GSSAPI
Scott Neugroschl
scott_n at xypro.com
Tue Aug 26 09:45:09 EST 2014
-----Original Message-----
From: Damien Miller [mailto:djm at mindrot.org]
On Mon, 25 Aug 2014, Scott Neugroschl wrote:
> In the patch, at line 2687 of
> http://pkgs.fedoraproject.org/cgit/openssh.git/tree/openssh-6.6p1-gssk
> ex.patch, we have
>
> @@ -2488,6 +2495,48 @@ do_ssh2_kex(void)
> myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
> list_hostkey_types());
>
> +#ifdef GSSAPI
> + {
> + char *orig;
> + char *gss = NULL;
> + char *newstr = NULL;
> + orig = myproposal[PROPOSAL_KEX_ALGS]; <<<=== HERE 1
> +
> + /*
> + * If we don't have a host key, then there's no point advertising
> + * the other key exchange algorithms
> + */
> +
> + if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0) <<<=== HERE 2
> + orig = NULL;
>
> Note that at the lines marked HERE 1 and HERE 2, orig refers to two
> separate things. Is this inconsistency in reference intended?
AFAIK yes - it's intended to change the KEX method proposal based on whether any hostkeys are loaded.
-d
---------
Thanks, Damien. I was trying to debug an issue in this code. Turns out there was a trailing blank in
my host key file name. I'll look at ssh-keygen.c and see if I can rectify that.
ScottN
More information about the openssh-unix-dev
mailing list