PSARC/2015/395 OpenSSH 7.1p1
PSARC 2014/390 OpenSSH GSSKEY
21696247 upgrade OpenSSH to 7.1p1
22031540 problem in UTILITY/OPENSSH
22022180 problem in UTILITY/OPENSSH
22048638 problem in UTILITY/OPENSSH
19775805 OpenSSH contains a redundant call to do_pam_setcred()
21379157 OpenSSH shouldn't call setproject(3PROJECT) when configured to use PAM
20919294 upgrade OpenSSH to 6.8p1
19130869 migrate the Xforwarding bug fix (15350344) from SunSSH to OpenSSH
21861322 OpenSSH client hangs on broken pipe
22018764 remove cast128-cbc from OpenSSH
21919790 add GSSKeyEx as an alias to GSSAPIKeyExchange in OpenSSH
19941148 GSS-API Key Exchange for OpenSSH
21643415 OpenSSH should use AI_ADDRCONFIG per bug 19827438
20370803 OpenSSH patch number collision
20711463 OpenSSH wants to be able to login to a role too
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
22582153 openssh system/linker should be added to core REQ
#
# Per Solaris crypto team recommendation, we need to remove support for
# Curve25519 from OpenSSH.
#
# Patch offered upstream but rejected:
# https://bugzilla.mindrot.org/show_bug.cgi?id=2376
#
diff -pur old/Makefile.in new/Makefile.in
--- old/Makefile.in 2015-12-07 15:58:19.591097920 -0800
+++ new/Makefile.in 2015-12-07 16:05:02.810457680 -0800
@@ -153,7 +153,7 @@ $(SSHDOBJS): Makefile.in config.h
$(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
LIBCOMPAT=openbsd-compat/libopenbsd-compat.a
-$(LIBCOMPAT): always
+$(LIBCOMPAT): always libssh.a
(cd openbsd-compat && $(MAKE))
always:
diff -pur old/authfd.c new/authfd.c
--- old/authfd.c
+++ new/authfd.c
@@ -565,8 +565,10 @@ ssh_add_identity_constrained(int sock, s
case KEY_ECDSA:
case KEY_ECDSA_CERT:
#endif
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
case KEY_ED25519_CERT:
+#endif /* WITHOUT_ED25519 */
type = constrained ?
SSH2_AGENTC_ADD_ID_CONSTRAINED :
SSH2_AGENTC_ADD_IDENTITY;
diff -pur old/authfile.c new/authfile.c
--- old/authfile.c
+++ new/authfile.c
@@ -449,7 +449,9 @@ sshkey_load_private_cert(int type, const
case KEY_DSA:
case KEY_ECDSA:
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
+#endif /* WITHOUT_ED25519 */
case KEY_UNSPEC:
break;
default:
diff -pur old/dns.c new/dns.c
--- old/dns.c
+++ new/dns.c
@@ -100,11 +100,13 @@ dns_read_key(u_int8_t *algorithm, u_int8
if (!*digest_type)
*digest_type = SSHFP_HASH_SHA256;
break;
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
*algorithm = SSHFP_KEY_ED25519;
if (!*digest_type)
*digest_type = SSHFP_HASH_SHA256;
break;
+#endif /* WITHOUT_ED25519 */
default:
*algorithm = SSHFP_KEY_RESERVED; /* 0 */
*digest_type = SSHFP_HASH_RESERVED; /* 0 */
diff -pur old/dns.h new/dns.h
--- old/dns.h
+++ new/dns.h
@@ -33,7 +33,9 @@ enum sshfp_types {
SSHFP_KEY_RSA = 1,
SSHFP_KEY_DSA = 2,
SSHFP_KEY_ECDSA = 3,
- SSHFP_KEY_ED25519 = 4
+#ifndef WITHOUT_ED25519
+ SSHFP_KEY_ED25519 = 4
+#endif /* WITHOUT_ED25519 */
};
enum sshfp_hashes {
diff -pur old/ed25519.c new/ed25519.c
--- old/ed25519.c
+++ new/ed25519.c
@@ -7,6 +7,7 @@
*/
#include "includes.h"
+#ifndef WITHOUT_ED25519
#include "crypto_api.h"
#include "ge25519.h"
@@ -142,3 +143,4 @@ int crypto_sign_ed25519_open(
}
return ret;
}
+#endif /* WITHOUT_ED25519 */
diff -pur old/fe25519.c new/fe25519.c
--- old/fe25519.c
+++ new/fe25519.c
@@ -8,6 +8,7 @@
#include "includes.h"
+#ifndef WITHOUT_ED25519
#define WINDOWSIZE 1 /* Should be 1,2, or 4 */
#define WINDOWMASK ((1<<WINDOWSIZE)-1)
@@ -335,3 +336,4 @@ void fe25519_pow2523(fe25519 *r, const f
/* 2^252 - 2^2 */ fe25519_square(&t,&t);
/* 2^252 - 3 */ fe25519_mul(r,&t,x);
}
+#endif /* WITHOUT_ED25519 */
diff -pur old/fe25519.h new/fe25519.h
--- old/fe25519.h
+++ new/fe25519.h
@@ -8,6 +8,7 @@
#ifndef FE25519_H
#define FE25519_H
+#ifndef WITHOUT_ED25519
#include "crypto_api.h"
@@ -67,4 +68,5 @@ void fe25519_invert(fe25519 *r, const fe
void fe25519_pow2523(fe25519 *r, const fe25519 *x);
+#endif /* WITHOUT_ED25519 */
#endif
diff -pur old/ge25519.c new/ge25519.c
--- old/ge25519.c
+++ new/ge25519.c
@@ -7,6 +7,7 @@
*/
#include "includes.h"
+#ifndef WITHOUT_ED25519
#include "fe25519.h"
#include "sc25519.h"
@@ -319,3 +320,4 @@ void ge25519_scalarmult_base(ge25519_p3
ge25519_mixadd2(r, &t);
}
}
+#endif /* WITHOUT_ED25519 */
diff -pur old/ge25519.h new/ge25519.h
--- old/ge25519.h
+++ new/ge25519.h
@@ -8,6 +8,7 @@
#ifndef GE25519_H
#define GE25519_H
+#ifndef WITHOUT_ED25519
#include "fe25519.h"
#include "sc25519.h"
@@ -40,4 +41,5 @@ void ge25519_double_scalarmult_vartime(g
void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s);
+#endif /* WITHOUT_ED25519 */
#endif
diff -pur old/kex.c new/kex.c
--- old/kex.c
+++ new/kex.c
@@ -96,9 +96,11 @@ static const struct kexalg kexalgs[] = {
# endif /* OPENSSL_HAS_NISTP521 */
#endif /* OPENSSL_HAS_ECC */
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
#if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
{ KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
#endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
+#endif /* WITHOUT_ED25519 */
#ifdef GSSAPI
{ KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
{ KEX_GSS_GRP1_SHA1_ID, KEX_GSS_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
diff -pur old/kex.h new/kex.h
--- old/kex.h
+++ new/kex.h
@@ -58,13 +58,17 @@
#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
#define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384"
#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
+#ifndef WITHOUT_ED25519
#define KEX_CURVE25519_SHA256 "[email protected]"
+#endif /* WITHOUT_ED25519 */
#define COMP_NONE 0
#define COMP_ZLIB 1
#define COMP_DELAYED 2
+#ifndef WITHOUT_ED25519
#define CURVE25519_SIZE 32
+#endif /* WITHOUT_ED25519 */
enum kex_init_proposals {
PROPOSAL_KEX_ALGS,
@@ -92,7 +96,9 @@ enum kex_exchange {
KEX_DH_GEX_SHA1,
KEX_DH_GEX_SHA256,
KEX_ECDH_SHA2,
+#ifndef WITHOUT_ED25519
KEX_C25519_SHA256,
+#endif /* WITHOUT_ED25519 */
KEX_GSS_GRP1_SHA1,
KEX_GSS_GRP14_SHA1,
KEX_GSS_GEX_SHA1,
@@ -161,8 +167,10 @@ struct kex {
u_int min, max, nbits; /* GEX */
EC_KEY *ec_client_key; /* ECDH */
const EC_GROUP *ec_group; /* ECDH */
+#ifndef WITHOUT_ED25519
u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */
