diff -up openssh-9.3p1/regress/hostkey-agent.sh.xxx openssh-9.3p1/regress/hostkey-agent.sh
--- openssh-9.3p1/regress/hostkey-agent.sh.xxx 2023-05-29 18:15:56.311236887 +0200
+++ openssh-9.3p1/regress/hostkey-agent.sh 2023-05-29 18:16:07.598503551 +0200
@@ -17,8 +17,21 @@ trace "make CA key"
${SSHKEYGEN} -qt ed25519 -f $OBJ/agent-ca -N '' || fatal "ssh-keygen CA"
+PUBKEY_ACCEPTED_ALGOS=`$SSH -G "example.com" | \
+ grep -i "PubkeyAcceptedAlgorithms" | cut -d ' ' -f2- | tr "," "|"`
+SSH_ACCEPTED_KEYTYPES=`echo "$SSH_KEYTYPES" | egrep "$PUBKEY_ACCEPTED_ALGOS"`
+echo $PUBKEY_ACCEPTED_ALGOS | grep "rsa"
+r=$?
+if [ $r == 0 ]; then
+echo $SSH_ACCEPTED_KEYTYPES | grep "rsa"
+r=$?
+if [ $r -ne 0 ]; then
+SSH_ACCEPTED_KEYTYPES="$SSH_ACCEPTED_KEYTYPES ssh-rsa"
+fi
+fi
+
trace "load hostkeys"
-for k in $SSH_KEYTYPES ; do
+for k in $SSH_ACCEPTED_KEYTYPES ; do
${SSHKEYGEN} -qt $k -f $OBJ/agent-key.$k -N '' || fatal "ssh-keygen $k"
${SSHKEYGEN} -s $OBJ/agent-ca -qh -n localhost-with-alias \
-I localhost-with-alias $OBJ/agent-key.$k.pub || \
@@ -32,12 +48,16 @@ rm $OBJ/agent-ca # Don't need CA private
unset SSH_AUTH_SOCK
-for k in $SSH_KEYTYPES ; do
+for k in $SSH_ACCEPTED_KEYTYPES ; do
verbose "key type $k"
+ hka=$k
+ if [ $k = "ssh-rsa" ]; then
+ hka="rsa-sha2-512"
+ fi
cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
- echo "HostKeyAlgorithms $k" >> $OBJ/sshd_proxy
+ echo "HostKeyAlgorithms $hka" >> $OBJ/sshd_proxy
echo "Hostkey $OBJ/agent-key.${k}" >> $OBJ/sshd_proxy
- opts="-oHostKeyAlgorithms=$k -F $OBJ/ssh_proxy"
+ opts="-oHostKeyAlgorithms=$hka -F $OBJ/ssh_proxy"
( printf 'localhost-with-alias,127.0.0.1,::1 ' ;
cat $OBJ/agent-key.$k.pub) > $OBJ/known_hosts
SSH_CONNECTION=`${SSH} $opts host 'echo $SSH_CONNECTION'`
@@ -50,15 +70,16 @@ for k in $SSH_KEYTYPES ; do
done
SSH_CERTTYPES=`ssh -Q key-sig | grep 'cert-v01@openssh.com'`
+SSH_ACCEPTED_CERTTYPES=`echo "$SSH_CERTTYPES" | egrep "$PUBKEY_ACCEPTED_ALGOS"`
# Prepare sshd_proxy for certificates.
cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
HOSTKEYALGS=""
-for k in $SSH_CERTTYPES ; do
+for k in $SSH_ACCEPTED_CERTTYPES ; do
test -z "$HOSTKEYALGS" || HOSTKEYALGS="${HOSTKEYALGS},"
HOSTKEYALGS="${HOSTKEYALGS}${k}"
done
-for k in $SSH_KEYTYPES ; do
+for k in $SSH_ACCEPTED_KEYTYPES ; do
echo "Hostkey $OBJ/agent-key.${k}.pub" >> $OBJ/sshd_proxy
echo "HostCertificate $OBJ/agent-key.${k}-cert.pub" >> $OBJ/sshd_proxy
test -f $OBJ/agent-key.${k}.pub || fatal "no $k key"
@@ -70,7 +93,7 @@ echo "HostKeyAlgorithms $HOSTKEYALGS" >>
( printf '@cert-authority localhost-with-alias ' ;
cat $OBJ/agent-ca.pub) > $OBJ/known_hosts
-for k in $SSH_CERTTYPES ; do
+for k in $SSH_ACCEPTED_CERTTYPES ; do
verbose "cert type $k"
opts="-oHostKeyAlgorithms=$k -F $OBJ/ssh_proxy"
SSH_CONNECTION=`${SSH} $opts host 'echo $SSH_CONNECTION'`
diff -up openssh-9.3p1/sshconnect2.c.xxx openssh-9.3p1/sshconnect2.c
--- openssh-9.3p1/sshconnect2.c.xxx 2023-04-26 17:37:35.100827792 +0200
+++ openssh-9.3p1/sshconnect2.c 2023-04-26 17:50:31.860748877 +0200
@@ -221,7 +221,7 @@ ssh_kex2(struct ssh *ssh, char *host, st
const struct ssh_conn_info *cinfo)
{
char *myproposal[PROPOSAL_MAX];
- char *s, *all_key, *hkalgs = NULL;
+ char *s, *all_key, *hkalgs = NULL, *filtered_algs = NULL;
int r, use_known_hosts_order = 0;
#if defined(GSSAPI) && defined(WITH_OPENSSL)
@@ -260,9 +260,21 @@ ssh_kex2(struct ssh *ssh, char *host, st
if (use_known_hosts_order)
hkalgs = order_hostkeyalgs(host, hostaddr, port, cinfo);
+ filtered_algs = hkalgs ? match_filter_allowlist(hkalgs, options.pubkey_accepted_algos)
+ : match_filter_allowlist(options.hostkeyalgorithms,
+ options.pubkey_accepted_algos);
+ if (filtered_algs == NULL) {
+ if (hkalgs)
+ fatal_f("No match between algorithms for %s (host %s) and pubkey accepted algorithms %s",
+ hkalgs, host, options.pubkey_accepted_algos);
+ else
+ fatal_f("No match between host key algorithms %s and pubkey accepted algorithms %s",
+ options.hostkeyalgorithms, options.pubkey_accepted_algos);
+ }
+
kex_proposal_populate_entries(ssh, myproposal, s, options.ciphers,
options.macs, compression_alg_list(options.compression),
- hkalgs ? hkalgs : options.hostkeyalgorithms);
+ filtered_algs);
#if defined(GSSAPI) && defined(WITH_OPENSSL)
if (options.gss_keyex) {
@@ -303,6 +315,7 @@ ssh_kex2(struct ssh *ssh, char *host, st
#endif
free(hkalgs);
+ free(filtered_algs);
/* start key exchange */
if ((r = kex_setup(ssh, myproposal)) != 0)