summaryrefslogtreecommitdiff
path: root/vendor/golang.org/x/crypto/ssh/server.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/golang.org/x/crypto/ssh/server.go')
-rw-r--r--vendor/golang.org/x/crypto/ssh/server.go12
1 files changed, 3 insertions, 9 deletions
diff --git a/vendor/golang.org/x/crypto/ssh/server.go b/vendor/golang.org/x/crypto/ssh/server.go
index 1839ddc6a..98679ba5b 100644
--- a/vendor/golang.org/x/crypto/ssh/server.go
+++ b/vendor/golang.org/x/crypto/ssh/server.go
@@ -243,22 +243,15 @@ func NewServerConn(c net.Conn, config *ServerConfig) (*ServerConn, <-chan NewCha
fullConf.MaxAuthTries = 6
}
if len(fullConf.PublicKeyAuthAlgorithms) == 0 {
- fullConf.PublicKeyAuthAlgorithms = supportedPubKeyAuthAlgos
+ fullConf.PublicKeyAuthAlgorithms = defaultPubKeyAuthAlgos
} else {
for _, algo := range fullConf.PublicKeyAuthAlgorithms {
- if !contains(supportedPubKeyAuthAlgos, algo) {
+ if !contains(SupportedAlgorithms().PublicKeyAuths, algo) && !contains(InsecureAlgorithms().PublicKeyAuths, algo) {
c.Close()
return nil, nil, nil, fmt.Errorf("ssh: unsupported public key authentication algorithm %s", algo)
}
}
}
- // Check if the config contains any unsupported key exchanges
- for _, kex := range fullConf.KeyExchanges {
- if _, ok := serverForbiddenKexAlgos[kex]; ok {
- c.Close()
- return nil, nil, nil, fmt.Errorf("ssh: unsupported key exchange %s for server", kex)
- }
- }
s := &connection{
sshConn: sshConn{conn: c},
@@ -315,6 +308,7 @@ func (s *connection) serverHandshake(config *ServerConfig) (*Permissions, error)
// We just did the key change, so the session ID is established.
s.sessionID = s.transport.getSessionID()
+ s.algorithms = s.transport.getAlgorithms()
var packet []byte
if packet, err = s.transport.readPacket(); err != nil {
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-02 08:54:56 +0000