u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
+#endif /* WITHOUT_ED25519 */
};
int kex_names_valid(const char *);
@@ -191,8 +199,10 @@ int kexgex_client(struct ssh *);
int kexgex_server(struct ssh *);
int kexecdh_client(struct ssh *);
int kexecdh_server(struct ssh *);
+#ifndef WITHOUT_ED25519
int kexc25519_client(struct ssh *);
int kexc25519_server(struct ssh *);
+#endif /* WITHOUT_ED25519 */
#ifdef GSSAPI
int kexgss_client(struct ssh *);
int kexgss_server(struct ssh *);
@@ -213,6 +223,7 @@ int kex_ecdh_hash(int, const EC_GROUP *,
const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *);
+#ifndef WITHOUT_ED25519
int kex_c25519_hash(int, const char *, const char *, const char *, size_t,
const char *, size_t, const u_char *, size_t, const u_char *, const u_char *,
const u_char *, size_t, u_char *, size_t *);
@@ -224,6 +235,7 @@ int kexc25519_shared_key(const u_char ke
const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
+#endif /* WITHOUT_ED25519 */
int
derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);
diff -pur old/kexc25519.c new/kexc25519.c
--- old/kexc25519.c
+++ new/kexc25519.c
@@ -27,6 +27,7 @@
#include "includes.h"
+#ifndef WITHOUT_ED25519
#include <sys/types.h>
#include <signal.h>
@@ -131,3 +132,4 @@ kex_c25519_hash(
#endif
return 0;
}
+#endif /* WITHOUT_ED25519 */
diff -pur old/kexc25519c.c new/kexc25519c.c
--- old/kexc25519c.c
+++ new/kexc25519c.c
@@ -27,6 +27,7 @@
#include "includes.h"
+#ifndef WITHOUT_ED25519
#include <sys/types.h>
#include <stdio.h>
@@ -168,3 +169,4 @@ out:
sshbuf_free(shared_secret);
return r;
}
+#endif /* WITHOUT_ED25519 */
diff -pur old/kexc25519s.c new/kexc25519s.c
--- old/kexc25519s.c
+++ new/kexc25519s.c
@@ -26,6 +26,8 @@
#include "includes.h"
+#ifndef WITHOUT_ED25519
+
#include <sys/types.h>
#include <stdio.h>
#include <string.h>
@@ -157,3 +159,4 @@ out:
sshbuf_free(shared_secret);
return r;
}
+#endif /* WITHOUT_ED25519 */
diff -pur old/monitor.c new/monitor.c
--- old/monitor.c
+++ new/monitor.c
@@ -1941,7 +1941,9 @@ monitor_apply_keystate(struct monitor *p
kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
# endif
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
kex->kex[KEX_C25519_SHA256] = kexc25519_server;
+#endif /* WITHOUT_ED25519 */
#ifdef GSSAPI
if (options.gss_keyex) {
kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
diff -pur old/myproposal.h new/myproposal.h
--- old/myproposal.h
+++ new/myproposal.h
@@ -59,6 +59,20 @@
# define HOSTKEY_ECDSA_METHODS
#endif
+#ifndef WITHOUT_ED25519
+# if defined(WITH_OPENSSL) && defined(HAVE_EVP_SHA256)
+# define KEX_CURVE25519_METHODS "[email protected],"
+# else
+# define KEX_CURVE25519_METHODS
+# endif
+# define HOSTKEY_CURVE25519_CERT_METHODS "[email protected],"
+# define HOSTKEY_CURVE25519_METHODS "ssh-ed25519,"
+#else
+# define KEX_CURVE25519_METHODS
+# define HOSTKEY_CURVE25519_CERT_METHODS
+# define HOSTKEY_CURVE25519_METHODS
+#endif /* WITHOUT_ED25519 */
+
#ifdef OPENSSL_HAVE_EVPGCM
# define AESGCM_CIPHER_MODES \
",[email protected],[email protected]"
@@ -78,11 +92,6 @@
#endif
#ifdef WITH_OPENSSL
-# ifdef HAVE_EVP_SHA256
-# define KEX_CURVE25519_METHODS "[email protected],"
-# else
-# define KEX_CURVE25519_METHODS ""
-# endif
#define KEX_COMMON_KEX \
KEX_CURVE25519_METHODS \
KEX_ECDH_METHODS \
@@ -97,10 +106,10 @@
#define KEX_DEFAULT_PK_ALG \
HOSTKEY_ECDSA_CERT_METHODS \
- "[email protected]," \
+ HOSTKEY_CURVE25519_CERT_METHODS \
"[email protected]," \
HOSTKEY_ECDSA_METHODS \
- "ssh-ed25519," \
+ HOSTKEY_CURVE25519_METHODS \
"ssh-rsa" \
/* the actual algorithms */
@@ -141,10 +150,10 @@
#else
#define KEX_SERVER_KEX \
- "[email protected]"
+ KEX_CURVE25519_METHODS
#define KEX_DEFAULT_PK_ALG \
- "[email protected]," \
- "ssh-ed25519"
+ HOSTKEY_CURVE25519_CERT_METHODS \
+ HOSTKEY_CURVE25519_METHODS
#define KEX_SERVER_ENCRYPT \
"[email protected]," \
"aes128-ctr,aes192-ctr,aes256-ctr"
diff -pur old/openbsd-compat/Makefile.in new/openbsd-compat/Makefile.in
--- old/openbsd-compat/Makefile.in
+++ new/openbsd-compat/Makefile.in
@@ -32,7 +32,7 @@ $(OPENBSD): ../config.h
$(PORTS): ../config.h
libopenbsd-compat.a: $(COMPAT) $(OPENBSD) $(PORTS)
- $(AR) rv $@ $(COMPAT) $(OPENBSD) $(PORTS)
+ $(AR) rv $@ $(COMPAT) $(OPENBSD) $(PORTS) ../hash.o ../blocks.o
$(RANLIB) $@
clean:
diff -pur old/pathnames.h new/pathnames.h
--- old/pathnames.h
+++ new/pathnames.h
@@ -39,7 +39,9 @@
#define _PATH_HOST_KEY_FILE SSHDIR "/ssh_host_key"
#define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key"
#define _PATH_HOST_ECDSA_KEY_FILE SSHDIR "/ssh_host_ecdsa_key"
+#ifndef WITHOUT_ED25519
#define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key"
+#endif /* WITHOUT_ED25519 */
#define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key"
#define _PATH_DH_MODULI SSHDIR "/moduli"
/* Backwards compatibility */
@@ -78,7 +80,9 @@
#define _PATH_SSH_CLIENT_ID_DSA _PATH_SSH_USER_DIR "/id_dsa"
#define _PATH_SSH_CLIENT_ID_ECDSA _PATH_SSH_USER_DIR "/id_ecdsa"
#define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa"
+#ifndef WITHOUT_ED25519
#define _PATH_SSH_CLIENT_ID_ED25519 _PATH_SSH_USER_DIR "/id_ed25519"
+#endif /* WITHOUT_ED25519 */
/*
* Configuration file in user's home directory. This file need not be
diff -pur old/readconf.c new/readconf.c
--- old/readconf.c
+++ new/readconf.c
@@ -1846,8 +1846,10 @@ fill_default_options(Options * options)
add_identity_file(options, "~/",
_PATH_SSH_CLIENT_ID_ECDSA, 0);
#endif
+#ifndef WITHOUT_ED25519
add_identity_file(options, "~/",
_PATH_SSH_CLIENT_ID_ED25519, 0);
+#endif /* WITHOUT_ED25519 */
}
}
if (options->escape_char == -1)
diff -pur old/servconf.c new/servconf.c
--- old/servconf.c
+++ new/servconf.c
@@ -222,8 +222,10 @@ fill_default_server_options(ServerOption
options->host_key_files[options->num_host_key_files++] =
_PATH_HOST_ECDSA_KEY_FILE;
#endif
+#ifndef WITHOUT_ED25519
options->host_key_files[options->num_host_key_files++] =
_PATH_HOST_ED25519_KEY_FILE;
+#endif /* WITHOUT_ED25519 */
}
}
/* No certificates by default */
diff -pur old/smult_curve25519_ref.c new/smult_curve25519_ref.c
--- old/smult_curve25519_ref.c
+++ new/smult_curve25519_ref.c
@@ -6,6 +6,8 @@ Public domain.
