summaryrefslogtreecommitdiff
path: root/servconf.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2010-09-24 22:11:14 +1000
committerDamien Miller <djm@mindrot.org>2010-09-24 22:11:14 +1000
commitd5f62bf280b0798d7009d4424594a648a4e887fb (patch)
tree5f18078ea61f6c5503dc4addfb2f17d13844692c /servconf.c
parent603134e077e667b4819effb0e121803842df621f (diff)
downloadopenssh-git-d5f62bf280b0798d7009d4424594a648a4e887fb.tar.gz
- djm@cvs.openbsd.org 2010/09/22 05:01:30
[kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h] [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5] add a KexAlgorithms knob to the client and server configuration to allow selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference. ok markus@
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c
index def6b716..d26a7db0 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.210 2010/09/01 15:21:35 naddy Exp $ */
+/* $OpenBSD: servconf.c,v 1.211 2010/09/22 05:01:29 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -109,6 +109,7 @@ initialize_server_options(ServerOptions *options)
options->num_deny_groups = 0;
options->ciphers = NULL;
options->macs = NULL;
+ options->kex_algorithms = NULL;
options->protocol = SSH_PROTO_UNKNOWN;
options->gateway_ports = -1;
options->num_subsystems = 0;
@@ -314,6 +315,7 @@ typedef enum {
sUsePrivilegeSeparation, sAllowAgentForwarding,
sZeroKnowledgePasswordAuthentication, sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
+ sKexAlgorithms,
sDeprecated, sUnsupported
} ServerOpCodes;
@@ -436,6 +438,7 @@ static struct {
{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
+ { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
{ NULL, sBadOption, 0 }
};
@@ -1131,6 +1134,18 @@ process_server_config_line(ServerOptions *options, char *line,
options->macs = xstrdup(arg);
break;
+ case sKexAlgorithms:
+ arg = strdelim(&cp);
+ if (!arg || *arg == '\0')
+ fatal("%s line %d: Missing argument.",
+ filename, linenum);
+ if (!kex_names_valid(arg))
+ fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
+ filename, linenum, arg ? arg : "<NONE>");
+ if (options->kex_algorithms == NULL)
+ options->kex_algorithms = xstrdup(arg);
+ break;
+
case sProtocol:
intptr = &options->protocol;
arg = strdelim(&cp);