aboutsummaryrefslogtreecommitdiff
path: root/src/server.c
diff options
context:
space:
mode:
authorAnderson Toshiyuki Sasaki <ansasaki@redhat.com>2019-05-15 11:48:49 +0200
committerAndreas Schneider <asn@cryptomilk.org>2019-06-12 10:17:54 +0200
commitf4363f56551509e1c43a20115448af269525285f (patch)
tree564dfc6e40351d2e8083bdba6df82d28ba8664a6 /src/server.c
parentbc95a517101cc2a124e35040e042ed5349696e2a (diff)
downloadlibssh-f4363f56551509e1c43a20115448af269525285f.tar.gz
libssh-f4363f56551509e1c43a20115448af269525285f.tar.xz
libssh-f4363f56551509e1c43a20115448af269525285f.zip
options: Add option to set server accepted pubkey types
The added option SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES allows restricting the allowed public key types accepted by the server for authentication. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'src/server.c')
-rw-r--r--src/server.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/src/server.c b/src/server.c
index b2c81b60..2937d0f5 100644
--- a/src/server.c
+++ b/src/server.c
@@ -180,11 +180,14 @@ static int ssh_server_send_extensions(ssh_session session) {
const char *hostkey_algorithms;
SSH_LOG(SSH_LOG_PACKET, "Sending SSH_MSG_EXT_INFO");
- /*
- * We can list here all the default hostkey methods, since
- * they already contain the SHA2 extension algorithms
- */
- hostkey_algorithms = ssh_kex_get_default_methods(SSH_HOSTKEYS);
+
+ if (session->opts.pubkey_accepted_types) {
+ hostkey_algorithms = session->opts.pubkey_accepted_types;
+ } else {
+ /* There are no restrictions to the accepted public keys */
+ hostkey_algorithms = ssh_kex_get_default_methods(SSH_HOSTKEYS);
+ }
+
rc = ssh_buffer_pack(session->out_buffer,
"bdss",
SSH2_MSG_EXT_INFO,