diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 123 |
1 files changed, 105 insertions, 18 deletions
diff --git a/servconf.c b/servconf.c index b7f329447..318546290 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.251 2014/07/15 15:54:14 millert Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.260 2015/02/02 01:57:44 deraadt Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -28,6 +28,7 @@ | |||
28 | #include <string.h> | 28 | #include <string.h> |
29 | #include <signal.h> | 29 | #include <signal.h> |
30 | #include <unistd.h> | 30 | #include <unistd.h> |
31 | #include <limits.h> | ||
31 | #include <stdarg.h> | 32 | #include <stdarg.h> |
32 | #include <errno.h> | 33 | #include <errno.h> |
33 | #ifdef HAVE_UTIL_H | 34 | #ifdef HAVE_UTIL_H |
@@ -54,6 +55,8 @@ | |||
54 | #include "packet.h" | 55 | #include "packet.h" |
55 | #include "hostfile.h" | 56 | #include "hostfile.h" |
56 | #include "auth.h" | 57 | #include "auth.h" |
58 | #include "myproposal.h" | ||
59 | #include "digest.h" | ||
57 | 60 | ||
58 | static void add_listen_addr(ServerOptions *, char *, int); | 61 | static void add_listen_addr(ServerOptions *, char *, int); |
59 | static void add_one_listen_addr(ServerOptions *, char *, int); | 62 | static void add_one_listen_addr(ServerOptions *, char *, int); |
@@ -102,8 +105,10 @@ initialize_server_options(ServerOptions *options) | |||
102 | options->rhosts_rsa_authentication = -1; | 105 | options->rhosts_rsa_authentication = -1; |
103 | options->hostbased_authentication = -1; | 106 | options->hostbased_authentication = -1; |
104 | options->hostbased_uses_name_from_packet_only = -1; | 107 | options->hostbased_uses_name_from_packet_only = -1; |
108 | options->hostbased_key_types = NULL; | ||
105 | options->rsa_authentication = -1; | 109 | options->rsa_authentication = -1; |
106 | options->pubkey_authentication = -1; | 110 | options->pubkey_authentication = -1; |
111 | options->pubkey_key_types = NULL; | ||
107 | options->kerberos_authentication = -1; | 112 | options->kerberos_authentication = -1; |
108 | options->kerberos_or_local_passwd = -1; | 113 | options->kerberos_or_local_passwd = -1; |
109 | options->kerberos_ticket_cleanup = -1; | 114 | options->kerberos_ticket_cleanup = -1; |
@@ -157,11 +162,21 @@ initialize_server_options(ServerOptions *options) | |||
157 | options->ip_qos_interactive = -1; | 162 | options->ip_qos_interactive = -1; |
158 | options->ip_qos_bulk = -1; | 163 | options->ip_qos_bulk = -1; |
159 | options->version_addendum = NULL; | 164 | options->version_addendum = NULL; |
165 | options->fingerprint_hash = -1; | ||
166 | } | ||
167 | |||
168 | /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ | ||
169 | static int | ||
170 | option_clear_or_none(const char *o) | ||
171 | { | ||
172 | return o == NULL || strcasecmp(o, "none") == 0; | ||
160 | } | 173 | } |
161 | 174 | ||
162 | void | 175 | void |
163 | fill_default_server_options(ServerOptions *options) | 176 | fill_default_server_options(ServerOptions *options) |
164 | { | 177 | { |
178 | int i; | ||
179 | |||
165 | /* Portable-specific options */ | 180 | /* Portable-specific options */ |
166 | if (options->use_pam == -1) | 181 | if (options->use_pam == -1) |
167 | options->use_pam = 0; | 182 | options->use_pam = 0; |
@@ -193,7 +208,7 @@ fill_default_server_options(ServerOptions *options) | |||
193 | if (options->listen_addrs == NULL) | 208 | if (options->listen_addrs == NULL) |
194 | add_listen_addr(options, NULL, 0); | 209 | add_listen_addr(options, NULL, 0); |
195 | if (options->pid_file == NULL) | 210 | if (options->pid_file == NULL) |
196 | options->pid_file = _PATH_SSH_DAEMON_PID_FILE; | 211 | options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); |
197 | if (options->server_key_bits == -1) | 212 | if (options->server_key_bits == -1) |
198 | options->server_key_bits = 1024; | 213 | options->server_key_bits = 1024; |
199 | if (options->login_grace_time == -1) | 214 | if (options->login_grace_time == -1) |
@@ -217,7 +232,7 @@ fill_default_server_options(ServerOptions *options) | |||
217 | if (options->x11_use_localhost == -1) | 232 | if (options->x11_use_localhost == -1) |
218 | options->x11_use_localhost = 1; | 233 | options->x11_use_localhost = 1; |
