/* The cipher order given here is the default order. */
static const struct keyvalwhere ciphernames[] = {
- { "chacha20", CIPHER_CHACHA20, -1, -1 },
{ "aes", CIPHER_AES, -1, -1 },
+ { "chacha20", CIPHER_CHACHA20, CIPHER_AES, +1 },
{ "blowfish", CIPHER_BLOWFISH, -1, -1 },
{ "3des", CIPHER_3DES, -1, -1 },
{ "WARN", CIPHER_WARN, -1, -1 },
{ "WARN", KEX_WARN, -1, -1 }
};
+static const struct keyvalwhere hknames[] = {
+ { "ed25519", HK_ED25519, -1, +1 },
+ { "ecdsa", HK_ECDSA, -1, -1 },
+ { "dsa", HK_DSA, -1, -1 },
+ { "rsa", HK_RSA, -1, -1 },
+ { "WARN", HK_WARN, -1, -1 },
+};
+
/*
* All the terminal modes that we know about for the "TerminalModes"
* setting. (Also used by config.c for the drop-down list.)
conf_set_int_int(conf, primary, j+1,
conf_get_int_int(conf, primary, j));
conf_set_int_int(conf, primary, pos, mapping[i].v);
+ seen |= (1 << mapping[i].v);
n++;
}
}
write_setting_i(sesskey, "ChangeUsername", conf_get_int(conf, CONF_change_username));
wprefs(sesskey, "Cipher", ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist);
wprefs(sesskey, "KEX", kexnames, KEX_MAX, conf, CONF_ssh_kexlist);
+ wprefs(sesskey, "HostKey", hknames, HK_MAX, conf, CONF_ssh_hklist);
write_setting_i(sesskey, "RekeyTime", conf_get_int(conf, CONF_ssh_rekey_time));
write_setting_s(sesskey, "RekeyBytes", conf_get_str(conf, CONF_ssh_rekey_data));
write_setting_i(sesskey, "SshNoAuth", conf_get_int(conf, CONF_ssh_no_userauth));
gprefs(sesskey, "KEX", default_kexes,
kexnames, KEX_MAX, conf, CONF_ssh_kexlist);
}
+ gprefs(sesskey, "HostKey", "ed25519,ecdsa,rsa,dsa,WARN",
+ hknames, HK_MAX, conf, CONF_ssh_hklist);
gppi(sesskey, "RekeyTime", 60, conf, CONF_ssh_rekey_time);
gpps(sesskey, "RekeyBytes", "1G", conf, CONF_ssh_rekey_data);
- /* SSH-2 only by default */
- gppi(sesskey, "SshProt", 3, conf, CONF_sshprot);
+ {
+ /* SSH-2 only by default */
+ int sshprot = gppi_raw(sesskey, "SshProt", 3);
+ /* Old sessions may contain the values correponding to the fallbacks
+ * we used to allow; migrate them */
+ if (sshprot == 1) sshprot = 0; /* => "SSH-1 only" */
+ else if (sshprot == 2) sshprot = 3; /* => "SSH-2 only" */
+ conf_set_int(conf, CONF_sshprot, sshprot);
+ }
gpps(sesskey, "LogHost", "", conf, CONF_loghost);
gppi(sesskey, "SSH2DES", 0, conf, CONF_ssh2_des_cbc);
gppi(sesskey, "SshNoAuth", 0, conf, CONF_ssh_no_userauth);