src/usr.bin/ssh/sshconnect.c - diff

Return to sshconnect.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/sshconnect.c between version 1.367 and 1.368

version 1.367, 2024/04/23 13:34:50

version 1.368, 2024/04/30 02:10:49

Line 45

#include "sshconnect.h"

#include "hostfile.h"

#include "log.h"

#include "match.h"

#include "misc.h"

#include "readconf.h"

#include "atomicio.h"

Line 679

Line 680

return ret;

}

* Returns non-zero if the key is accepted by HostkeyAlgorithms.

* Made slightly less trivial by the multiple RSA signature algorithm names.

int

hostkey_accepted_by_hostkeyalgs(const struct sshkey *key)

{

const char *ktype = sshkey_ssh_name(key);

const char *hostkeyalgs = options.hostkeyalgorithms;

if (key->type == KEY_UNSPEC)

return 0;

if (key->type == KEY_RSA &&

(match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 ||

match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1))

return 1;

if (key->type == KEY_RSA_CERT &&

(match_pattern_list("rsa-sha2-512-cert-v01@openssh.com", hostkeyalgs, 0) == 1 ||

match_pattern_list("rsa-sha2-256-cert-v01@openssh.com", hostkeyalgs, 0) == 1))

return 1;

return match_pattern_list(ktype, hostkeyalgs, 0) == 1;

}

static int

hostkeys_find_by_key_cb(struct hostkey_foreach_line *l, void *_ctx)

{

Line 979

Line 1003

}

retry:

if (!hostkey_accepted_by_hostkeyalgs(host_key)) {

error("host key %s not permitted by HostkeyAlgorithms",

sshkey_ssh_name(host_key));

goto fail;

}

/* Reload these as they may have changed on cert->key downgrade */

want_cert = sshkey_is_cert(host_key);

type = sshkey_type(host_key);