219 | if (options->xauth_location == NULL) | 234 | if (options->xauth_location == NULL) |
220 | options->xauth_location = _PATH_XAUTH; | 235 | options->xauth_location = xstrdup(_PATH_XAUTH); |
221 | if (options->permit_tty == -1) | 236 | if (options->permit_tty == -1) |
222 | options->permit_tty = 1; | 237 | options->permit_tty = 1; |
223 | if (options->permit_user_rc == -1) | 238 | if (options->permit_user_rc == -1) |
@@ -236,10 +251,14 @@ fill_default_server_options(ServerOptions *options) | |||
236 | options->hostbased_authentication = 0; | 251 | options->hostbased_authentication = 0; |
237 | if (options->hostbased_uses_name_from_packet_only == -1) | 252 | if (options->hostbased_uses_name_from_packet_only == -1) |
238 | options->hostbased_uses_name_from_packet_only = 0; | 253 | options->hostbased_uses_name_from_packet_only = 0; |
254 | if (options->hostbased_key_types == NULL) | ||
255 | options->hostbased_key_types = xstrdup("*"); | ||
239 | if (options->rsa_authentication == -1) | 256 | if (options->rsa_authentication == -1) |
240 | options->rsa_authentication = 1; | 257 | options->rsa_authentication = 1; |
241 | if (options->pubkey_authentication == -1) | 258 | if (options->pubkey_authentication == -1) |
242 | options->pubkey_authentication = 1; | 259 | options->pubkey_authentication = 1; |
260 | if (options->pubkey_key_types == NULL) | ||
261 | options->pubkey_key_types = xstrdup("*"); | ||
243 | if (options->kerberos_authentication == -1) | 262 | if (options->kerberos_authentication == -1) |
244 | options->kerberos_authentication = 0; | 263 | options->kerberos_authentication = 0; |
245 | if (options->kerberos_or_local_passwd == -1) | 264 | if (options->kerberos_or_local_passwd == -1) |
@@ -289,7 +308,7 @@ fill_default_server_options(ServerOptions *options) | |||
289 | if (options->max_sessions == -1) | 308 | if (options->max_sessions == -1) |
290 | options->max_sessions = DEFAULT_SESSIONS_MAX; | 309 | options->max_sessions = DEFAULT_SESSIONS_MAX; |
291 | if (options->use_dns == -1) | 310 | if (options->use_dns == -1) |
292 | options->use_dns = 1; | 311 | options->use_dns = 0; |
293 | if (options->client_alive_interval == -1) | 312 | if (options->client_alive_interval == -1) |
294 | options->client_alive_interval = 0; | 313 | options->client_alive_interval = 0; |
295 | if (options->client_alive_count_max == -1) | 314 | if (options->client_alive_count_max == -1) |
@@ -312,10 +331,30 @@ fill_default_server_options(ServerOptions *options) | |||
312 | options->fwd_opts.streamlocal_bind_mask = 0177; | 331 | options->fwd_opts.streamlocal_bind_mask = 0177; |
313 | if (options->fwd_opts.streamlocal_bind_unlink == -1) | 332 | if (options->fwd_opts.streamlocal_bind_unlink == -1) |
314 | options->fwd_opts.streamlocal_bind_unlink = 0; | 333 | options->fwd_opts.streamlocal_bind_unlink = 0; |
334 | if (options->fingerprint_hash == -1) | ||
335 | options->fingerprint_hash = SSH_FP_HASH_DEFAULT; | ||
315 | /* Turn privilege separation on by default */ | 336 | /* Turn privilege separation on by default */ |
316 | if (use_privsep == -1) | 337 | if (use_privsep == -1) |
317 | use_privsep = PRIVSEP_NOSANDBOX; | 338 | use_privsep = PRIVSEP_NOSANDBOX; |
318 | 339 | ||
340 | #define CLEAR_ON_NONE(v) \ | ||
341 | do { \ | ||
342 | if (option_clear_or_none(v)) { \ | ||
343 | free(v); \ | ||
344 | v = NULL; \ | ||
345 | } \ | ||
346 | } while(0) | ||
347 | CLEAR_ON_NONE(options->pid_file); | ||
348 | CLEAR_ON_NONE(options->xauth_location); | ||
349 | CLEAR_ON_NONE(options->banner); | ||
350 | CLEAR_ON_NONE(options->trusted_user_ca_keys); | ||
351 | CLEAR_ON_NONE(options->revoked_keys_file); | ||
352 | for (i = 0; i < options->num_host_key_files; i++) | ||
353 | CLEAR_ON_NONE(options->host_key_files[i]); | ||
354 | for (i = 0; i < options->num_host_cert_files; i++) | ||
355 | CLEAR_ON_NONE(options->host_cert_files[i]); | ||
356 | #undef CLEAR_ON_NONE | ||
357 | |||
319 | #ifndef HAVE_MMAP | 358 | #ifndef HAVE_MMAP |
320 | if (use_privsep && options->compression == 1) { | 359 | if (use_privsep && options->compression == 1) { |
321 | error("This platform does not support both privilege " | 360 | error("This platform does not support both privilege " |
