diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-09-20 03:28:06 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-09-20 14:00:29 +1000 |
| commit | 86e5737c39153af134158f24d0cab5827cbd5852 (patch) | |
| tree | 1add30c99e83b544792233280451f70f03053586 /servconf.h | |
| parent | f80e68ea7d62e2dfafc12f1a60ab544ae4033a0f (diff) | |
| download | openssh-git-86e5737c39153af134158f24d0cab5827cbd5852.tar.gz | |
upstream: Add sshd_config CASignatureAlgorithms option to allow
control over which signature algorithms a CA may use when signing
certificates. In particular, this allows a sshd to ban certificates signed
with RSA/SHA1.
ok markus@
OpenBSD-Commit-ID: b05c86ef8b52b913ed48d54a9b9c1a7714d96bac
Diffstat (limited to 'servconf.h')
| -rw-r--r-- | servconf.h | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.136 2018/07/09 21:26:02 markus Exp $ */ +/* $OpenBSD: servconf.h,v 1.137 2018/09/20 03:28:06 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -110,6 +110,7 @@ typedef struct { int hostbased_uses_name_from_packet_only; /* experimental */ char *hostbased_key_types; /* Key types allowed for hostbased */ char *hostkeyalgorithms; /* SSH2 server key types */ + char *ca_sign_algorithms; /* Allowed CA signature algorithms */ int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ char *pubkey_key_types; /* Key types allowed for public key */ int kerberos_authentication; /* If true, permit Kerberos @@ -242,6 +243,7 @@ struct connection_info { M_CP_STROPT(authorized_principals_command_user); \ M_CP_STROPT(hostbased_key_types); \ M_CP_STROPT(pubkey_key_types); \ + M_CP_STROPT(ca_sign_algorithms); \ M_CP_STROPT(routing_domain); \ M_CP_STROPT(permit_user_env_whitelist); \ M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ |