Skip to content

Commit

Permalink
sshd: skip host keys with invalid algorithms
Browse files Browse the repository at this point in the history
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
  • Loading branch information
drakkan committed Oct 10, 2023
1 parent bc6bdb2 commit 904ad2f
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 2 deletions.
4 changes: 3 additions & 1 deletion internal/sftpd/internal_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1987,7 +1987,9 @@ func TestLoadHostKeys(t *testing.T) {
c.HostKeyAlgorithms = []string{ssh.KeyAlgoRSASHA256}
c.HostKeys = []string{ecdsaKeyName}
err = c.checkAndLoadHostKeys(configDir, serverConfig)
assert.Error(t, err)
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "server has no host keys")
}
c.HostKeyAlgorithms = preferredHostKeyAlgos
err = c.checkAndLoadHostKeys(configDir, serverConfig)
assert.NoError(t, err)
Expand Down
7 changes: 6 additions & 1 deletion internal/sftpd/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -1030,7 +1030,9 @@ func (c *Configuration) checkAndLoadHostKeys(configDir string, serverConfig *ssh
}
mas, err := ssh.NewSignerWithAlgorithms(private.(ssh.AlgorithmSigner), k.Algorithms)
if err != nil {
return fmt.Errorf("could not create signer for key %q with algorithms %+v: %w", k.Path, k.Algorithms, err)
logger.Warn(logSender, "", "could not create signer for key %q with algorithms %+v: %v", k.Path, k.Algorithms, err)
logger.WarnToConsole("could not create signer for key %q with algorithms %+v: %v", k.Path, k.Algorithms, err)
continue
}
serviceStatus.HostKeys = append(serviceStatus.HostKeys, k)
logger.Info(logSender, "", "Host key %q loaded, type %q, fingerprint %q, algorithms %+v", hostKey,
Expand Down Expand Up @@ -1060,6 +1062,9 @@ func (c *Configuration) checkAndLoadHostKeys(configDir string, serverConfig *ssh
}
}
}
if len(serviceStatus.HostKeys) == 0 {
return errors.New("ssh: server has no host keys")
}
var fp []string
for idx := range serviceStatus.HostKeys {
h := &serviceStatus.HostKeys[idx]
Expand Down

0 comments on commit 904ad2f

Please sign in to comment.