269 | options->pubkey_authentication = 1; |
267 | if (options->pubkey_key_types == NULL) | 270 | if (options->pubkey_key_types == NULL) |
268 | options->pubkey_key_types = xstrdup("*"); | 271 | options->pubkey_key_types = xstrdup(KEX_DEFAULT_PK_ALG); |
269 | if (options->kerberos_authentication == -1) | 272 | if (options->kerberos_authentication == -1) |
270 | options->kerberos_authentication = 0; | 273 | options->kerberos_authentication = 0; |
271 | if (options->kerberos_or_local_passwd == -1) | 274 | if (options->kerberos_or_local_passwd == -1) |
@@ -400,6 +403,7 @@ typedef enum { | |||
400 | sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, | 403 | sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, |
401 | sBanner, sUseDNS, sHostbasedAuthentication, | 404 | sBanner, sUseDNS, sHostbasedAuthentication, |
402 | sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, | 405 | sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, |
406 | sHostKeyAlgorithms, | ||
403 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, | 407 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, |
404 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, | 408 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
405 | sAcceptEnv, sPermitTunnel, | 409 | sAcceptEnv, sPermitTunnel, |
@@ -450,6 +454,7 @@ static struct { | |||
450 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, | 454 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, |
451 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, | 455 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, |
452 | { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, | 456 | { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, |
457 | { "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL }, | ||
453 | { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, | 458 | { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, |
454 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, | 459 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, |
455 | { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, | 460 | { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, |
@@ -1183,6 +1188,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1183 | *charptr = xstrdup(arg); | 1188 | *charptr = xstrdup(arg); |
1184 | break; | 1189 | break; |
1185 | 1190 | ||
1191 | case sHostKeyAlgorithms: | ||
1192 | charptr = &options->hostkeyalgorithms; | ||
1193 | goto parse_keytypes; | ||
1194 | |||
1186 | case sRSAAuthentication: | 1195 | case sRSAAuthentication: |
1187 | intptr = &options->rsa_authentication; | 1196 | intptr = &options->rsa_authentication; |
1188 | goto parse_flag; | 1197 | goto parse_flag; |
@@ -2280,6 +2289,8 @@ dump_config(ServerOptions *o) | |||
2280 | o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); | 2289 | o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); |
2281 | dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? | 2290 | dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? |
2282 | o->hostbased_key_types : KEX_DEFAULT_PK_ALG); | 2291 | o->hostbased_key_types : KEX_DEFAULT_PK_ALG); |
2292 | dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ? | ||
2293 | o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG); | ||
2283 | dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ? | 2294 | dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ? |
2284 | o->pubkey_key_types : KEX_DEFAULT_PK_ALG); | 2295 | o->pubkey_key_types : KEX_DEFAULT_PK_ALG); |
2285 | 2296 | ||