1 files changed, 58 insertions, 4 deletions
diff --git a/sshd.c b/sshd.c
index 60b2aaf73..d92f03aaf 100644
--- a/sshd.c
+++ b/sshd.c
@@ -817,8 +817,8 @@ notify_hostkeys(struct ssh *ssh)
        }
        debug3("%s: sent %u hostkeys", __func__, nkeys);
        if (nkeys == 0)
-                fatal("%s: no hostkeys", __func__);
+                debug3("%s: no hostkeys", __func__);
-        if ((r = sshpkt_send(ssh)) != 0)
+        else if ((r = sshpkt_send(ssh)) != 0)
                sshpkt_fatal(ssh, r, "%s: send", __func__);
        sshbuf_free(buf);
 }
@@ -1852,7 +1852,8 @@ main(int ac, char **av)
                free(fp);
        }
        accumulate_host_timing_secret(cfg, NULL);
-        if (!sensitive_data.have_ssh2_key) {
+        /* The GSSAPI key exchange can run without a host key */
+        if (!sensitive_data.have_ssh2_key && !options.gss_keyex) {
                logit("sshd: no hostkeys available -- exiting.");
                exit(1);
        }
@@ -2347,6 +2348,48 @@ do_ssh2_kex(struct ssh *ssh)
        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
            list_hostkey_types());
+#if defined(GSSAPI) && defined(WITH_OPENSSL)
+        {
+        char *orig;
+        char *gss = NULL;
+        char *newstr = NULL;
+        orig = myproposal[PROPOSAL_KEX_ALGS];
+        /*
+         * If we don't have a host key, then there's no point advertising
+         * the other key exchange algorithms
+         */
+        if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
+                orig = NULL;
+        if (options.gss_keyex)
+                gss = ssh_gssapi_server_mechanisms();
+        else
+                gss = NULL;
+        if (gss && orig)
+                xasprintf(&newstr, "%s,%s", gss, orig);
+        else if (gss)
+                newstr = gss;
+        else if (orig)
+                newstr = orig;
+        /*
+         * If we've got GSSAPI mechanisms, then we've got the 'null' host
+         * key alg, but we can't tell people about it unless its the only
+         * host key algorithm we support
+         */
+        if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
+                myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
+        if (newstr)
+                myproposal[PROPOSAL_KEX_ALGS] = newstr;
+        else
+                fatal("No supported key exchange algorithms");
+        }
+#endif
        /* start key exchange */
        if ((r = kex_setup(ssh, myproposal)) != 0)
                fatal("kex_setup: %s", ssh_err(r));
@@ -2362,7 +2405,18 @@ do_ssh2_kex(struct ssh *ssh)
 # ifdef OPENSSL_HAS_ECC
        kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
 # endif
-#endif
+# ifdef GSSAPI
+        if (options.gss_keyex) {
+                kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
+                kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
+                kex->kex[KEX_GSS_GRP14_SHA256] = kexgss_server;
+                kex->kex[KEX_GSS_GRP16_SHA512] = kexgss_server;
+                kex->kex[KEX_GSS_GEX_SHA1] = kexgssgex_server;
+                kex->kex[KEX_GSS_NISTP256_SHA256] = kexgss_server;
+                kex->kex[KEX_GSS_C25519_SHA256] = kexgss_server;
+        }
+# endif
+#endif /* WITH_OPENSSL */
        kex->kex[KEX_C25519_SHA256] = kex_gen_server;
        kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server;
        kex->load_host_public_key=&get_hostkey_public_by_type;

diff --git a/sshd.c b/sshd.c index 60b2aaf73..d92f03aaf 100644 --- a/sshd.c +++ b/sshd.c
@@ -817,8 +817,8 @@ notify_hostkeys(struct ssh *ssh)
817	}	817	}
818	debug3("%s: sent %u hostkeys", __func__, nkeys);	818	debug3("%s: sent %u hostkeys", __func__, nkeys);