@@ -333,8 +372,8 @@ typedef enum { | |||
333 | /* Portable-specific options */ | 372 | /* Portable-specific options */ |
334 | sUsePAM, | 373 | sUsePAM, |
335 | /* Standard Options */ | 374 | /* Standard Options */ |
336 | sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, | 375 | sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, |
337 | sPermitRootLogin, sLogFacility, sLogLevel, | 376 | sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, |
338 | sRhostsRSAAuthentication, sRSAAuthentication, | 377 | sRhostsRSAAuthentication, sRSAAuthentication, |
339 | sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, | 378 | sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, |
340 | sKerberosGetAFSToken, | 379 | sKerberosGetAFSToken, |
@@ -347,11 +386,11 @@ typedef enum { | |||
347 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, | 386 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
348 | sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 387 | sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
349 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, | 388 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
350 | sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, | 389 | sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, |
351 | sMaxStartups, sMaxAuthTries, sMaxSessions, | 390 | sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, |
352 | sBanner, sUseDNS, sHostbasedAuthentication, | 391 | sBanner, sUseDNS, sHostbasedAuthentication, |
353 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 392 | sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, |
354 | sClientAliveCountMax, sAuthorizedKeysFile, | 393 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, |
355 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, | 394 | sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, |
356 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 395 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
357 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 396 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
@@ -361,7 +400,7 @@ typedef enum { | |||
361 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, | 400 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, |
362 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, | 401 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, |
363 | sStreamLocalBindMask, sStreamLocalBindUnlink, | 402 | sStreamLocalBindMask, sStreamLocalBindUnlink, |
364 | sAllowStreamLocalForwarding, | 403 | sAllowStreamLocalForwarding, sFingerprintHash, |
365 | sDeprecated, sUnsupported | 404 | sDeprecated, sUnsupported |
366 | } ServerOpCodes; | 405 | } ServerOpCodes; |
367 | 406 | ||
@@ -398,8 +437,10 @@ static struct { | |||
398 | { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, | 437 | { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL }, |
399 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, | 438 | { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL }, |
400 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, | 439 | { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL }, |
440 | { "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL }, | ||
401 | { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, | 441 | { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL }, |
402 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, | 442 | { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL }, |
443 | { "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL }, | ||
403 | { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ | 444 | { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ |
404 | #ifdef KRB5 | 445 | #ifdef KRB5 |
405 | { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, | 446 | { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL }, |
@@ -492,6 +533,7 @@ static struct { | |||
492 | { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, | 533 | { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL }, |
493 | { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, | 534 | { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, |