Derived from public domain code by D. J. Bernstein.
*/
+#ifndef WITHOUT_ED25519
+
int crypto_scalarmult_curve25519(unsigned char *, const unsigned char *, const unsigned char *);
static void add(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
@@ -263,3 +265,4 @@ int crypto_scalarmult_curve25519(unsigne
for (i = 0;i < 32;++i) q[i] = work[64 + i];
return 0;
}
+#endif /* WITHOUT_ED25519 */
diff -pur old/ssh-add.0 new/ssh-add.0
--- old/ssh-add.0
+++ new/ssh-add.0
@@ -11,7 +11,7 @@ SYNOPSIS
DESCRIPTION
ssh-add adds private key identities to the authentication agent,
ssh-agent(1). When run without arguments, it adds the files
- ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and
+ ~/.ssh/id_rsa, ~/.ssh/id_dsa, and
~/.ssh/identity. After loading a private key, ssh-add will try to load
corresponding certificate information from the filename obtained by
appending -cert.pub to the name of the private key file. Alternative
@@ -97,14 +97,6 @@ FILES
Contains the protocol version 2 DSA authentication identity of
the user.
- ~/.ssh/id_ecdsa
- Contains the protocol version 2 ECDSA authentication identity of
- the user.
-
- ~/.ssh/id_ed25519
- Contains the protocol version 2 Ed25519 authentication identity
- of the user.
-
~/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of
the user.
diff -pur old/ssh-add.1 new/ssh-add.1
--- old/ssh-add.1
+++ new/ssh-add.1
@@ -58,8 +58,6 @@ adds private key identities to the authe
When run without arguments, it adds the files
.Pa ~/.ssh/id_rsa ,
.Pa ~/.ssh/id_dsa ,
-.Pa ~/.ssh/id_ecdsa ,
-.Pa ~/.ssh/id_ed25519
and
.Pa ~/.ssh/identity .
After loading a private key,
@@ -178,10 +176,6 @@ socket used to communicate with the agen
Contains the protocol version 1 RSA authentication identity of the user.
.It Pa ~/.ssh/id_dsa
Contains the protocol version 2 DSA authentication identity of the user.
-.It Pa ~/.ssh/id_ecdsa
-Contains the protocol version 2 ECDSA authentication identity of the user.
-.It Pa ~/.ssh/id_ed25519
-Contains the protocol version 2 Ed25519 authentication identity of the user.
.It Pa ~/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
.El
diff -pur old/ssh-add.c new/ssh-add.c
--- old/ssh-add.c
+++ new/ssh-add.c
@@ -78,7 +78,9 @@ static char *default_files[] = {
_PATH_SSH_CLIENT_ID_ECDSA,
#endif
#endif /* WITH_OPENSSL */
- _PATH_SSH_CLIENT_ID_ED25519,
+#ifndef WITHOUT_ED25519
+ _PATH_SSH_CLIENT_ID_ED25519,
+#endif /* WITHOUT_ED25519 */
#ifdef WITH_SSH1
_PATH_SSH_CLIENT_IDENTITY,
#endif
diff -pur old/ssh-agent.0 new/ssh-agent.0
--- old/ssh-agent.0
+++ new/ssh-agent.0
@@ -10,7 +10,7 @@ SYNOPSIS
DESCRIPTION
ssh-agent is a program to hold private keys used for public key
- authentication (RSA, DSA, ECDSA, Ed25519). ssh-agent is usually started
+ authentication (RSA, DSA). ssh-agent is usually started
in the beginning of an X-session or a login session, and all other
windows or programs are started as clients to the ssh-agent program.
Through use of environment variables the agent can be located and
diff -pur old/ssh-agent.1 new/ssh-agent.1
--- old/ssh-agent.1
+++ new/ssh-agent.1
@@ -54,7 +54,7 @@
.Sh DESCRIPTION
.Nm
is a program to hold private keys used for public key authentication
-(RSA, DSA, ECDSA, Ed25519).
+(RSA, DSA).
.Nm
is usually started in the beginning of an X-session or a login session, and
all other windows or programs are started as clients to the ssh-agent
diff -pur old/ssh-ed25519.c new/ssh-ed25519.c
--- old/ssh-ed25519.c
+++ new/ssh-ed25519.c
@@ -17,6 +17,8 @@
#include "includes.h"
+#ifndef WITHOUT_ED25519
+
#include <sys/types.h>
#include <limits.h>
@@ -164,3 +166,4 @@ ssh_ed25519_verify(const struct sshkey *
free(ktype);
return r;
}
+#endif /* WITHOUT_ED25519 */
diff -pur old/ssh-keygen.0 new/ssh-keygen.0
--- old/ssh-keygen.0
+++ new/ssh-keygen.0
@@ -4,7 +4,7 @@ NAME
ssh-keygen M-bM-^@M-^S authentication key generation, management and conversion
SYNOPSIS
- ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
+ ssh-keygen [-q] [-b bits] [-t dsa | rsa | rsa1]
[-N new_passphrase] [-C comment] [-f output_keyfile]
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
ssh-keygen -i [-m key_format] [-f input_keyfile]
@@ -32,7 +32,7 @@ SYNOPSIS
DESCRIPTION
ssh-keygen generates, manages and converts authentication keys for
ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1
- and DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2.
+ and DSA or RSA keys for use by SSH protocol version 2.
The type of key to be generated is specified with the -t option. If
invoked without any arguments, ssh-keygen will generate an RSA key for
use in SSH protocol 2 connections.
@@ -46,7 +46,7 @@ DESCRIPTION
Normally each user wishing to use SSH with public key authentication runs
this once to create the authentication key in ~/.ssh/identity,
- ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or ~/.ssh/id_rsa.
+ ~/.ssh/id_dsa or ~/.ssh/id_rsa.
Additionally, the system administrator may use this to generate host
keys, as seen in /etc/rc.
@@ -79,14 +79,14 @@ DESCRIPTION
The options are as follows:
- -A For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) for
+ -A For each of the key types (rsa1, rsa and dsa) for
which host keys do not exist, generate the host keys with the
default key file path, an empty passphrase, default bits for the
key type, and default comment. This is used by /etc/rc to
generate new host keys.
-a rounds
- When saving a new-format private key (i.e. an ed25519 key or any
+ When saving a new-format private key (i.e.
SSH protocol 2 key when the -o flag is set), this option
specifies the number of KDF (key derivation function) rounds
used. Higher numbers result in slower passphrase verification
@@ -103,12 +103,7 @@ DESCRIPTION
Specifies the number of bits in the key to create. For RSA keys,
the minimum size is 1024 bits and the default is 2048 bits.
Generally, 2048 bits is considered sufficient. DSA keys must be
- exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys,
- the -b flag determines the key length by selecting from one of
- three elliptic curve sizes: 256, 384 or 521 bits. Attempting to
- use bit lengths other than these three values for ECDSA keys will
- fail. Ed25519 keys have a fixed length and the -b flag will be
- ignored.
+ exactly 1024 bits as specified by FIPS 186-2.
-C comment
Provides a new comment.
@@ -279,7 +274,7 @@ DESCRIPTION
new OpenSSH format rather than the more compatible PEM format.
The new format has increased resistance to brute-force password
cracking but is not supported by versions of OpenSSH prior to
- 6.5. Ed25519 keys always use the new private key format.
+ 6.5.
-P passphrase
Provides the (old) passphrase.
@@ -318,9 +313,9 @@ DESCRIPTION
Test DH group exchange candidate primes (generated using the -G
option) for safety.
- -t dsa | ecdsa | ed25519 | rsa | rsa1
+ -t dsa | rsa | rsa1
Specifies the type of key to create. The possible values are
- M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or
+ M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], or
M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2.
