diff options
author | Damien Miller <djm@mindrot.org> | 2010-09-24 22:11:14 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-09-24 22:11:14 +1000 |
commit | d5f62bf280b0798d7009d4424594a648a4e887fb (patch) | |
tree | 5f18078ea61f6c5503dc4addfb2f17d13844692c /servconf.c | |
parent | 603134e077e667b4819effb0e121803842df621f (diff) | |
download | openssh-git-d5f62bf280b0798d7009d4424594a648a4e887fb.tar.gz |
- djm@cvs.openbsd.org 2010/09/22 05:01:30
[kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
[servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
add a KexAlgorithms knob to the client and server configuration to allow
selection of which key exchange methods are used by ssh(1) and sshd(8)
and their order of preference.
ok markus@
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 17 |
1 files changed, 16 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.210 2010/09/01 15:21:35 naddy Exp $ */ +/* $OpenBSD: servconf.c,v 1.211 2010/09/22 05:01:29 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -109,6 +109,7 @@ initialize_server_options(ServerOptions *options) options->num_deny_groups = 0; options->ciphers = NULL; options->macs = NULL; + options->kex_algorithms = NULL; options->protocol = SSH_PROTO_UNKNOWN; options->gateway_ports = -1; options->num_subsystems = 0; @@ -314,6 +315,7 @@ typedef enum { sUsePrivilegeSeparation, sAllowAgentForwarding, sZeroKnowledgePasswordAuthentication, sHostCertificate, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, + sKexAlgorithms, sDeprecated, sUnsupported } ServerOpCodes; @@ -436,6 +438,7 @@ static struct { { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, + { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, { NULL, sBadOption, 0 } }; @@ -1131,6 +1134,18 @@ process_server_config_line(ServerOptions *options, char *line, options->macs = xstrdup(arg); break; + case sKexAlgorithms: + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: Missing argument.", + filename, linenum); + if (!kex_names_valid(arg)) + fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", + filename, linenum, arg ? arg : "<NONE>"); + if (options->kex_algorithms == NULL) + options->kex_algorithms = xstrdup(arg); + break; + case sProtocol: intptr = &options->protocol; arg = strdelim(&cp); |