add SSH_ALLOWED_CA_SIGALGS - the default list of signature algorithms

author djm <djm@openbsd.org>

Wed, 12 Sep 2018 01:34:02 +0000 (01:34 +0000)

committer djm <djm@openbsd.org>

Wed, 12 Sep 2018 01:34:02 +0000 (01:34 +0000)
author djm <djm@openbsd.org>
Wed, 12 Sep 2018 01:34:02 +0000 (01:34 +0000)
committer djm <djm@openbsd.org>
Wed, 12 Sep 2018 01:34:02 +0000 (01:34 +0000)
diff --git a/usr.bin/ssh/myproposal.h b/usr.bin/ssh/myproposal.h

index 5ba525a..bd46b55 100644 (file)
--- a/usr.bin/ssh/myproposal.h
+++ b/usr.bin/ssh/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.56 2018/07/03 11:39:54 djm Exp $ */
+/* $OpenBSD: myproposal.h,v 1.57 2018/09/12 01:34:02 djm Exp $ */
  
  /*
   * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -82,6 +82,16 @@
  
  #define KEX_CLIENT_MAC KEX_SERVER_MAC
  
+/* Not a KEX value, but here so all the algorithm defaults are together */
+#define        SSH_ALLOWED_CA_SIGALGS  \
+       "ecdsa-sha2-nistp256," \
+       "ecdsa-sha2-nistp384," \
+       "ecdsa-sha2-nistp521," \
+       "ssh-ed25519," \
+       "rsa-sha2-512," \
+       "rsa-sha2-256," \
+       "ssh-rsa"
+
  #else /* WITH_OPENSSL */
  
  #define KEX_SERVER_KEX         \
@@ -109,6 +119,8 @@
  #define        KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT
  #define KEX_CLIENT_MAC KEX_SERVER_MAC
  
+#define        SSH_ALLOWED_CA_SIGALGS  "ssh-ed25519"
+
  #endif /* WITH_OPENSSL */
  
  #define        KEX_DEFAULT_COMP        "none,zlib@openssh.com"
author	djm <djm@openbsd.org>
	Wed, 12 Sep 2018 01:34:02 +0000 (01:34 +0000)
committer	djm <djm@openbsd.org>
	Wed, 12 Sep 2018 01:34:02 +0000 (01:34 +0000)