-u Update a KRL. When specified with -k, keys listed via the
@@ -525,10 +520,8 @@ FILES
contents of this file secret.
~/.ssh/id_dsa
- ~/.ssh/id_ecdsa
- ~/.ssh/id_ed25519
~/.ssh/id_rsa
- Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
+ Contains the protocol version 2 DSA or RSA
authentication identity of the user. This file should not be
readable by anyone but the user. It is possible to specify a
passphrase when generating the key; that passphrase will be used
@@ -538,10 +531,8 @@ FILES
read this file when a login attempt is made.
~/.ssh/id_dsa.pub
- ~/.ssh/id_ecdsa.pub
- ~/.ssh/id_ed25519.pub
~/.ssh/id_rsa.pub
- Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA public
+ Contains the protocol version 2 DSA or RSA public
key for authentication. The contents of this file should be
added to ~/.ssh/authorized_keys on all machines where the user
wishes to log in using public key authentication. There is no
diff -pur old/ssh-keygen.1 new/ssh-keygen.1
--- old/ssh-keygen.1
+++ new/ssh-keygen.1
@@ -46,7 +46,7 @@
.Nm ssh-keygen
.Op Fl q
.Op Fl b Ar bits
-.Op Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
+.Op Fl t Cm dsa | rsa | rsa1
.Op Fl N Ar new_passphrase
.Op Fl C Ar comment
.Op Fl f Ar output_keyfile
@@ -142,7 +142,7 @@ generates, manages and converts authenti
.Xr ssh 1 .
.Nm
can create RSA keys for use by SSH protocol version 1 and
-DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2.
+DSA or RSA keys for use by SSH protocol version 2.
The type of key to be generated is specified with the
.Fl t
option.
@@ -170,8 +170,6 @@ with public key authentication runs this
key in
.Pa ~/.ssh/identity ,
.Pa ~/.ssh/id_dsa ,
-.Pa ~/.ssh/id_ecdsa ,
-.Pa ~/.ssh/id_ed25519
or
.Pa ~/.ssh/id_rsa .
Additionally, the system administrator may use this to generate host keys,
@@ -219,7 +217,7 @@ should be placed to be activated.
The options are as follows:
.Bl -tag -width Ds
.It Fl A
-For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519)
+For each of the key types (rsa1, rsa and dsa)
for which host keys
do not exist, generate the host keys with the default key file path,
an empty passphrase, default bits for the key type, and default comment.
@@ -227,7 +225,7 @@ This is used by
.Pa /etc/rc
to generate new host keys.
.It Fl a Ar rounds
-When saving a new-format private key (i.e. an ed25519 key or any SSH protocol
+When saving a new-format private key (i.e. SSH protocol
2 key when the
.Fl o
flag is set), this option specifies the number of KDF (key derivation function)
@@ -247,15 +245,6 @@ Specifies the number of bits in the key
For RSA keys, the minimum size is 1024 bits and the default is 2048 bits.
Generally, 2048 bits is considered sufficient.
DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
-For ECDSA keys, the
-.Fl b
-flag determines the key length by selecting from one of three elliptic
-curve sizes: 256, 384 or 521 bits.
-Attempting to use bit lengths other than these three values for ECDSA keys
-will fail.
-Ed25519 keys have a fixed length and the
-.Fl b
-flag will be ignored.
.It Fl C Ar comment
Provides a new comment.
.It Fl c
@@ -478,7 +467,6 @@ to save SSH protocol 2 private keys usin
the more compatible PEM format.
The new format has increased resistance to brute-force password cracking
but is not supported by versions of OpenSSH prior to 6.5.
-Ed25519 keys always use the new private key format.
.It Fl P Ar passphrase
Provides the (old) passphrase.
.It Fl p
@@ -524,14 +512,12 @@ section for details.
Test DH group exchange candidate primes (generated using the
.Fl G
option) for safety.
-.It Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
+.It Fl t Cm dsa | rsa | rsa1
Specifies the type of key to create.
The possible values are
.Dq rsa1
for protocol version 1 and
.Dq dsa ,
-.Dq ecdsa ,
-.Dq ed25519 ,
or
.Dq rsa
for protocol version 2.
@@ -810,10 +796,8 @@ where the user wishes to log in using RS
There is no need to keep the contents of this file secret.
.Pp
.It Pa ~/.ssh/id_dsa
-.It Pa ~/.ssh/id_ecdsa
-.It Pa ~/.ssh/id_ed25519
.It Pa ~/.ssh/id_rsa
-Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
+Contains the protocol version 2 DSA or RSA
authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
@@ -826,10 +810,8 @@ but it is offered as the default file fo
will read this file when a login attempt is made.
.Pp
.It Pa ~/.ssh/id_dsa.pub
-.It Pa ~/.ssh/id_ecdsa.pub
-.It Pa ~/.ssh/id_ed25519.pub
.It Pa ~/.ssh/id_rsa.pub
-Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
+Contains the protocol version 2 DSA or RSA
public key for authentication.
The contents of this file should be added to
.Pa ~/.ssh/authorized_keys
diff -pur old/ssh-keygen.c new/ssh-keygen.c
--- old/ssh-keygen.c
+++ new/ssh-keygen.c
@@ -217,7 +217,11 @@ type_bits_valid(int type, const char *na
fatal("key bits exceeds maximum %d", maxbits);
if (type == KEY_DSA && *bitsp != 1024)
fatal("DSA keys must be 1024 bits");
- else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 1024)
+ else if (type != KEY_ECDSA &&
+#ifndef WITHOUT_ED25519
+ type != KEY_ED25519 &&
+#endif /* WITHOUT_ED25519 */
+ *bitsp < 1024)
fatal("Key must at least be 1024 bits");
else if (type == KEY_ECDSA && sshkey_ecdsa_bits_to_nid(*bitsp) == -1)
fatal("Invalid ECDSA key length - valid lengths are "
@@ -252,10 +256,12 @@ ask_filename(struct passwd *pw, const ch
case KEY_RSA:
name = _PATH_SSH_CLIENT_ID_RSA;
break;
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
case KEY_ED25519_CERT:
name = _PATH_SSH_CLIENT_ID_ED25519;
break;
+#endif /* WITHOUT_ED25519 */
default:
fatal("bad key type");
}
@@ -939,7 +945,9 @@ do_gen_all_hostkeys(struct passwd *pw)
{ "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },
#endif /* OPENSSL_HAS_ECC */
#endif /* WITH_OPENSSL */
- { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
+#ifndef WITHOUT_ED25519
+ { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
+#endif /* WITHOUT_ED25519 */
{ NULL, NULL, NULL }
};
@@ -1605,7 +1613,10 @@ do_ca_sign(struct passwd *pw, int argc,
fatal("%s: unable to open \"%s\": %s",
__func__, tmp, ssh_err(r));
if (public->type != KEY_RSA && public->type != KEY_DSA &&
- public->type != KEY_ECDSA && public->type != KEY_ED25519)
+#ifndef WITHOUT_ED25519
+ public->type != KEY_ED25519 &&
+#endif /* WITHOUT_ED25519 */
+ public->type != KEY_ECDSA)
fatal("%s: key \"%s\" type %s cannot be certified",
__func__, tmp, sshkey_type(public));
@@ -2502,8 +2513,10 @@ main(int argc, char **argv)
_PATH_HOST_DSA_KEY_FILE, rr_hostname);
n += do_print_resource_record(pw,
_PATH_HOST_ECDSA_KEY_FILE, rr_hostname);
+#ifndef WITHOUT_ED25519
n += do_print_resource_record(pw,
_PATH_HOST_ED25519_KEY_FILE, rr_hostname);
+#endif /* WITHOUT_ED25519 */
if (n == 0)
fatal("no keys found.");
exit(0);
diff -pur old/ssh-keyscan.0 new/ssh-keyscan.0
--- old/ssh-keyscan.0
+++ new/ssh-keyscan.0
@@ -48,9 +48,9 @@ DESCRIPTION
-t type
Specifies the type of the key to fetch from the scanned hosts.
