From 611855475be98c61c04dd4658d49e8448e217a4c Mon Sep 17 00:00:00 2001 From: djm Date: Mon, 19 Feb 2018 00:55:02 +0000 Subject: [PATCH] emphasise that the hostkey rotation may send key types that the client may not support, and that the client should simply disregard such keys (this is what ssh does already). --- usr.bin/ssh/PROTOCOL | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/usr.bin/ssh/PROTOCOL b/usr.bin/ssh/PROTOCOL index 285d0503417..f27e0dfffbd 100644 --- a/usr.bin/ssh/PROTOCOL +++ b/usr.bin/ssh/PROTOCOL @@ -295,10 +295,14 @@ has completed. string[] hostkeys Upon receiving this message, a client should check which of the -supplied host keys are present in known_hosts. For keys that are -not present, it should send a "hostkeys-prove@openssh.com" message -to request the server prove ownership of the private half of the -key. +supplied host keys are present in known_hosts. + +Note that the server may send key types that the client does not +support. The client should disgregard such keys if they are received. + +If the client identifies any keys that are not present for the host, +it should send a "hostkeys-prove@openssh.com" message to request the +server prove ownership of the private half of the key. byte SSH_MSG_GLOBAL_REQUEST string "hostkeys-prove-00@openssh.com" @@ -454,4 +458,4 @@ respond with a SSH_FXP_STATUS message. This extension is advertised in the SSH_FXP_VERSION hello with version "1". -$OpenBSD: PROTOCOL,v 1.31 2017/05/26 01:40:07 djm Exp $ +$OpenBSD: PROTOCOL,v 1.32 2018/02/19 00:55:02 djm Exp $ -- 2.20.1