aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/libssh/libssh.h1
-rw-r--r--include/libssh/session.h1
-rw-r--r--src/options.c31
-rw-r--r--src/session.c1
4 files changed, 34 insertions, 0 deletions
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
index 01e0a138..1f5cdf87 100644
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -404,6 +404,7 @@ enum ssh_options_e {
SSH_OPTIONS_GSSAPI_AUTH,
SSH_OPTIONS_GLOBAL_KNOWNHOSTS,
SSH_OPTIONS_NODELAY,
+ SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
};
enum {
diff --git a/include/libssh/session.h b/include/libssh/session.h
index 00717652..107d4aec 100644
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@@ -204,6 +204,7 @@ struct ssh_session_struct {
char *knownhosts;
char *global_knownhosts;
char *wanted_methods[10];
+ char *pubkey_accepted_types;
char *ProxyCommand;
char *custombanner;
unsigned long timeout; /* seconds */
diff --git a/src/options.c b/src/options.c
index 0e428e65..2376b3a6 100644
--- a/src/options.c
+++ b/src/options.c
@@ -147,6 +147,14 @@ int ssh_options_copy(ssh_session src, ssh_session *dest) {
return -1;
}
}
+
+ if (src->opts.pubkey_accepted_types != NULL) {
+ new->opts.pubkey_accepted_types = strdup(src->opts.pubkey_accepted_types);
+ if (new->opts.pubkey_accepted_types == NULL) {
+ ssh_free(new);
+ return -1;
+ }
+ }
new->opts.fd = src->opts.fd;
new->opts.port = src->opts.port;
new->opts.timeout = src->opts.timeout;
@@ -343,6 +351,11 @@ int ssh_options_set_algo(ssh_session session,
* comma-separated list). ex:
* "ssh-rsa,ssh-dss,ecdh-sha2-nistp256"
*
+ * - SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES:
+ * Set the preferred public key algorithms to be used for
+ * authentication (const char *, comma-separated list). ex:
+ * "ssh-rsa,rsa-sha2-256,ssh-dss,ecdh-sha2-nistp256"
+ *
* - SSH_OPTIONS_COMPRESSION_C_S:
* Set the compression to use for client to server
* communication (const char *, "yes", "no" or a specific
@@ -743,6 +756,24 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
return -1;
}
break;
+ case SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES:
+ v = value;
+ if (v == NULL || v[0] == '\0') {
+ ssh_set_error_invalid(session);
+ return -1;
+ } else {
+ p = ssh_keep_known_algos(SSH_HOSTKEYS, v);
+ if (p == NULL) {
+ ssh_set_error(session, SSH_REQUEST_DENIED,
+ "Setting method: no known public key algorithm (%s)",
+ v);
+ return -1;
+ }
+
+ SAFE_FREE(session->opts.pubkey_accepted_types);
+ session->opts.pubkey_accepted_types = p;
+ }
+ break;
case SSH_OPTIONS_HMAC_C_S:
v = value;
if (v == NULL || v[0] == '\0') {
diff --git a/src/session.c b/src/session.c
index a1959d48..28255221 100644
--- a/src/session.c
+++ b/src/session.c
@@ -282,6 +282,7 @@ void ssh_free(ssh_session session) {
SAFE_FREE(session->opts.ProxyCommand);
SAFE_FREE(session->opts.gss_server_identity);
SAFE_FREE(session->opts.gss_client_identity);
+ SAFE_FREE(session->opts.pubkey_accepted_types);
for (i = 0; i < 10; i++) {
if (session->opts.wanted_methods[i]) {