The possible values are M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^],
- M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2. Multiple
+ or M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2. Multiple
values may be specified by separating them with commas. The
- default is to fetch M-bM-^@M-^\rsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], and M-bM-^@M-^\ed25519M-bM-^@M-^] keys.
+ default is to fetch M-bM-^@M-^\rsaM-bM-^@M-^] keys.
-v Verbose mode. Causes ssh-keyscan to print debugging messages
about its progress.
@@ -72,12 +72,11 @@ FILES
host-or-namelist bits exponent modulus
- Output format for RSA, DSA, ECDSA, and Ed25519 keys:
+ Output format for RSA, and DSA keys:
host-or-namelist keytype base64-encoded-key
- Where keytype is either M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^],
- M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
+ Where keytype is either M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
/etc/ssh/ssh_known_hosts
@@ -89,7 +88,7 @@ EXAMPLES
Find all hosts from the file ssh_hosts which have new or different keys
from those in the sorted file ssh_known_hosts:
- $ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \
+ $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \
sort -u - ssh_known_hosts | diff ssh_known_hosts -
SEE ALSO
diff -pur old/ssh-keyscan.1 new/ssh-keyscan.1
--- old/ssh-keyscan.1
+++ new/ssh-keyscan.1
@@ -90,18 +90,13 @@ Specifies the type of the key to fetch f
The possible values are
.Dq rsa1
for protocol version 1 and
-.Dq dsa ,
-.Dq ecdsa ,
-.Dq ed25519 ,
+.Dq dsa
or
.Dq rsa
for protocol version 2.
Multiple values may be specified by separating them with commas.
The default is to fetch
-.Dq rsa ,
-.Dq ecdsa ,
-and
-.Dq ed25519
+.Dq rsa
keys.
.It Fl v
Verbose mode.
@@ -130,7 +125,7 @@ Output format for RSA1 keys:
host-or-namelist bits exponent modulus
.Ed
.Pp
-Output format for RSA, DSA, ECDSA, and Ed25519 keys:
+Output format for RSA and DSA keys:
.Bd -literal
host-or-namelist keytype base64-encoded-key
.Ed
@@ -138,10 +133,6 @@ host-or-namelist keytype base64-encoded-
Where
.Ar keytype
is either
-.Dq ecdsa-sha2-nistp256 ,
-.Dq ecdsa-sha2-nistp384 ,
-.Dq ecdsa-sha2-nistp521 ,
-.Dq ssh-ed25519 ,
.Dq ssh-dss
or
.Dq ssh-rsa .
@@ -159,7 +150,7 @@ Find all hosts from the file
which have new or different keys from those in the sorted file
.Pa ssh_known_hosts :
.Bd -literal
-$ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \e
+$ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e
sort -u - ssh_known_hosts | diff ssh_known_hosts -
.Ed
.Sh SEE ALSO
diff -pur old/ssh-keyscan.c new/ssh-keyscan.c
--- old/ssh-keyscan.c
+++ new/ssh-keyscan.c
@@ -286,7 +286,9 @@ keygrab_ssh2(con *c)
c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
# endif
#endif
+#ifndef WITHOUT_ED25519
c->c_ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;
+#endif /* WITHOUT_ED25519 */
ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper);
/*
* do the key-exchange until an error occurs or until
@@ -612,10 +614,15 @@ do_host(char *host)
{
char *name = strnnsep(&host, " \t\n");
int j;
+#ifndef WITHOUT_ED25519
+ int max_kt = KT_ED25519;
+#else
+ int max_kt = KT_ECDSA;
+#endif /* WITHOUT_ED25519 */
if (name == NULL)
return;
- for (j = KT_RSA1; j <= KT_ED25519; j *= 2) {
+ for (j = KT_RSA1; j <= max_kt; j *= 2) {
if (get_keytypes & j) {
while (ncon >= MAXCON)
conloop();
@@ -719,9 +726,11 @@ main(int argc, char **argv)
case KEY_RSA:
get_keytypes |= KT_RSA;
break;
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
get_keytypes |= KT_ED25519;
break;
+#endif /* WITHOUT_ED25519 */
case KEY_UNSPEC:
fatal("unknown key type %s", tname);
}
diff -pur old/ssh-keysign.0 new/ssh-keysign.0
--- old/ssh-keysign.0
+++ new/ssh-keysign.0
@@ -24,8 +24,6 @@ FILES
Controls whether ssh-keysign is enabled.
/etc/ssh/ssh_host_dsa_key
- /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to
generate the digital signature. They should be owned by root,
@@ -34,8 +32,6 @@ FILES
host-based authentication is used.
/etc/ssh/ssh_host_dsa_key-cert.pub
- /etc/ssh/ssh_host_ecdsa_key-cert.pub
- /etc/ssh/ssh_host_ed25519_key-cert.pub
/etc/ssh/ssh_host_rsa_key-cert.pub
If these files exist they are assumed to contain public
certificate information corresponding with the private keys
diff -pur old/ssh-keysign.8 new/ssh-keysign.8
--- old/ssh-keysign.8
+++ new/ssh-keysign.8
@@ -62,8 +62,6 @@ Controls whether
is enabled.
.Pp
.It Pa /etc/ssh/ssh_host_dsa_key
-.It Pa /etc/ssh/ssh_host_ecdsa_key
-.It Pa /etc/ssh/ssh_host_ed25519_key
.It Pa /etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to
generate the digital signature.
@@ -74,8 +72,6 @@ Since they are readable only by root,
must be set-uid root if host-based authentication is used.
.Pp
.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub
-.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub
-.It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub
.It Pa /etc/ssh/ssh_host_rsa_key-cert.pub
If these files exist they are assumed to contain public certificate
information corresponding with the private keys above.
diff -pur old/ssh-keysign.c new/ssh-keysign.c
--- old/ssh-keysign.c
+++ new/ssh-keysign.c
@@ -168,7 +168,7 @@ main(int argc, char **argv)
{
struct sshbuf *b;
Options options;
-#define NUM_KEYTYPES 4
+#define NUM_KEYTYPES 3
struct sshkey *keys[NUM_KEYTYPES], *key = NULL;
struct passwd *pw;
int r, key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
@@ -190,7 +190,9 @@ main(int argc, char **argv)
/* XXX This really needs to read sshd_config for the paths */
key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
+#ifndef WITHOUT_ED25519
key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
+#endif /* WITHOUT_ED25519 */
key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
original_real_uid = getuid(); /* XXX readconf.c needs this */
diff -pur old/ssh.0 new/ssh.0
--- old/ssh.0
+++ new/ssh.0
@@ -140,8 +140,8 @@ DESCRIPTION
-i identity_file
Selects a file from which the identity (private key) for public
key authentication is read. The default is ~/.ssh/identity for
- protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
- ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
+ protocol version 1, and ~/.ssh/id_dsa
+ and ~/.ssh/id_rsa for protocol version 2.
Identity files may also be specified on a per-host basis in the
configuration file. It is possible to have multiple -i options
(and multiple identities specified in configuration files). ssh
@@ -463,7 +463,7 @@ AUTHENTICATION
creates a public/private key pair for authentication purposes. The
server knows the public key, and only the user knows the private key.
ssh implements public key authentication protocol automatically, using
- one of the DSA, ECDSA, Ed25519 or RSA algorithms. Protocol 1 is
+ one of the DSA or RSA algorithms. Protocol 1 is
restricted to using only RSA keys, but protocol 2 may use any. The
HISTORY section of ssl(8) contains a brief discussion of the DSA and RSA
algorithms.
@@ -476,11 +476,9 @@ AUTHENTICATION
The user creates his/her key pair by running ssh-keygen(1). This stores
the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol
- 2 DSA), ~/.ssh/id_ecdsa (protocol 2 ECDSA), ~/.ssh/id_ed25519 (protocol 2
- Ed25519), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in
- ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA),
- ~/.ssh/id_ecdsa.pub (protocol 2 ECDSA), ~/.ssh/id_ed25519.pub (protocol 2
- Ed25519), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home
+ 2 DSA) or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in
+ ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA)
+ or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home
directory. The user should then copy the public key to
~/.ssh/authorized_keys in his/her home directory on the remote machine.
