rcolebaugh / rpms / openssh

Forked from rpms/openssh 2 years ago
Clone

Blame SOURCES/openssh-8.0p1-keyscan-rsa-sha2.patch

0d83e7
From 7250879c72d28275a53f2f220e49646c3e42ef18 Mon Sep 17 00:00:00 2001
0d83e7
From: "djm@openbsd.org" <djm@openbsd.org>
0d83e7
Date: Fri, 12 Jul 2019 04:08:39 +0000
0d83e7
Subject: [PATCH] upstream: include SHA2-variant RSA key algorithms in KEX
0d83e7
 proposal;
0d83e7
0d83e7
allows ssh-keyscan to harvest keys from servers that disable olde SHA1
0d83e7
ssh-rsa. bz#3029 from Jakub Jelen
0d83e7
0d83e7
OpenBSD-Commit-ID: 9f95ebf76a150c2f727ca4780fb2599d50bbab7a
0d83e7
---
0d83e7
 ssh-keyscan.c | 9 +++++++--
0d83e7
 1 file changed, 7 insertions(+), 2 deletions(-)
0d83e7
0d83e7
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
0d83e7
index d95ba1b37..d383b57b9 100644
0d83e7
--- a/ssh-keyscan.c
0d83e7
+++ b/ssh-keyscan.c
0d83e7
@@ -233,7 +233,12 @@ keygrab_ssh2(con *c)
0d83e7
 		break;
0d83e7
 	case KT_RSA:
0d83e7
 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
0d83e7
-		    "ssh-rsa-cert-v01@openssh.com" : "ssh-rsa";
0d83e7
+		    "rsa-sha2-512-cert-v01@openssh.com,"
0d83e7
+		    "rsa-sha2-256-cert-v01@openssh.com,"
0d83e7
+		    "ssh-rsa-cert-v01@openssh.com" :
0d83e7
+		    "rsa-sha2-512,"
0d83e7
+		    "rsa-sha2-256,"
0d83e7
+		    "ssh-rsa";
0d83e7
 		break;
0d83e7
 	case KT_ED25519:
0d83e7
 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
0d83e7