1 files changed, 58 insertions, 4 deletions
diff --git a/sshd.c b/sshd.c
index 8aa7f3df6..8c5d5822e 100644
--- a/sshd.c
+++ b/sshd.c
@@ -816,8 +816,8 @@ notify_hostkeys(struct ssh *ssh)
        }
        debug3("%s: sent %u hostkeys", __func__, nkeys);
        if (nkeys == 0)
-                fatal("%s: no hostkeys", __func__);
+                debug3("%s: no hostkeys", __func__);
-        if ((r = sshpkt_send(ssh)) != 0)
+        else if ((r = sshpkt_send(ssh)) != 0)
                sshpkt_fatal(ssh, r, "%s: send", __func__);
        sshbuf_free(buf);
 }
@@ -1901,7 +1901,8 @@ main(int ac, char **av)
                free(fp);
        }
        accumulate_host_timing_secret(cfg, NULL);
-        if (!sensitive_data.have_ssh2_key) {
+        /* The GSSAPI key exchange can run without a host key */
+        if (!sensitive_data.have_ssh2_key && !options.gss_keyex) {
                logit("sshd: no hostkeys available -- exiting.");
                exit(1);
        }
@@ -2393,6 +2394,48 @@ do_ssh2_kex(struct ssh *ssh)
        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
            list_hostkey_types());
+#if defined(GSSAPI) && defined(WITH_OPENSSL)
+        {
+        char *orig;
+        char *gss = NULL;
+        char *newstr = NULL;
+        orig = myproposal[PROPOSAL_KEX_ALGS];
+        /*
+         * If we don't have a host key, then there's no point advertising
+         * the other key exchange algorithms
+         */
+        if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
+                orig = NULL;
+        if (options.gss_keyex)
+                gss = ssh_gssapi_server_mechanisms();
+        else
+                gss = NULL;
+        if (gss && orig)
+                xasprintf(&newstr, "%s,%s", gss, orig);
+        else if (gss)
+                newstr = gss;
+        else if (orig)
+                newstr = orig;
+        /*
+         * If we've got GSSAPI mechanisms, then we've got the 'null' host
+         * key alg, but we can't tell people about it unless its the only
+         * host key algorithm we support
+         */
+        if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
+                myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
+        if (newstr)
+                myproposal[PROPOSAL_KEX_ALGS] = newstr;
+        else
+                fatal("No supported key exchange algorithms");
+        }
+#endif
        /* start key exchange */
        if ((r = kex_setup(ssh, myproposal)) != 0)
                fatal("kex_setup: %s", ssh_err(r));
@@ -2408,7 +2451,18 @@ do_ssh2_kex(struct ssh *ssh)
 # ifdef OPENSSL_HAS_ECC
        kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
 # endif
-#endif
+# ifdef GSSAPI
+        if (options.gss_keyex) {
+                kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
+                kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
+                kex->kex[KEX_GSS_GRP14_SHA256] = kexgss_server;
+                kex->kex[KEX_GSS_GRP16_SHA512] = kexgss_server;
+                kex->kex[KEX_GSS_GEX_SHA1] = kexgssgex_server;
+                kex->kex[KEX_GSS_NISTP256_SHA256] = kexgss_server;
+                kex->kex[KEX_GSS_C25519_SHA256] = kexgss_server;
+        }
+# endif
+#endif /* WITH_OPENSSL */
        kex->kex[KEX_C25519_SHA256] = kex_gen_server;
        kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server;
        kex->load_host_public_key=&get_hostkey_public_by_type;

diff --git a/sshd.c b/sshd.c index 8aa7f3df6..8c5d5822e 100644 --- a/sshd.c +++ b/sshd.c
@@ -816,8 +816,8 @@ notify_hostkeys(struct ssh *ssh)
816	}	816	}
817	debug3("%s: sent %u hostkeys", __func__, nkeys);	817	debug3("%s: sent %u hostkeys", __func__, nkeys);