The authorized_keys file corresponds to the conventional ~/.rhosts file,
@@ -825,7 +823,7 @@ FILES
for the user, and not accessible by others.
~/.ssh/authorized_keys
- Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used
+ Lists the public keys (DSA, RSA) that can be used
for logging in as this user. The format of this file is
described in the sshd(8) manual page. This file is not highly
sensitive, but the recommended permissions are read/write for the
@@ -843,8 +841,6 @@ FILES
~/.ssh/identity
~/.ssh/id_dsa
- ~/.ssh/id_ecdsa
- ~/.ssh/id_ed25519
~/.ssh/id_rsa
Contains the private key for authentication. These files contain
sensitive data and should be readable by the user but not
@@ -856,8 +852,6 @@ FILES
~/.ssh/identity.pub
~/.ssh/id_dsa.pub
- ~/.ssh/id_ecdsa.pub
- ~/.ssh/id_ed25519.pub
~/.ssh/id_rsa.pub
Contains the public key for authentication. These files are not
sensitive and can (but need not) be readable by anyone.
@@ -888,8 +882,6 @@ FILES
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_dsa_key
- /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys and are
used for host-based authentication. If protocol version 1 is
diff -pur old/ssh.1 new/ssh.1
--- old/ssh.1
+++ new/ssh.1
@@ -292,9 +292,7 @@ public key authentication is read.
The default is
.Pa ~/.ssh/identity
for protocol version 1, and
-.Pa ~/.ssh/id_dsa ,
-.Pa ~/.ssh/id_ecdsa ,
-.Pa ~/.ssh/id_ed25519
+.Pa ~/.ssh/id_dsa
and
.Pa ~/.ssh/id_rsa
for protocol version 2.
@@ -848,7 +846,7 @@ key pair for authentication purposes.
The server knows the public key, and only the user knows the private key.
.Nm
implements public key authentication protocol automatically,
-using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
+using one of the DSA or RSA algorithms.
Protocol 1 is restricted to using only RSA keys,
but protocol 2 may use any.
The HISTORY section of
@@ -873,10 +871,6 @@ This stores the private key in
(protocol 1),
.Pa ~/.ssh/id_dsa
(protocol 2 DSA),
-.Pa ~/.ssh/id_ecdsa
-(protocol 2 ECDSA),
-.Pa ~/.ssh/id_ed25519
-(protocol 2 Ed25519),
or
.Pa ~/.ssh/id_rsa
(protocol 2 RSA)
@@ -885,10 +879,6 @@ and stores the public key in
(protocol 1),
.Pa ~/.ssh/id_dsa.pub
(protocol 2 DSA),
-.Pa ~/.ssh/id_ecdsa.pub
-(protocol 2 ECDSA),
-.Pa ~/.ssh/id_ed25519.pub
-(protocol 2 Ed25519),
or
.Pa ~/.ssh/id_rsa.pub
(protocol 2 RSA)
@@ -1444,7 +1434,7 @@ secret, but the recommended permissions
and not accessible by others.
.Pp
.It Pa ~/.ssh/authorized_keys
-Lists the public keys (DSA, ECDSA, Ed25519, RSA)
+Lists the public keys (DSA, RSA)
that can be used for logging in as this user.
The format of this file is described in the
.Xr sshd 8
@@ -1466,8 +1456,6 @@ above.
.Pp
.It Pa ~/.ssh/identity
.It Pa ~/.ssh/id_dsa
-.It Pa ~/.ssh/id_ecdsa
-.It Pa ~/.ssh/id_ed25519
.It Pa ~/.ssh/id_rsa
Contains the private key for authentication.
These files
@@ -1481,8 +1469,6 @@ sensitive part of this file using 3DES.
.Pp
.It Pa ~/.ssh/identity.pub
.It Pa ~/.ssh/id_dsa.pub
-.It Pa ~/.ssh/id_ecdsa.pub
-.It Pa ~/.ssh/id_ed25519.pub
.It Pa ~/.ssh/id_rsa.pub
Contains the public key for authentication.
These files are not
@@ -1521,8 +1507,6 @@ The file format and configuration option
.Pp
.It Pa /etc/ssh/ssh_host_key
.It Pa /etc/ssh/ssh_host_dsa_key
-.It Pa /etc/ssh/ssh_host_ecdsa_key
-.It Pa /etc/ssh/ssh_host_ed25519_key
.It Pa /etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys
and are used for host-based authentication.
diff -pur old/ssh.c new/ssh.c
--- old/ssh.c
+++ new/ssh.c
@@ -1233,8 +1233,10 @@ main(int ac, char **av)
sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA,
_PATH_HOST_ECDSA_KEY_FILE, "", NULL);
#endif
+#ifndef WITHOUT_ED25519
sensitive_data.keys[2] = key_load_private_cert(KEY_ED25519,
_PATH_HOST_ED25519_KEY_FILE, "", NULL);
+#endif /* WITHOUT_ED25519 */
sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
_PATH_HOST_RSA_KEY_FILE, "", NULL);
sensitive_data.keys[4] = key_load_private_cert(KEY_DSA,
@@ -1243,8 +1245,10 @@ main(int ac, char **av)
sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA,
_PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL);
#endif
+#ifndef WITHOUT_ED25519
sensitive_data.keys[6] = key_load_private_type(KEY_ED25519,
_PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL);
+#endif /* WITHOUT_ED25519 */
sensitive_data.keys[7] = key_load_private_type(KEY_RSA,
_PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
sensitive_data.keys[8] = key_load_private_type(KEY_DSA,
@@ -1261,8 +1265,10 @@ main(int ac, char **av)
sensitive_data.keys[1] = key_load_cert(
_PATH_HOST_ECDSA_KEY_FILE);
#endif
+#ifndef WITHOUT_ED25519
sensitive_data.keys[2] = key_load_cert(
_PATH_HOST_ED25519_KEY_FILE);
+#endif /* WITHOUT_ED25519 */
sensitive_data.keys[3] = key_load_cert(
_PATH_HOST_RSA_KEY_FILE);
sensitive_data.keys[4] = key_load_cert(
@@ -1271,8 +1277,10 @@ main(int ac, char **av)
sensitive_data.keys[5] = key_load_public(
_PATH_HOST_ECDSA_KEY_FILE, NULL);
#endif
+#ifndef WITHOUT_ED25519
sensitive_data.keys[6] = key_load_public(
_PATH_HOST_ED25519_KEY_FILE, NULL);
+#endif /* WITHOUT_ED25519 */
sensitive_data.keys[7] = key_load_public(
_PATH_HOST_RSA_KEY_FILE, NULL);
sensitive_data.keys[8] = key_load_public(
diff -pur old/ssh_api.c new/ssh_api.c
--- old/ssh_api.c
+++ new/ssh_api.c
@@ -109,7 +109,9 @@ ssh_init(struct ssh **sshp, int is_serve
ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
# endif
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
+#endif /* WITHOUT_ED25519 */
ssh->kex->load_host_public_key=&_ssh_host_public_key;
ssh->kex->load_host_private_key=&_ssh_host_private_key;
ssh->kex->sign=&_ssh_host_key_sign;
@@ -123,7 +125,9 @@ ssh_init(struct ssh **sshp, int is_serve
ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
# endif
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;
+#endif /* WITHOUT_ED25519 */
ssh->kex->verify_host_key =&_ssh_verify_host_key;
}
*sshp = ssh;
diff -pur old/ssh_config.0 new/ssh_config.0
--- old/ssh_config.0
+++ new/ssh_config.0
@@ -444,13 +444,8 @@ DESCRIPTION
specified key types will be appended to the default set instead
of replacing them. The default for this option is:
- [email protected],
- [email protected],
- [email protected],
- [email protected],
[email protected],
- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
- ssh-ed25519,ssh-rsa
+ ssh-rsa
The -Q option of ssh(1) may be used to list supported key types.
@@ -461,13 +456,8 @@ DESCRIPTION
key types will be appended to the default set instead of
replacing them. The default for this option is:
- [email protected],
- [email protected],
- [email protected],
- [email protected],
[email protected],
- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
- ssh-ed25519,ssh-rsa
+ ssh-rsa
If hostkeys are known for the destination host then this default
is modified to prefer their algorithms.
