diff options
| author |   djm <djm@openbsd.org> | 2013-12-30 23:52:27 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2013-12-30 23:52:27 +0000 |
| commit | 42f7034402374e309a02cc4e386c300ca46569ee (patch) | |
| tree | 66059541e823a002121f01575a788ebcf0b47d60 /usr.bin/ssh/sshconnect.c | |
| parent | Add support for newer integrated Realtek PHY. (diff) | |
| download | wireguard-openbsd-42f7034402374e309a02cc4e386c300ca46569ee.tar.xz wireguard-openbsd-42f7034402374e309a02cc4e386c300ca46569ee.zip | |
refuse RSA keys from old proprietary clients/servers that use the
obsolete RSA+MD5 signature scheme. it will still be possible to connect
with these clients/servers but only DSA keys will be accepted, and we'll
deprecate them entirely in a future release. ok markus@
Diffstat (limited to 'usr.bin/ssh/sshconnect.c')
| -rw-r--r-- | usr.bin/ssh/sshconnect.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index 6a77b9cafb6..28ea1d0f728 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.242 2013/12/29 05:57:02 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.243 2013/12/30 23:52:27 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -652,6 +652,9 @@ ssh_exchange_identification(int timeout_ms) fatal("Protocol major versions differ: %d vs. %d", (options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, remote_major); + if ((datafellows & SSH_BUG_RSASIGMD5) != 0) + logit("Server version \"%.100s\" uses unsafe RSA signature " + "scheme; disabling use of RSA keys", remote_version); if (!client_banner_sent) send_client_banner(connection_out, minor1); chop(server_version_string); |