494 | { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, | 535 | { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, |
536 | { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, | ||
495 | { NULL, sBadOption, 0 } | 537 | { NULL, sBadOption, 0 } |
496 | }; | 538 | }; |
497 | 539 | ||
@@ -530,8 +572,10 @@ parse_token(const char *cp, const char *filename, | |||
530 | char * | 572 | char * |
531 | derelativise_path(const char *path) | 573 | derelativise_path(const char *path) |
532 | { | 574 | { |
533 | char *expanded, *ret, cwd[MAXPATHLEN]; | 575 | char *expanded, *ret, cwd[PATH_MAX]; |
534 | 576 | ||
577 | if (strcasecmp(path, "none") == 0) | ||
578 | return xstrdup("none"); | ||
535 | expanded = tilde_expand_filename(path, getuid()); | 579 | expanded = tilde_expand_filename(path, getuid()); |
536 | if (*expanded == '/') | 580 | if (*expanded == '/') |
537 | return expanded; | 581 | return expanded; |
@@ -1076,6 +1120,20 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1076 | intptr = &options->hostbased_uses_name_from_packet_only; | 1120 | intptr = &options->hostbased_uses_name_from_packet_only; |
1077 | goto parse_flag; | 1121 | goto parse_flag; |
1078 | 1122 | ||
1123 | case sHostbasedAcceptedKeyTypes: | ||
1124 | charptr = &options->hostbased_key_types; | ||
1125 | parse_keytypes: | ||
1126 | arg = strdelim(&cp); | ||
1127 | if (!arg || *arg == '\0') | ||
1128 | fatal("%s line %d: Missing argument.", | ||
1129 | filename, linenum); | ||
1130 | if (!sshkey_names_valid2(arg, 1)) | ||
1131 | fatal("%s line %d: Bad key types '%s'.", | ||
1132 | filename, linenum, arg ? arg : "<NONE>"); | ||
1133 | if (*activep && *charptr == NULL) | ||
1134 | *charptr = xstrdup(arg); | ||
1135 | break; | ||
1136 | |||
1079 | case sRSAAuthentication: | 1137 | case sRSAAuthentication: |
1080 | intptr = &options->rsa_authentication; | 1138 | intptr = &options->rsa_authentication; |
1081 | goto parse_flag; | 1139 | goto parse_flag; |
@@ -1084,6 +1142,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1084 | intptr = &options->pubkey_authentication; | 1142 | intptr = &options->pubkey_authentication; |
1085 | goto parse_flag; | 1143 | goto parse_flag; |
1086 | 1144 | ||
1145 | case sPubkeyAcceptedKeyTypes: | ||
1146 | charptr = &options->pubkey_key_types; | ||
1147 | goto parse_keytypes; | ||
1148 | |||
1087 | case sKerberosAuthentication: | 1149 | case sKerberosAuthentication: |
1088 | intptr = &options->kerberos_authentication; | 1150 | intptr = &options->kerberos_authentication; |
1089 | goto parse_flag; | 1151 | goto parse_flag; |
@@ -1611,6 +1673,9 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1611 | return 0; | 1673 | return 0; |
1612 | 1674 | ||
1613 | case sAuthorizedKeysCommand: | 1675 | case sAuthorizedKeysCommand: |
1676 | if (cp == NULL) | ||
1677 | fatal("%.200s line %d: Missing argument.", filename, | ||
1678 | linenum); | ||
1614 | len = strspn(cp, WHITESPACE); | 1679 | len = strspn(cp, WHITESPACE); |
1615 | if (*activep && options->authorized_keys_command == NULL) { | 1680 | if (*activep && options->authorized_keys_command == NULL) { |
1616 | if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) | 1681 | if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0) |
@@ -1625,6 +1690,9 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1625 | charptr = &options->authorized_keys_command_user; | 1690 | charptr = &options->authorized_keys_command_user; |
1626 | 1691 | ||
1627 | arg = strdelim(&cp); | 1692 | arg = strdelim(&cp); |
1693 | if (!arg || *arg == '\0') | ||
1694 | fatal("%s line %d: missing AuthorizedKeysCommandUser " | ||
1695 | "argument.", filename, linenum); | ||
1628 | if (*activep && *charptr == NULL) | 1696 | if (*activep && *charptr == NULL) |
1629 | *charptr = xstrdup(arg); | 1697 | *charptr = xstrdup(arg); |
1630 | break; | 1698 | break; |
@@ -1663,6 +1731,18 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1663 | intptr = &options->fwd_opts.streamlocal_bind_unlink; | 1731 | intptr = &options->fwd_opts.streamlocal_bind_unlink; |
1664 | goto parse_flag; | 1732 | goto parse_flag; |
1665 | 1733 | ||
1734 | case sFingerprintHash: | ||
1735 | arg = strdelim(&cp); | ||
1736 | if (!arg || *arg == '\0') | ||
1737 | fatal("%.200s line %d: Missing argument.", | ||
