version 1.224, 2015/05/04 06:10:48 |
version 1.225, 2015/07/10 06:21:53 |
|
|
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = |
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = |
compat_pkalg_proposal(options.hostkeyalgorithms); |
compat_pkalg_proposal(options.hostkeyalgorithms); |
else { |
else { |
|
/* Enforce default */ |
|
options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG); |
/* Prefer algorithms that we already have keys for */ |
/* Prefer algorithms that we already have keys for */ |
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = |
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = |
compat_pkalg_proposal( |
compat_pkalg_proposal( |
|
|
} |
} |
} |
} |
|
|
|
static int |
|
try_identity(Identity *id) |
|
{ |
|
if (!id->key) |
|
return (0); |
|
if (match_pattern_list(sshkey_ssh_name(id->key), |
|
options.pubkey_key_types, 0) != 1) { |
|
debug("Skipping %s key %s for not in PubkeyAcceptedKeyTypes", |
|
sshkey_ssh_name(id->key), id->filename); |
|
return (0); |
|
} |
|
if (key_type_plain(id->key->type) == KEY_RSA && |
|
(datafellows & SSH_BUG_RSASIGMD5) != 0) { |
|
debug("Skipped %s key %s for RSA/MD5 server", |
|
key_type(id->key), id->filename); |
|
return (0); |
|
} |
|
return (id->key->type != KEY_RSA1); |
|
} |
|
|
int |
int |
userauth_pubkey(Authctxt *authctxt) |
userauth_pubkey(Authctxt *authctxt) |
{ |
{ |
|
|
* private key instead |
* private key instead |
*/ |
*/ |
if (id->key != NULL) { |
if (id->key != NULL) { |
if (key_type_plain(id->key->type) == KEY_RSA && |
if (try_identity(id)) { |
(datafellows & SSH_BUG_RSASIGMD5) != 0) { |
|
debug("Skipped %s key %s for RSA/MD5 server", |
|
key_type(id->key), id->filename); |
|
} else if (id->key->type != KEY_RSA1) { |
|
debug("Offering %s public key: %s", |
debug("Offering %s public key: %s", |
key_type(id->key), id->filename); |
key_type(id->key), id->filename); |
sent = send_pubkey_test(authctxt, id); |
sent = send_pubkey_test(authctxt, id); |
|
|
id->key = load_identity_file(id->filename, |
id->key = load_identity_file(id->filename, |
id->userprovided); |
id->userprovided); |
if (id->key != NULL) { |
if (id->key != NULL) { |
id->isprivate = 1; |
if (try_identity(id)) { |
if (key_type_plain(id->key->type) == KEY_RSA && |
id->isprivate = 1; |
(datafellows & SSH_BUG_RSASIGMD5) != 0) { |
|
debug("Skipped %s key %s for RSA/MD5 " |
|
"server", key_type(id->key), |
|
id->filename); |
|
} else { |
|
sent = sign_and_send_pubkey( |
sent = sign_and_send_pubkey( |
authctxt, id); |
authctxt, id); |
} |
} |