diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-05-15 11:48:49 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-06-12 10:17:54 +0200 |
commit | f4363f56551509e1c43a20115448af269525285f (patch) | |
tree | 564dfc6e40351d2e8083bdba6df82d28ba8664a6 /src/server.c | |
parent | bc95a517101cc2a124e35040e042ed5349696e2a (diff) | |
download | libssh-f4363f56551509e1c43a20115448af269525285f.tar.gz libssh-f4363f56551509e1c43a20115448af269525285f.tar.xz libssh-f4363f56551509e1c43a20115448af269525285f.zip |
options: Add option to set server accepted pubkey types
The added option SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES allows
restricting the allowed public key types accepted by the server for
authentication.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'src/server.c')
-rw-r--r-- | src/server.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/src/server.c b/src/server.c index b2c81b60..2937d0f5 100644 --- a/src/server.c +++ b/src/server.c @@ -180,11 +180,14 @@ static int ssh_server_send_extensions(ssh_session session) { const char *hostkey_algorithms; SSH_LOG(SSH_LOG_PACKET, "Sending SSH_MSG_EXT_INFO"); - /* - * We can list here all the default hostkey methods, since - * they already contain the SHA2 extension algorithms - */ - hostkey_algorithms = ssh_kex_get_default_methods(SSH_HOSTKEYS); + + if (session->opts.pubkey_accepted_types) { + hostkey_algorithms = session->opts.pubkey_accepted_types; + } else { + /* There are no restrictions to the accepted public keys */ + hostkey_algorithms = ssh_kex_get_default_methods(SSH_HOSTKEYS); + } + rc = ssh_buffer_pack(session->out_buffer, "bdss", SSH2_MSG_EXT_INFO, |