|
 |
78bb33 |
diff -up openssh-9.8p1/sshd-session.c.xxx openssh-9.8p1/sshd-session.c
|
|
|
78bb33 |
--- openssh-9.8p1/sshd-session.c.xxx 2024-08-26 13:23:33.071882129 +0200
|
|
|
78bb33 |
+++ openssh-9.8p1/sshd-session.c 2024-08-26 13:26:02.990528767 +0200
|
|
|
78bb33 |
@@ -1229,8 +1229,9 @@ main(int ac, char **av)
|
|
|
78bb33 |
break;
|
|
|
78bb33 |
}
|
|
|
78bb33 |
}
|
|
|
78bb33 |
- if (!have_key)
|
|
|
78bb33 |
- fatal("internal error: monitor received no hostkeys");
|
|
|
78bb33 |
+ /* The GSSAPI key exchange can run without a host key */
|
|
|
78bb33 |
+ if (!have_key && !options.gss_keyex)
|
|
|
78bb33 |
+ fatal("internal error: monitor received no hostkeys and GSS KEX is not configured");
|
|
|
78bb33 |
|
|
|
78bb33 |
/* Ensure that umask disallows at least group and world write */
|
|
|
78bb33 |
new_umask = umask(0077) | 0022;
|
|
|
78bb33 |
@@ -1565,7 +1565,7 @@ do_ssh2_kex(struct ssh *ssh)
|
|
|
78bb33 |
if (gss && orig)
|
|
|
78bb33 |
xasprintf(&newstr, "%s,%s", gss, orig);
|
|
|
78bb33 |
else if (gss)
|
|
|
78bb33 |
- newstr = gss;
|
|
|
78bb33 |
+ xasprintf(&newstr, "%s,%s", gss, "kex-strict-s-v00@openssh.com");
|
|
|
78bb33 |
else if (orig)
|
|
|
78bb33 |
newstr = orig;
|
|
|
78bb33 |
|
|
|
78bb33 |
@@ -1575,7 +1575,7 @@ do_ssh2_kex(struct ssh *ssh)
|
|
|
78bb33 |
* host key algorithm we support
|
|
|
78bb33 |
*/
|
|
|
78bb33 |
if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
|
|
|
78bb33 |
- myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
|
|
|
78bb33 |
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = xstrdup("null");
|
|
|
78bb33 |
|
|
|
78bb33 |
if (newstr)
|
|
|
78bb33 |
myproposal[PROPOSAL_KEX_ALGS] = newstr;
|