upstream commit
UpdateHostKeys fixes:
I accidentally changed the format of the hostkeys@openssh.com messages
last week without changing the extension name, and this has been causing
connection failures for people who are running -current. First reported
by sthen@
s/hostkeys@openssh.com/hostkeys-00@openssh.com/
Change the name of the proof message too, and reorder it a little.
Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
available to read the response) so disable UpdateHostKeys if it is in
ask mode and ControlPersist is active (and document this)
diff --git a/PROTOCOL b/PROTOCOL
index f956083..91bfe27 100644
--- a/PROTOCOL
+++ b/PROTOCOL
@@ -282,15 +282,15 @@
boolean FALSE
string socket path
-2.5. connection: hostkey update and rotation "hostkeys@openssh.com"
-and "hostkeys-prove@openssh.com"
+2.5. connection: hostkey update and rotation "hostkeys-00@openssh.com"
+and "hostkeys-prove-00@openssh.com"
OpenSSH supports a protocol extension allowing a server to inform
a client of all its protocol v.2 host keys after user-authentication
has completed.
byte SSH_MSG_GLOBAL_REQUEST
- string "hostkeys@openssh.com"
+ string "hostkeys-00@openssh.com"
string[] hostkeys
Upon receiving this message, a client should check which of the
@@ -300,15 +300,15 @@
key.
byte SSH_MSG_GLOBAL_REQUEST
- string "hostkeys-prove@openssh.com"
+ string "hostkeys-prove-00@openssh.com"
char 1 /* want-reply */
string[] hostkeys
When a server receives this message, it should generate a signature
using each requested key over the following:
+ string "hostkeys-prove-00@openssh.com"
string session identifier
- string "hostkeys-prove@openssh.com"
string hostkey
These signatures should be included in the reply, in the order matching
@@ -453,4 +453,4 @@
This extension is advertised in the SSH_FXP_VERSION hello with version
"1".
-$OpenBSD: PROTOCOL,v 1.26 2015/02/16 22:13:32 djm Exp $
+$OpenBSD: PROTOCOL,v 1.27 2015/02/20 22:17:21 djm Exp $