@@ -503,10 +493,10 @@ DESCRIPTION
default is M-bM-^@M-^\noM-bM-^@M-^].
IdentityFile
- Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA
+ Specifies a file from which the user's DSA or RSA
authentication identity is read. The default is ~/.ssh/identity
- for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
- ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
+ for protocol version 1, and ~/.ssh/id_dsa
+ and ~/.ssh/id_rsa for protocol version 2.
Additionally, any identities represented by the authentication
agent will be used for authentication unless IdentitiesOnly is
set. ssh(1) will try to load certificate information from the
@@ -569,7 +559,6 @@ DESCRIPTION
will be appended to the default set instead of replacing them.
The default is:
- [email protected],
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group-exchange-sha1,
@@ -727,13 +716,8 @@ DESCRIPTION
types after it will be appended to the default instead of
replacing it. The default for this option is:
- [email protected],
- [email protected],
- [email protected],
- [email protected],
[email protected],
- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
- ssh-ed25519,ssh-rsa
+ ssh-rsa
The -Q option of ssh(1) may be used to list supported key types.
diff -pur old/ssh_config.5 new/ssh_config.5
--- old/ssh_config.5
+++ new/ssh_config.5
@@ -806,13 +806,8 @@ character, then the specified key types
instead of replacing them.
The default for this option is:
.Bd -literal -offset 3n
[email protected],
[email protected],
[email protected],
[email protected],
[email protected],
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-rsa
.Ed
.Pp
The
@@ -829,13 +824,8 @@ character, then the specified key types
instead of replacing them.
The default for this option is:
.Bd -literal -offset 3n
[email protected],
[email protected],
[email protected],
[email protected],
[email protected],
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-rsa
.Ed
.Pp
If hostkeys are known for the destination host then this default is modified
@@ -890,14 +880,12 @@ offers many different identities.
The default is
.Dq no .
.It Cm IdentityFile
-Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication
+Specifies a file from which the user's DSA or RSA authentication
identity is read.
The default is
.Pa ~/.ssh/identity
for protocol version 1, and
.Pa ~/.ssh/id_dsa ,
-.Pa ~/.ssh/id_ecdsa ,
-.Pa ~/.ssh/id_ed25519
and
.Pa ~/.ssh/id_rsa
for protocol version 2.
@@ -1014,7 +1002,6 @@ character, then the specified methods wi
instead of replacing them.
The default is:
.Bd -literal -offset indent
[email protected],
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group-exchange-sha1,
@@ -1259,13 +1246,8 @@ character, then the key types after it w
instead of replacing it.
The default for this option is:
.Bd -literal -offset 3n
[email protected],
[email protected],
[email protected],
[email protected],
[email protected],
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-rsa
.Ed
.Pp
The
diff -pur old/sshconnect.c new/sshconnect.c
--- old/sshconnect.c
+++ new/sshconnect.c
@@ -1392,7 +1392,9 @@ show_other_keys(struct hostkeys *hostkey
KEY_RSA,
KEY_DSA,
KEY_ECDSA,
+#ifndef WITHOUT_ED25519
KEY_ED25519,
+#endif /* WITHOUT_ED25519 */
-1
};
int i, ret = 0;
diff -pur old/sshconnect2.c new/sshconnect2.c
--- old/sshconnect2.c
+++ new/sshconnect2.c
@@ -247,7 +247,9 @@ ssh_kex2(char *host, struct sockaddr *ho
kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
# endif
#endif
+#ifndef WITHOUT_ED25519
kex->kex[KEX_C25519_SHA256] = kexc25519_client;
+#endif /* WITHOUT_ED25519 */
#ifdef GSSAPI
if (options.gss_keyex) {
kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
diff -pur old/sshd.0 new/sshd.0
--- old/sshd.0
+++ new/sshd.0
@@ -81,8 +81,7 @@ DESCRIPTION
be given if sshd is not run as root (as the normal host key files
are normally not readable by anyone but root). The default is
/etc/ssh/ssh_host_key for protocol version 1, and
- /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key.
- /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for
+ /etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key for
protocol version 2. It is possible to have multiple host key
files for the different protocol versions and host key
algorithms.
@@ -146,7 +145,7 @@ DESCRIPTION
AUTHENTICATION
The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to
use protocol 2 only, though this can be changed via the Protocol option
- in sshd_config(5). Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
+ in sshd_config(5). Protocol 2 supports DSA and RSA keys;
protocol 1 only supports RSA keys. For both protocols, each host has a
host-specific key, normally 2048 bits, used to identify the host.
@@ -279,15 +278,13 @@ AUTHORIZED_KEYS FILE FORMAT
starts with a number). The bits, exponent, modulus, and comment fields
give the RSA key for protocol version 1; the comment field is not used
for anything (but may be convenient for the user to identify the key).
- For protocol version 2 the keytype is M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^],
- M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or
- M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
+ For protocol version 2 the keytype is M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
Note that lines in this file are usually several hundred bytes long
(because of the size of the public key encoding) up to a limit of 8
kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16
kilobits. You don't want to type them in; instead, copy the
- identity.pub, id_dsa.pub, id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub
+ identity.pub, id_dsa.pub or the id_rsa.pub
file and edit it.
sshd enforces a minimum RSA key modulus size for protocol 1 and protocol
@@ -514,7 +511,7 @@ FILES
for the user, and not accessible by others.
~/.ssh/authorized_keys
- Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used
+ Lists the public keys (DSA, RSA) that can be used
for logging in as this user. The format of this file is
described above. The content of the file is not highly
sensitive, but the recommended permissions are read/write for the
@@ -570,8 +567,6 @@ FILES
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_dsa_key
- /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys. These
files should only be owned by root, readable only by root, and
@@ -580,8 +575,6 @@ FILES
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_dsa_key.pub
- /etc/ssh/ssh_host_ecdsa_key.pub
- /etc/ssh/ssh_host_ed25519_key.pub
/etc/ssh/ssh_host_rsa_key.pub
These files contain the public parts of the host keys. These
files should be world-readable but writable only by root. Their
diff -pur old/sshd.8 new/sshd.8
--- old/sshd.8 2015-12-10 12:36:52.040393250 -0800
+++ new/sshd.8 2015-12-10 12:40:30.706984900 -0800
@@ -172,8 +172,6 @@ The default is
.Pa /etc/ssh/ssh_host_key
for protocol version 1, and
.Pa /etc/ssh/ssh_host_dsa_key ,
-.Pa /etc/ssh/ssh_host_ecdsa_key .
-.Pa /etc/ssh/ssh_host_ed25519_key
and
.Pa /etc/ssh/ssh_host_rsa_key
for protocol version 2.
@@ -275,7 +273,7 @@ though this can be changed via the
.Cm Protocol
option in
.Xr sshd_config 4 .
-Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
+Protocol 2 supports DSA and RSA keys;
protocol 1 only supports RSA keys.
For both protocols,
each host has a host-specific key,
@@ -491,10 +489,6 @@ protocol version 1; the
comment field is not used for anything (but may be convenient for the
user to identify the key).
For protocol version 2 the keytype is
-.Dq ecdsa-sha2-nistp256 ,
-.Dq ecdsa-sha2-nistp384 ,
-.Dq ecdsa-sha2-nistp521 ,
-.Dq ssh-ed25519 ,
.Dq ssh-dss
or
.Dq ssh-rsa .
@@ -506,8 +500,6 @@ keys up to 16 kilobits.
You don't want to type them in; instead, copy the
.Pa identity.pub ,
.Pa id_dsa.pub ,
-.Pa id_ecdsa.pub ,
-.Pa id_ed25519.pub ,
or the
.Pa id_rsa.pub
file and edit it.
@@ -807,7 +799,7 @@ secret, but the recommended permissions
and not accessible by others.
.Pp
.It Pa ~/.ssh/authorized_keys
-Lists the public keys (DSA, ECDSA, Ed25519, RSA)
+Lists the public keys (DSA, RSA)
that can be used for logging in as this user.