818	if (nkeys == 0)	818	if (nkeys == 0)
819	fatal("%s: no hostkeys", __func__);	819	debug3("%s: no hostkeys", __func__);
820	if ((r = sshpkt_send(ssh)) != 0)	820	else if ((r = sshpkt_send(ssh)) != 0)
821	sshpkt_fatal(ssh, r, "%s: send", __func__);	821	sshpkt_fatal(ssh, r, "%s: send", __func__);
822	sshbuf_free(buf);	822	sshbuf_free(buf);
823	}	823	}
@@ -1901,7 +1901,8 @@ main(int ac, char **av)
1901	free(fp);	1901	free(fp);
1902	}	1902	}
1903	accumulate_host_timing_secret(cfg, NULL);	1903	accumulate_host_timing_secret(cfg, NULL);
1904	if (!sensitive_data.have_ssh2_key) {	1904	/* The GSSAPI key exchange can run without a host key */
		1905	if (!sensitive_data.have_ssh2_key && !options.gss_keyex) {
1905	logit("sshd: no hostkeys available -- exiting.");	1906	logit("sshd: no hostkeys available -- exiting.");
1906	exit(1);	1907	exit(1);
1907	}	1908	}
@@ -2393,6 +2394,48 @@ do_ssh2_kex(struct ssh *ssh)
2393	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(	2394	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
2394	list_hostkey_types());	2395	list_hostkey_types());
2395		2396
		2397	#if defined(GSSAPI) && defined(WITH_OPENSSL)
		2398	{
		2399	char *orig;
		2400	char *gss = NULL;
		2401	char *newstr = NULL;
		2402	orig = myproposal[PROPOSAL_KEX_ALGS];
		2403
		2404	/*
		2405	* If we don't have a host key, then there's no point advertising
		2406	* the other key exchange algorithms
		2407	*/
		2408
		2409	if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
		2410	orig = NULL;
		2411
		2412	if (options.gss_keyex)
		2413	gss = ssh_gssapi_server_mechanisms();
		2414	else
		2415	gss = NULL;
		2416
		2417	if (gss && orig)
		2418	xasprintf(&newstr, "%s,%s", gss, orig);
		2419	else if (gss)
		2420	newstr = gss;
		2421	else if (orig)
		2422	newstr = orig;
		2423
		2424	/*
		2425	* If we've got GSSAPI mechanisms, then we've got the 'null' host
		2426	* key alg, but we can't tell people about it unless its the only
		2427	* host key algorithm we support
		2428	*/
		2429	if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
		2430	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
		2431
		2432	if (newstr)
		2433	myproposal[PROPOSAL_KEX_ALGS] = newstr;
		2434	else
		2435	fatal("No supported key exchange algorithms");
		2436	}
		2437	#endif
		2438
2396	/* start key exchange */	2439	/* start key exchange */
2397	if ((r = kex_setup(ssh, myproposal)) != 0)	2440	if ((r = kex_setup(ssh, myproposal)) != 0)
2398	fatal("kex_setup: %s", ssh_err(r));	2441	fatal("kex_setup: %s", ssh_err(r));
@@ -2408,7 +2451,18 @@ do_ssh2_kex(struct ssh *ssh)
2408	# ifdef OPENSSL_HAS_ECC	2451	# ifdef OPENSSL_HAS_ECC
2409	kex->kex[KEX_ECDH_SHA2] = kex_gen_server;	2452	kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
2410	# endif	2453	# endif
2411	#endif	2454	# ifdef GSSAPI
		2455	if (options.gss_keyex) {
		2456	kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
		2457	kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
		2458	kex->kex[KEX_GSS_GRP14_SHA256] = kexgss_server;
		2459	kex->kex[KEX_GSS_GRP16_SHA512] = kexgss_server;
		2460	kex->kex[KEX_GSS_GEX_SHA1] = kexgssgex_server;
		2461	kex->kex[KEX_GSS_NISTP256_SHA256] = kexgss_server;
		2462	kex->kex[KEX_GSS_C25519_SHA256] = kexgss_server;
		2463	}
		2464	# endif
		2465	#endif /* WITH_OPENSSL */
2412	kex->kex[KEX_C25519_SHA256] = kex_gen_server;	2466	kex->kex[KEX_C25519_SHA256] = kex_gen_server;
2413	kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server;	2467	kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server;
2414	kex->load_host_public_key=&get_hostkey_public_by_type;	2468	kex->load_host_public_key=&get_hostkey_public_by_type;