version 1.367, 2024/04/23 13:34:50 |
version 1.368, 2024/04/30 02:10:49 |
|
|
#include "sshconnect.h" |
#include "sshconnect.h" |
#include "hostfile.h" |
#include "hostfile.h" |
#include "log.h" |
#include "log.h" |
|
#include "match.h" |
#include "misc.h" |
#include "misc.h" |
#include "readconf.h" |
#include "readconf.h" |
#include "atomicio.h" |
#include "atomicio.h" |
|
|
return ret; |
return ret; |
} |
} |
|
|
|
/* |
|
* Returns non-zero if the key is accepted by HostkeyAlgorithms. |
|
* Made slightly less trivial by the multiple RSA signature algorithm names. |
|
*/ |
|
int |
|
hostkey_accepted_by_hostkeyalgs(const struct sshkey *key) |
|
{ |
|
const char *ktype = sshkey_ssh_name(key); |
|
const char *hostkeyalgs = options.hostkeyalgorithms; |
|
|
|
if (key->type == KEY_UNSPEC) |
|
return 0; |
|
if (key->type == KEY_RSA && |
|
(match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 || |
|
match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1)) |
|
return 1; |
|
if (key->type == KEY_RSA_CERT && |
|
(match_pattern_list("rsa-sha2-512-cert-v01@openssh.com", hostkeyalgs, 0) == 1 || |
|
match_pattern_list("rsa-sha2-256-cert-v01@openssh.com", hostkeyalgs, 0) == 1)) |
|
return 1; |
|
return match_pattern_list(ktype, hostkeyalgs, 0) == 1; |
|
} |
|
|
static int |
static int |
hostkeys_find_by_key_cb(struct hostkey_foreach_line *l, void *_ctx) |
hostkeys_find_by_key_cb(struct hostkey_foreach_line *l, void *_ctx) |
{ |
{ |
|
|
} |
} |
|
|
retry: |
retry: |
|
if (!hostkey_accepted_by_hostkeyalgs(host_key)) { |
|
error("host key %s not permitted by HostkeyAlgorithms", |
|
sshkey_ssh_name(host_key)); |
|
goto fail; |
|
} |
|
|
/* Reload these as they may have changed on cert->key downgrade */ |
/* Reload these as they may have changed on cert->key downgrade */ |
want_cert = sshkey_is_cert(host_key); |
want_cert = sshkey_is_cert(host_key); |
type = sshkey_type(host_key); |
type = sshkey_type(host_key); |