upstream: add security key types to list of keys allowed to act as

author djm@openbsd.org <djm@openbsd.org>

Tue, 10 Dec 2019 22:43:19 +0000 (22:43 +0000)

committer Damien Miller <djm@mindrot.org>

Wed, 11 Dec 2019 08:11:07 +0000 (19:11 +1100)
author djm@openbsd.org <djm@openbsd.org>
Tue, 10 Dec 2019 22:43:19 +0000 (22:43 +0000)
committer Damien Miller <djm@mindrot.org>
Wed, 11 Dec 2019 08:11:07 +0000 (19:11 +1100)
diff --git a/myproposal.h b/myproposal.h

index d6e7977e47cc2d7673a21fbfcf7fe2219fe0453a..b393db8b04dfedc09313016a8ef77af295645995 100644 (file)
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.61 2019/11/12 19:33:08 markus Exp $ */
+/* $OpenBSD: myproposal.h,v 1.62 2019/12/10 22:43:19 djm Exp $ */
  
  /*
   * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -145,7 +145,9 @@
  /* Not a KEX value, but here so all the algorithm defaults are together */
  #define        SSH_ALLOWED_CA_SIGALGS  \
         HOSTKEY_ECDSA_METHODS \
+       USERKEY_ECDSA_SK_METHODS \
         "ssh-ed25519," \
+       "sk-ssh-ed25519@openssh.com," \
         "rsa-sha2-512," \
         "rsa-sha2-256," \
         "ssh-rsa"
@@ -194,7 +196,7 @@
  #define        KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT
  #define KEX_CLIENT_MAC KEX_SERVER_MAC
  
-#define        SSH_ALLOWED_CA_SIGALGS  "ssh-ed25519"
+#define        SSH_ALLOWED_CA_SIGALGS  "ssh-ed25519,sk-ssh-ed25519@openssh.com"
  
  #endif /* WITH_OPENSSL */
author	djm@openbsd.org <djm@openbsd.org>
	Tue, 10 Dec 2019 22:43:19 +0000 (22:43 +0000)
committer	Damien Miller <djm@mindrot.org>
	Wed, 11 Dec 2019 08:11:07 +0000 (19:11 +1100)