- otto@cvs.openbsd.org 2011/01/04 20:44:13

     [ssh-keyscan.c]
     handle ecdsa-sha2 with various key lengths; hint and ok djm@

diff --git a/ChangeLog b/ChangeLog
index 0cdc191b040cc7e4aaccf3018df95816175c2de7..4e63aab5bcf4f76e083bd760f9eca0e112e2be85 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,6 +22,9 @@
    - djm@cvs.openbsd.org 2010/12/24 21:41:48
      [auth-options.c]
      don't send the actual forced command in a debug message; ok markus deraadt
+   - otto@cvs.openbsd.org 2011/01/04 20:44:13
+     [ssh-keyscan.c]
+     handle ecdsa-sha2 with various key lengths; hint and ok djm@
 
 20110104
  - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage

diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 3fb1214e2446558f316e7f11d6e8138be02dfc48..25d7ac66f9572cec66f517a6884644fba7912c87 100644 (file)
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.83 2010/08/31 11:54:45 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.84 2011/01/04 20:44:13 otto Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
  *
@@ -246,7 +246,8 @@ keygrab_ssh2(con *c)
        packet_set_connection(c->c_fd, c->c_fd);
        enable_compat20();
        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA?
-           "ssh-dss": "ssh-rsa";
+           "ssh-dss" : (c->c_keytype == KT_RSA ? "ssh-rsa" :
+           "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521");
        c->c_kex = kex_setup(myproposal);
        c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
        c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
@@ -573,7 +574,7 @@ do_host(char *host)
 
        if (name == NULL)
                return;
-       for (j = KT_RSA1; j <= KT_RSA; j *= 2) {
+       for (j = KT_RSA1; j <= KT_ECDSA; j *= 2) {
                if (get_keytypes & j) {
                        while (ncon >= MAXCON)
                                conloop();