upstream commit
add sshd_config HostbasedAcceptedKeyTypes and
PubkeyAcceptedKeyTypes options to allow sshd to control what public key types
will be accepted. Currently defaults to all. Feedback & ok markus@
diff --git a/servconf.h b/servconf.h
index 49b228b..9922f0c 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.115 2014/12/21 22:27:56 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.116 2015/01/13 07:39:19 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -99,8 +99,10 @@
* authentication. */
int hostbased_authentication; /* If true, permit ssh2 hostbased auth */
int hostbased_uses_name_from_packet_only; /* experimental */
+ char *hostbased_key_types; /* Key types allowed for hostbased */
int rsa_authentication; /* If true, permit RSA authentication. */
int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */
+ char *pubkey_key_types; /* Key types allowed for public key */
int kerberos_authentication; /* If true, permit Kerberos
* authentication. */
int kerberos_or_local_passwd; /* If true, permit kerberos
@@ -215,6 +217,8 @@
M_CP_STROPT(authorized_principals_file); \
M_CP_STROPT(authorized_keys_command); \
M_CP_STROPT(authorized_keys_command_user); \
+ M_CP_STROPT(hostbased_key_types); \
+ M_CP_STROPT(pubkey_key_types); \
M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
M_CP_STRARRAYOPT(allow_users, num_allow_users); \
M_CP_STRARRAYOPT(deny_users, num_deny_users); \