Commit 1d963b1d authored by Han-Wen Nienhuys's avatar Han-Wen Nienhuys

go.crypto/ssh: let client accept DSA and ECDSA host key algorithms.

R=agl, dave, jpsugar, m4dh4tt3r, agl
CC=golang-dev
https://codereview.appspot.com/14420045

Committer: Adam Langley <agl@golang.org>
parent eb0e8047
......@@ -16,8 +16,6 @@ import (
// These are string constants in the SSH protocol.
const (
hostAlgoRSA = "ssh-rsa"
hostAlgoDSA = "ssh-dss"
compressionNone = "none"
serviceUserAuth = "ssh-userauth"
serviceSSH = "ssh-connection"
......@@ -28,7 +26,11 @@ var supportedKexAlgos = []string{
kexAlgoDH14SHA1, kexAlgoDH1SHA1,
}
var supportedHostKeyAlgos = []string{hostAlgoRSA}
var supportedHostKeyAlgos = []string{
KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521,
KeyAlgoRSA, KeyAlgoDSA,
}
var supportedCompressions = []string{compressionNone}
// hashFuncs keeps the mapping of supported algorithms to their respective
......
......@@ -40,8 +40,10 @@ func TestHostKeyCheck(t *testing.T) {
conf := clientConfig()
k := conf.HostKeyChecker.(*storedHostKey)
// change the key.
k.keys["ssh-rsa"][25]++
// change the keys.
k.keys[ssh.KeyAlgoRSA][25]++
k.keys[ssh.KeyAlgoDSA][25]++
k.keys[ssh.KeyAlgoECDSA256][25]++
conn, err := server.TryDial(conf)
if err == nil {
......
......@@ -48,22 +48,32 @@ HostbasedAuthentication no
`
var (
configTmpl template.Template
privateKey ssh.Signer
hostKey ssh.Signer
configTmpl template.Template
privateKey ssh.Signer
hostKeyRSA ssh.Signer
hostKeyECDSA ssh.Signer
hostKeyDSA ssh.Signer
)
func init() {
template.Must(configTmpl.Parse(sshd_config))
var err error
hostKey, err = ssh.ParsePrivateKey([]byte(keys["ssh_host_rsa_key"]))
if err != nil {
panic("ParsePrivateKey: " + err.Error())
for n, k := range map[string]*ssh.Signer{
"ssh_host_ecdsa_key": &hostKeyECDSA,
"ssh_host_rsa_key": &hostKeyRSA,
"ssh_host_dsa_key": &hostKeyDSA,
} {
var err error
*k, err = ssh.ParsePrivateKey([]byte(keys[n]))
if err != nil {
panic(fmt.Sprintf("ParsePrivateKey(%q): %v", n, err))
}
}
var err error
privateKey, err = ssh.ParsePrivateKey([]byte(testClientPrivateKey))
if err != nil {
panic("ParsePrivateKey: " + err.Error())
panic(fmt.Sprintf("ParsePrivateKey: %v", err))
}
}
......@@ -103,7 +113,7 @@ func (k *storedHostKey) Add(key ssh.PublicKey) {
if k.keys == nil {
k.keys = map[string][]byte{}
}
k.keys[key.PublicKeyAlgo()] = append([]byte(nil), ssh.MarshalPublicKey(key)...)
k.keys[key.PublicKeyAlgo()] = ssh.MarshalPublicKey(key)
}
func (k *storedHostKey) Check(addr string, remote net.Addr, algo string, key []byte) error {
......@@ -115,7 +125,9 @@ func (k *storedHostKey) Check(addr string, remote net.Addr, algo string, key []b
func clientConfig() *ssh.ClientConfig {
keyChecker := storedHostKey{}
keyChecker.Add(hostKey.PublicKey())
keyChecker.Add(hostKeyECDSA.PublicKey())
keyChecker.Add(hostKeyRSA.PublicKey())
keyChecker.Add(hostKeyDSA.PublicKey())
kc := new(keychain)
kc.keys = append(kc.keys, privateKey)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment