diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2015-02-20 23:17:21 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-02-20 23:20:28 +0100 |
| commit | 44732de06884238049f285f1455b2181baa7dc82 (patch) | |
| tree | deb3c48176195cfc4028b55d2a1a71607e9f7fb0 /PROTOCOL | |
| parent | upstream commit (diff) | |
| download | openssh-44732de06884238049f285f1455b2181baa7dc82.tar.xz openssh-44732de06884238049f285f1455b2181baa7dc82.zip | |
upstream commit
UpdateHostKeys fixes:
I accidentally changed the format of the hostkeys@openssh.com messages
last week without changing the extension name, and this has been causing
connection failures for people who are running -current. First reported
by sthen@
s/hostkeys@openssh.com/hostkeys-00@openssh.com/
Change the name of the proof message too, and reorder it a little.
Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
available to read the response) so disable UpdateHostKeys if it is in
ask mode and ControlPersist is active (and document this)
Diffstat (limited to 'PROTOCOL')
| -rw-r--r-- | PROTOCOL | 12 |
1 files changed, 6 insertions, 6 deletions
@@ -282,15 +282,15 @@ by the client cancel the forwarding of a Unix domain socket. boolean FALSE string socket path -2.5. connection: hostkey update and rotation "hostkeys@openssh.com" -and "hostkeys-prove@openssh.com" +2.5. connection: hostkey update and rotation "hostkeys-00@openssh.com" +and "hostkeys-prove-00@openssh.com" OpenSSH supports a protocol extension allowing a server to inform a client of all its protocol v.2 host keys after user-authentication has completed. byte SSH_MSG_GLOBAL_REQUEST - string "hostkeys@openssh.com" + string "hostkeys-00@openssh.com" string[] hostkeys Upon receiving this message, a client should check which of the @@ -300,15 +300,15 @@ to request the server prove ownership of the private half of the key. byte SSH_MSG_GLOBAL_REQUEST - string "hostkeys-prove@openssh.com" + string "hostkeys-prove-00@openssh.com" char 1 /* want-reply */ string[] hostkeys When a server receives this message, it should generate a signature using each requested key over the following: + string "hostkeys-prove-00@openssh.com" string session identifier - string "hostkeys-prove@openssh.com" string hostkey These signatures should be included in the reply, in the order matching @@ -453,4 +453,4 @@ respond with a SSH_FXP_STATUS message. This extension is advertised in the SSH_FXP_VERSION hello with version "1". -$OpenBSD: PROTOCOL,v 1.26 2015/02/16 22:13:32 djm Exp $ +$OpenBSD: PROTOCOL,v 1.27 2015/02/20 22:17:21 djm Exp $ |