1738 | filename, linenum); | ||
1739 | if ((value = ssh_digest_alg_by_name(arg)) == -1) | ||
1740 | fatal("%.200s line %d: Invalid hash algorithm \"%s\".", | ||
1741 | filename, linenum, arg); | ||
1742 | if (*activep) | ||
1743 | options->fingerprint_hash = value; | ||
1744 | break; | ||
1745 | |||
1666 | case sDeprecated: | 1746 | case sDeprecated: |
1667 | logit("%s line %d: Deprecated option %s", | 1747 | logit("%s line %d: Deprecated option %s", |
1668 | filename, linenum, arg); | 1748 | filename, linenum, arg); |
@@ -1905,6 +1985,8 @@ fmt_intarg(ServerOpCodes code, int val) | |||
1905 | return fmt_multistate_int(val, multistate_tcpfwd); | 1985 | return fmt_multistate_int(val, multistate_tcpfwd); |
1906 | case sAllowStreamLocalForwarding: | 1986 | case sAllowStreamLocalForwarding: |
1907 | return fmt_multistate_int(val, multistate_tcpfwd); | 1987 | return fmt_multistate_int(val, multistate_tcpfwd); |
1988 | case sFingerprintHash: | ||
1989 | return ssh_digest_alg_name(val); | ||
1908 | case sProtocol: | 1990 | case sProtocol: |
1909 | switch (val) { | 1991 | switch (val) { |
1910 | case SSH_PROTO_1: | 1992 | case SSH_PROTO_1: |
@@ -1956,7 +2038,8 @@ dump_cfg_string(ServerOpCodes code, const char *val) | |||
1956 | { | 2038 | { |
1957 | if (val == NULL) | 2039 | if (val == NULL) |
1958 | return; | 2040 | return; |
1959 | printf("%s %s\n", lookup_opcode_name(code), val); | 2041 | printf("%s %s\n", lookup_opcode_name(code), |
2042 | val == NULL ? "none" : val); | ||
1960 | } | 2043 | } |
1961 | 2044 | ||
1962 | static void | 2045 | static void |
@@ -2066,13 +2149,13 @@ dump_config(ServerOptions *o) | |||
2066 | dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); | 2149 | dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); |
2067 | dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); | 2150 | dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); |
2068 | dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); | 2151 | dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); |
2152 | dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); | ||
2069 | 2153 | ||
2070 | /* string arguments */ | 2154 | /* string arguments */ |
2071 | dump_cfg_string(sPidFile, o->pid_file); | 2155 | dump_cfg_string(sPidFile, o->pid_file); |
2072 | dump_cfg_string(sXAuthLocation, o->xauth_location); | 2156 | dump_cfg_string(sXAuthLocation, o->xauth_location); |
2073 | dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : | 2157 | dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT); |
2074 | cipher_alg_list(',', 0)); | 2158 | dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC); |
2075 | dump_cfg_string(sMacs, o->macs ? o->macs : mac_alg_list(',')); | ||
2076 | dump_cfg_string(sBanner, o->banner); | 2159 | dump_cfg_string(sBanner, o->banner); |
2077 | dump_cfg_string(sForceCommand, o->adm_forced_command); | 2160 | dump_cfg_string(sForceCommand, o->adm_forced_command); |
2078 | dump_cfg_string(sChrootDirectory, o->chroot_directory); | 2161 | dump_cfg_string(sChrootDirectory, o->chroot_directory); |
@@ -2084,8 +2167,12 @@ dump_config(ServerOptions *o) | |||
2084 | dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); | 2167 | dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); |
2085 | dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); | 2168 | dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); |
2086 | dump_cfg_string(sHostKeyAgent, o->host_key_agent); | 2169 | dump_cfg_string(sHostKeyAgent, o->host_key_agent); |
2087 | dump_cfg_string(sKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : | 2170 | dump_cfg_string(sKexAlgorithms, |
2088 | kex_alg_list(',')); | 2171 | o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX); |
2172 | dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? | ||
2173 | o->hostbased_key_types : KEX_DEFAULT_PK_ALG); | ||
2174 | dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ? | ||
2175 | o->pubkey_key_types : KEX_DEFAULT_PK_ALG); | ||
2089 | 2176 | ||
2090 | /* string arguments requiring a lookup */ | 2177 | /* string arguments requiring a lookup */ |
2091 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); | 2178 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); |