diff options
-rw-r--r-- | include/libssh/libssh.h | 1 | ||||
-rw-r--r-- | include/libssh/session.h | 1 | ||||
-rw-r--r-- | src/options.c | 31 | ||||
-rw-r--r-- | src/session.c | 1 |
4 files changed, 34 insertions, 0 deletions
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h index 01e0a138..1f5cdf87 100644 --- a/include/libssh/libssh.h +++ b/include/libssh/libssh.h @@ -404,6 +404,7 @@ enum ssh_options_e { SSH_OPTIONS_GSSAPI_AUTH, SSH_OPTIONS_GLOBAL_KNOWNHOSTS, SSH_OPTIONS_NODELAY, + SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, }; enum { diff --git a/include/libssh/session.h b/include/libssh/session.h index 00717652..107d4aec 100644 --- a/include/libssh/session.h +++ b/include/libssh/session.h @@ -204,6 +204,7 @@ struct ssh_session_struct { char *knownhosts; char *global_knownhosts; char *wanted_methods[10]; + char *pubkey_accepted_types; char *ProxyCommand; char *custombanner; unsigned long timeout; /* seconds */ diff --git a/src/options.c b/src/options.c index 0e428e65..2376b3a6 100644 --- a/src/options.c +++ b/src/options.c @@ -147,6 +147,14 @@ int ssh_options_copy(ssh_session src, ssh_session *dest) { return -1; } } + + if (src->opts.pubkey_accepted_types != NULL) { + new->opts.pubkey_accepted_types = strdup(src->opts.pubkey_accepted_types); + if (new->opts.pubkey_accepted_types == NULL) { + ssh_free(new); + return -1; + } + } new->opts.fd = src->opts.fd; new->opts.port = src->opts.port; new->opts.timeout = src->opts.timeout; @@ -343,6 +351,11 @@ int ssh_options_set_algo(ssh_session session, * comma-separated list). ex: * "ssh-rsa,ssh-dss,ecdh-sha2-nistp256" * + * - SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES: + * Set the preferred public key algorithms to be used for + * authentication (const char *, comma-separated list). ex: + * "ssh-rsa,rsa-sha2-256,ssh-dss,ecdh-sha2-nistp256" + * * - SSH_OPTIONS_COMPRESSION_C_S: * Set the compression to use for client to server * communication (const char *, "yes", "no" or a specific @@ -743,6 +756,24 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type, return -1; } break; + case SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES: + v = value; + if (v == NULL || v[0] == '\0') { + ssh_set_error_invalid(session); + return -1; + } else { + p = ssh_keep_known_algos(SSH_HOSTKEYS, v); + if (p == NULL) { + ssh_set_error(session, SSH_REQUEST_DENIED, + "Setting method: no known public key algorithm (%s)", + v); + return -1; + } + + SAFE_FREE(session->opts.pubkey_accepted_types); + session->opts.pubkey_accepted_types = p; + } + break; case SSH_OPTIONS_HMAC_C_S: v = value; if (v == NULL || v[0] == '\0') { diff --git a/src/session.c b/src/session.c index a1959d48..28255221 100644 --- a/src/session.c +++ b/src/session.c @@ -282,6 +282,7 @@ void ssh_free(ssh_session session) { SAFE_FREE(session->opts.ProxyCommand); SAFE_FREE(session->opts.gss_server_identity); SAFE_FREE(session->opts.gss_client_identity); + SAFE_FREE(session->opts.pubkey_accepted_types); for (i = 0; i < 10; i++) { if (session->opts.wanted_methods[i]) { |