version 1.290, 2017/01/29 21:35:23 |
version 1.291, 2017/03/10 05:01:13 |
|
|
} |
} |
|
|
/* |
/* |
|
* Returns non-zero if the key is accepted by HostkeyAlgorithms. |
|
* Made slightly less trivial by the multiple RSA signature algorithm names. |
|
*/ |
|
static int |
|
key_accepted_by_hostkeyalgs(const struct sshkey *key) |
|
{ |
|
const char *ktype = sshkey_ssh_name(key); |
|
const char *hostkeyalgs = options.hostkeyalgorithms != NULL ? |
|
options.hostkeyalgorithms : KEX_DEFAULT_PK_ALG; |
|
|
|
if (key == NULL || key->type == KEY_UNSPEC) |
|
return 0; |
|
if (key->type == KEY_RSA && |
|
(match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 || |
|
match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1)) |
|
return 1; |
|
return match_pattern_list(ktype, hostkeyalgs, 0) == 1; |
|
} |
|
|
|
/* |
* Handle hostkeys-00@openssh.com global request to inform the client of all |
* Handle hostkeys-00@openssh.com global request to inform the client of all |
* the server's hostkeys. The keys are checked against the user's |
* the server's hostkeys. The keys are checked against the user's |
* HostkeyAlgorithms preference before they are accepted. |
* HostkeyAlgorithms preference before they are accepted. |
|
|
sshkey_type(key), fp); |
sshkey_type(key), fp); |
free(fp); |
free(fp); |
|
|
/* Check that the key is accepted in HostkeyAlgorithms */ |
if (!key_accepted_by_hostkeyalgs(key)) { |
if (match_pattern_list(sshkey_ssh_name(key), |
|
options.hostkeyalgorithms ? options.hostkeyalgorithms : |
|
KEX_DEFAULT_PK_ALG, 0) != 1) { |
|
debug3("%s: %s key not permitted by HostkeyAlgorithms", |
debug3("%s: %s key not permitted by HostkeyAlgorithms", |
__func__, sshkey_ssh_name(key)); |
__func__, sshkey_ssh_name(key)); |
continue; |
continue; |