diff -up openssh-9.3p1/regress/hostkey-agent.sh.xxx openssh-9.3p1/regress/hostkey-agent.sh --- openssh-9.3p1/regress/hostkey-agent.sh.xxx 2023-05-29 18:15:56.311236887 +0200 +++ openssh-9.3p1/regress/hostkey-agent.sh 2023-05-29 18:16:07.598503551 +0200 @@ -17,8 +17,21 @@ trace "make CA key" ${SSHKEYGEN} -qt ed25519 -f $OBJ/agent-ca -N '' || fatal "ssh-keygen CA" +PUBKEY_ACCEPTED_ALGOS=`$SSH -G "example.com" | \ + grep -i "PubkeyAcceptedAlgorithms" | cut -d ' ' -f2- | tr "," "|"` +SSH_ACCEPTED_KEYTYPES=`echo "$SSH_KEYTYPES" | egrep "$PUBKEY_ACCEPTED_ALGOS"` +echo $PUBKEY_ACCEPTED_ALGOS | grep "rsa" +r=$? +if [ $r == 0 ]; then +echo $SSH_ACCEPTED_KEYTYPES | grep "rsa" +r=$? +if [ $r -ne 0 ]; then +SSH_ACCEPTED_KEYTYPES="$SSH_ACCEPTED_KEYTYPES ssh-rsa" +fi +fi + trace "load hostkeys" -for k in $SSH_KEYTYPES ; do +for k in $SSH_ACCEPTED_KEYTYPES ; do ${SSHKEYGEN} -qt $k -f $OBJ/agent-key.$k -N '' || fatal "ssh-keygen $k" ${SSHKEYGEN} -s $OBJ/agent-ca -qh -n localhost-with-alias \ -I localhost-with-alias $OBJ/agent-key.$k.pub || \ @@ -32,12 +48,16 @@ rm $OBJ/agent-ca # Don't need CA private unset SSH_AUTH_SOCK -for k in $SSH_KEYTYPES ; do +for k in $SSH_ACCEPTED_KEYTYPES ; do verbose "key type $k" + hka=$k + if [ $k = "ssh-rsa" ]; then + hka="rsa-sha2-512" + fi cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy - echo "HostKeyAlgorithms $k" >> $OBJ/sshd_proxy + echo "HostKeyAlgorithms $hka" >> $OBJ/sshd_proxy echo "Hostkey $OBJ/agent-key.${k}" >> $OBJ/sshd_proxy - opts="-oHostKeyAlgorithms=$k -F $OBJ/ssh_proxy" + opts="-oHostKeyAlgorithms=$hka -F $OBJ/ssh_proxy" ( printf 'localhost-with-alias,127.0.0.1,::1 ' ; cat $OBJ/agent-key.$k.pub) > $OBJ/known_hosts SSH_CONNECTION=`${SSH} $opts host 'echo $SSH_CONNECTION'` @@ -50,15 +70,16 @@ for k in $SSH_KEYTYPES ; do done SSH_CERTTYPES=`ssh -Q key-sig | grep 'cert-v01@openssh.com'` +SSH_ACCEPTED_CERTTYPES=`echo "$SSH_CERTTYPES" | egrep "$PUBKEY_ACCEPTED_ALGOS"` # Prepare sshd_proxy for certificates. cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy HOSTKEYALGS="" -for k in $SSH_CERTTYPES ; do +for k in $SSH_ACCEPTED_CERTTYPES ; do test -z "$HOSTKEYALGS" || HOSTKEYALGS="${HOSTKEYALGS}," HOSTKEYALGS="${HOSTKEYALGS}${k}" done -for k in $SSH_KEYTYPES ; do +for k in $SSH_ACCEPTED_KEYTYPES ; do echo "Hostkey $OBJ/agent-key.${k}.pub" >> $OBJ/sshd_proxy echo "HostCertificate $OBJ/agent-key.${k}-cert.pub" >> $OBJ/sshd_proxy test -f $OBJ/agent-key.${k}.pub || fatal "no $k key" @@ -70,7 +93,7 @@ echo "HostKeyAlgorithms $HOSTKEYALGS" >> ( printf '@cert-authority localhost-with-alias ' ; cat $OBJ/agent-ca.pub) > $OBJ/known_hosts -for k in $SSH_CERTTYPES ; do +for k in $SSH_ACCEPTED_CERTTYPES ; do verbose "cert type $k" opts="-oHostKeyAlgorithms=$k -F $OBJ/ssh_proxy" SSH_CONNECTION=`${SSH} $opts host 'echo $SSH_CONNECTION'` diff -up openssh-9.3p1/sshconnect2.c.xxx openssh-9.3p1/sshconnect2.c --- openssh-9.3p1/sshconnect2.c.xxx 2023-04-26 17:37:35.100827792 +0200 +++ openssh-9.3p1/sshconnect2.c 2023-04-26 17:50:31.860748877 +0200 @@ -221,7 +221,7 @@ ssh_kex2(struct ssh *ssh, char *host, st const struct ssh_conn_info *cinfo) { char *myproposal[PROPOSAL_MAX]; - char *s, *all_key, *hkalgs = NULL; + char *s, *all_key, *hkalgs = NULL, *filtered_algs = NULL; int r, use_known_hosts_order = 0; #if defined(GSSAPI) && defined(WITH_OPENSSL) @@ -260,9 +260,21 @@ ssh_kex2(struct ssh *ssh, char *host, st if (use_known_hosts_order) hkalgs = order_hostkeyalgs(host, hostaddr, port, cinfo); + filtered_algs = hkalgs ? match_filter_allowlist(hkalgs, options.pubkey_accepted_algos) + : match_filter_allowlist(options.hostkeyalgorithms, + options.pubkey_accepted_algos); + if (filtered_algs == NULL) { + if (hkalgs) + fatal_f("No match between algorithms for %s (host %s) and pubkey accepted algorithms %s", + hkalgs, host, options.pubkey_accepted_algos); + else + fatal_f("No match between host key algorithms %s and pubkey accepted algorithms %s", + options.hostkeyalgorithms, options.pubkey_accepted_algos); + } + kex_proposal_populate_entries(ssh, myproposal, s, options.ciphers, options.macs, compression_alg_list(options.compression), - hkalgs ? hkalgs : options.hostkeyalgorithms); + filtered_algs); #if defined(GSSAPI) && defined(WITH_OPENSSL) if (options.gss_keyex) { @@ -303,6 +315,7 @@ ssh_kex2(struct ssh *ssh, char *host, st #endif free(hkalgs); + free(filtered_algs); /* start key exchange */ if ((r = kex_setup(ssh, myproposal)) != 0)