819	if (nkeys == 0)	819	if (nkeys == 0)
820	fatal("%s: no hostkeys", __func__);	820	debug3("%s: no hostkeys", __func__);
821	if ((r = sshpkt_send(ssh)) != 0)	821	else if ((r = sshpkt_send(ssh)) != 0)
822	sshpkt_fatal(ssh, r, "%s: send", __func__);	822	sshpkt_fatal(ssh, r, "%s: send", __func__);
823	sshbuf_free(buf);	823	sshbuf_free(buf);
824	}	824	}
@@ -1852,7 +1852,8 @@ main(int ac, char **av)
1852	free(fp);	1852	free(fp);
1853	}	1853	}
1854	accumulate_host_timing_secret(cfg, NULL);	1854	accumulate_host_timing_secret(cfg, NULL);
1855	if (!sensitive_data.have_ssh2_key) {	1855	/* The GSSAPI key exchange can run without a host key */
		1856	if (!sensitive_data.have_ssh2_key && !options.gss_keyex) {
1856	logit("sshd: no hostkeys available -- exiting.");	1857	logit("sshd: no hostkeys available -- exiting.");
1857	exit(1);	1858	exit(1);
1858	}	1859	}
@@ -2347,6 +2348,48 @@ do_ssh2_kex(struct ssh *ssh)
2347	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(	2348	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
2348	list_hostkey_types());	2349	list_hostkey_types());
2349		2350
		2351	#if defined(GSSAPI) && defined(WITH_OPENSSL)
		2352	{
		2353	char *orig;
		2354	char *gss = NULL;
		2355	char *newstr = NULL;
		2356	orig = myproposal[PROPOSAL_KEX_ALGS];
		2357
		2358	/*
		2359	* If we don't have a host key, then there's no point advertising
		2360	* the other key exchange algorithms
		2361	*/
		2362
		2363	if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
		2364	orig = NULL;
		2365
		2366	if (options.gss_keyex)
		2367	gss = ssh_gssapi_server_mechanisms();
		2368	else
		2369	gss = NULL;
		2370
		2371	if (gss && orig)
		2372	xasprintf(&newstr, "%s,%s", gss, orig);
		2373	else if (gss)
		2374	newstr = gss;
		2375	else if (orig)
		2376	newstr = orig;
		2377
		2378	/*
		2379	* If we've got GSSAPI mechanisms, then we've got the 'null' host
		2380	* key alg, but we can't tell people about it unless its the only
		2381	* host key algorithm we support
		2382	*/
		2383	if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
		2384	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
		2385
		2386	if (newstr)
		2387	myproposal[PROPOSAL_KEX_ALGS] = newstr;
		2388	else
		2389	fatal("No supported key exchange algorithms");
		2390	}
		2391	#endif
		2392
2350	/* start key exchange */	2393	/* start key exchange */
2351	if ((r = kex_setup(ssh, myproposal)) != 0)	2394	if ((r = kex_setup(ssh, myproposal)) != 0)
2352	fatal("kex_setup: %s", ssh_err(r));	2395	fatal("kex_setup: %s", ssh_err(r));
@@ -2362,7 +2405,18 @@ do_ssh2_kex(struct ssh *ssh)
2362	# ifdef OPENSSL_HAS_ECC	2405	# ifdef OPENSSL_HAS_ECC
2363	kex->kex[KEX_ECDH_SHA2] = kex_gen_server;	2406	kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
2364	# endif	2407	# endif
2365	#endif	2408	# ifdef GSSAPI
		2409	if (options.gss_keyex) {
		2410	kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
		2411	kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
		2412	kex->kex[KEX_GSS_GRP14_SHA256] = kexgss_server;
		2413	kex->kex[KEX_GSS_GRP16_SHA512] = kexgss_server;
		2414	kex->kex[KEX_GSS_GEX_SHA1] = kexgssgex_server;
		2415	kex->kex[KEX_GSS_NISTP256_SHA256] = kexgss_server;
		2416	kex->kex[KEX_GSS_C25519_SHA256] = kexgss_server;
		2417	}
		2418	# endif
		2419	#endif /* WITH_OPENSSL */
2366	kex->kex[KEX_C25519_SHA256] = kex_gen_server;	2420	kex->kex[KEX_C25519_SHA256] = kex_gen_server;
2367	kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server;	2421	kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server;
2368	kex->load_host_public_key=&get_hostkey_public_by_type;	2422	kex->load_host_public_key=&get_hostkey_public_by_type;