ssh server CHANGE explicit key exchange and pubkey key types

michalvasko · michalvasko · commit afb1088826a2 · 2019-12-10T09:55:45.000+01:00
diff --git a/src/session_server_ssh.c b/src/session_server_ssh.c
@@ -24,6 +24,7 @@
 #include <errno.h>
 #include <time.h>
 
+#include "config.h"
 #include "session_server.h"
 #include "session_server_ch.h"
 #include "libnetconf.h"
@@ -1342,6 +1343,13 @@ nc_accept_ssh_session(struct nc_session *session, int sock, int timeout)
         close(sock);
         return -1;
     }
+    ssh_options_set(session->ti.libssh.session, SSH_OPTIONS_KEY_EXCHANGE, "curve25519-sha256,ecdh-sha2-nistp256,"
+            "diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,"
+            "diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1");
+#ifdef HAVE_LIBSSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES
+    ssh_options_set(session->ti.libssh.session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, "ssh-ed25519,ecdsa-sha2-nistp256,"
+            "ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss");
+#endif
 
     if (opts->auth_methods & NC_SSH_AUTH_PUBLICKEY) {
         libssh_auth_methods |= SSH_AUTH_METHOD_PUBLICKEY;
