[openssh-commits] [openssh] 04/07: upstream: exlicitly include RSA/SHA-2 keytypes in

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Mar 14 18:56:07 AEDT 2018 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 3a43297ce29d37c64e37c7e21282cb219e28d3d1
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Mar 12 00:52:57 2018 +0000

    upstream: exlicitly include RSA/SHA-2 keytypes in
    
    PubkeyAcceptedKeyTypes here
    
    OpenBSD-Regress-ID: 954d19e0032a74e31697fb1dc7e7d3d1b2d65fe9
---
 regress/limit-keytype.sh | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/regress/limit-keytype.sh b/regress/limit-keytype.sh
index c0cf2fed..04f11977 100644
--- a/regress/limit-keytype.sh
+++ b/regress/limit-keytype.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: limit-keytype.sh,v 1.4 2015/10/29 08:05:17 djm Exp $
+#	$OpenBSD: limit-keytype.sh,v 1.5 2018/03/12 00:52:57 djm Exp $
 #	Placed in the Public Domain.
 
 tid="restrict pubkey type"
@@ -60,7 +60,8 @@ ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed"
 
 # Allow plain Ed25519 and RSA. The certificate should fail.
 verbose "allow rsa,ed25519"
-prepare_config "PubkeyAcceptedKeyTypes ssh-rsa,ssh-ed25519"
+prepare_config \
+	"PubkeyAcceptedKeyTypes rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-ed25519"
 ${SSH} $certopts proxy true && fatal "cert succeeded"
 ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed"
 ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed"
@@ -74,14 +75,14 @@ ${SSH} $opts -i $OBJ/user_key2 proxy true && fatal "key2 succeeded"
 
 # Allow all certs. Plain keys should fail.
 verbose "allow cert only"
-prepare_config "PubkeyAcceptedKeyTypes ssh-*-cert-v01 at openssh.com"
+prepare_config "PubkeyAcceptedKeyTypes *-cert-v01 at openssh.com"
 ${SSH} $certopts proxy true || fatal "cert failed"
 ${SSH} $opts -i $OBJ/user_key1 proxy true && fatal "key1 succeeded"
 ${SSH} $opts -i $OBJ/user_key2 proxy true && fatal "key2 succeeded"
 
 # Allow RSA in main config, Ed25519 for non-existent user.
 verbose "match w/ no match"
-prepare_config "PubkeyAcceptedKeyTypes ssh-rsa" \
+prepare_config "PubkeyAcceptedKeyTypes rsa-sha2-256,rsa-sha2-512,ssh-rsa" \
 	"Match user x$USER" "PubkeyAcceptedKeyTypes +ssh-ed25519"
 ${SSH} $certopts proxy true && fatal "cert succeeded"
 ${SSH} $opts -i $OBJ/user_key1 proxy true && fatal "key1 succeeded"

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list