The format of this file is described above.
The content of the file is not highly sensitive, but the recommended
@@ -881,8 +873,6 @@ rlogin/rsh.
.Pp
.It Pa /etc/ssh/ssh_host_key
.It Pa /etc/ssh/ssh_host_dsa_key
-.It Pa /etc/ssh/ssh_host_ecdsa_key
-.It Pa /etc/ssh/ssh_host_ed25519_key
.It Pa /etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys.
These files should only be owned by root, readable only by root, and not
@@ -893,8 +883,6 @@ does not start if these files are group/
.Pp
.It Pa /etc/ssh/ssh_host_key.pub
.It Pa /etc/ssh/ssh_host_dsa_key.pub
-.It Pa /etc/ssh/ssh_host_ecdsa_key.pub
-.It Pa /etc/ssh/ssh_host_ed25519_key.pub
.It Pa /etc/ssh/ssh_host_rsa_key.pub
These files contain the public parts of the host keys.
These files should be world-readable but writable only by
diff -pur old/sshd.c new/sshd.c
--- old/sshd.c
+++ new/sshd.c
@@ -811,7 +811,9 @@ list_hostkey_types(void)
case KEY_RSA:
case KEY_DSA:
case KEY_ECDSA:
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
+#endif /* WITHOUT_ED25519 */
if (buffer_len(&b) > 0)
buffer_append(&b, ",", 1);
p = key_ssh_name(key);
@@ -826,7 +828,9 @@ list_hostkey_types(void)
case KEY_RSA_CERT:
case KEY_DSA_CERT:
case KEY_ECDSA_CERT:
+#ifndef WITHOUT_ED25519
case KEY_ED25519_CERT:
+#endif /* WITHOUT_ED25519 */
if (buffer_len(&b) > 0)
buffer_append(&b, ",", 1);
p = key_ssh_name(key);
@@ -852,7 +856,9 @@ get_hostkey_by_type(int type, int nid, i
case KEY_RSA_CERT:
case KEY_DSA_CERT:
case KEY_ECDSA_CERT:
+#ifndef WITHOUT_ED25519
case KEY_ED25519_CERT:
+#endif /* WITHOUT_ED25519 */
key = sensitive_data.host_certificates[i];
break;
default:
@@ -1810,7 +1816,9 @@ main(int ac, char **av)
case KEY_RSA:
case KEY_DSA:
case KEY_ECDSA:
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
+#endif /* WITHOUT_ED25519 */
if (have_agent || key != NULL)
sensitive_data.have_ssh2_key = 1;
break;
@@ -2646,7 +2654,9 @@ do_ssh2_kex(void)
kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
# endif
#endif
+#ifndef WITHOUT_ED25519
kex->kex[KEX_C25519_SHA256] = kexc25519_server;
+#endif /* WITHOUT_ED25519 */
#ifdef GSSAPI
if (options.gss_keyex) {
kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
diff -pur old/sshd_config.0 new/sshd_config.0
--- old/sshd_config.0
+++ new/sshd_config.0
@@ -403,13 +403,8 @@ DESCRIPTION
specified key types will be appended to the default set instead
of replacing them. The default for this option is:
- [email protected],
- [email protected],
- [email protected],
- [email protected],
[email protected],
- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
- ssh-ed25519,ssh-rsa
+ ssh-rsa
The -Q option of ssh(1) may be used to list supported key types.
@@ -438,8 +433,7 @@ DESCRIPTION
HostKey
Specifies a file containing a private host key used by SSH. The
default is /etc/ssh/ssh_host_key for protocol version 1, and
- /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key,
- /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for
+ /etc/ssh/ssh_host_dsa_key, and /etc/ssh/ssh_host_rsa_key for
protocol version 2.
Note that sshd(8) will refuse to use a file if it is group/world-
@@ -447,7 +441,7 @@ DESCRIPTION
of the keys are actually used by sshd(8).
It is possible to have multiple host key files. M-bM-^@M-^\rsa1M-bM-^@M-^] keys are
- used for version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^] or M-bM-^@M-^\rsaM-bM-^@M-^] are
+ used for version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^] are
used for version 2 of the SSH protocol. It is also possible to
specify public host key files instead. In this case operations
on the private key will be delegated to an ssh-agent(1).
@@ -462,13 +456,8 @@ DESCRIPTION
Specifies the protocol version 2 host key algorithms that the
server offers. The default for this option is:
- [email protected],
- [email protected],
- [email protected],
- [email protected],
[email protected],
- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
- ssh-ed25519,ssh-rsa
+ ssh-rsa
The list of available key types may also be obtained using the -Q
option of ssh(1) with an argument of M-bM-^@M-^\keyM-bM-^@M-^].
@@ -532,7 +521,6 @@ DESCRIPTION
will be appended to the default set instead of replacing them.
The supported algorithms are:
- [email protected]
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
@@ -543,7 +531,6 @@ DESCRIPTION
The default is:
- [email protected],
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group14-sha1
@@ -787,13 +774,8 @@ DESCRIPTION
specified key types will be appended to the default set instead
of replacing them. The default for this option is:
- [email protected],
- [email protected],
- [email protected],
- [email protected],
[email protected],
- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
- ssh-ed25519,ssh-rsa
+ ssh-rsa
The -Q option of ssh(1) may be used to list supported key types.
diff -pur old/sshd_config.5 new/sshd_config.5
--- old/sshd_config.5
+++ new/sshd_config.5
@@ -712,8 +712,6 @@ The default is
.Pa /etc/ssh/ssh_host_key
for protocol version 1, and
.Pa /etc/ssh/ssh_host_dsa_key ,
-.Pa /etc/ssh/ssh_host_ecdsa_key ,
-.Pa /etc/ssh/ssh_host_ed25519_key
and
.Pa /etc/ssh/ssh_host_rsa_key
for protocol version 2.
@@ -730,8 +728,6 @@ It is possible to have multiple host key
.Dq rsa1
keys are used for version 1 and
.Dq dsa ,
-.Dq ecdsa ,
-.Dq ed25519
or
.Dq rsa
are used for version 2 of the SSH protocol.
@@ -878,8 +874,6 @@ The supported algorithms are:
.Pp
.Bl -item -compact -offset indent
.It
[email protected]
-.It
diffie-hellman-group1-sha1
.It
diffie-hellman-group14-sha1
@@ -897,7 +891,6 @@ ecdh-sha2-nistp521
.Pp
The default is:
.Bd -literal -offset indent
[email protected],
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group14-sha1
diff -pur old/sshkey.c new/sshkey.c
--- old/sshkey.c
+++ new/sshkey.c
@@ -85,9 +85,11 @@ struct keytype {
int cert;
};
static const struct keytype keytypes[] = {
+#ifndef WITHOUT_ED25519
{ "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 },
{ "[email protected]", "ED25519-CERT",
KEY_ED25519_CERT, 0, 1 },
+#endif /* WITHOUT_ED25519 */
#ifdef WITH_OPENSSL
{ NULL, "RSA1", KEY_RSA1, 0, 0 },
{ "ssh-rsa", "RSA", KEY_RSA, 0, 0 },
@@ -278,8 +280,10 @@ sshkey_size(const struct sshkey *k)
case KEY_ECDSA_CERT:
return sshkey_curve_nid_to_bits(k->ecdsa_nid);
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
case KEY_ED25519_CERT:
+#endif /* WITHOUT_ED25519 */
return 256; /* XXX */
}
return 0;
@@ -292,7 +296,9 @@ sshkey_type_is_valid_ca(int type)
case KEY_RSA:
case KEY_DSA:
case KEY_ECDSA:
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
+#endif /* WITHOUT_ED25519 */
return 1;
default:
return 0;
@@ -318,8 +324,10 @@ sshkey_type_plain(int type)
return KEY_DSA;
case KEY_ECDSA_CERT:
return KEY_ECDSA;
+#ifndef WITHOUT_ED25519
case KEY_ED25519_CERT:
return KEY_ED25519;
+#endif /* WITHOUT_ED25519 */
default:
return type;
}
@@ -472,8 +480,10 @@ sshkey_new(int type)
k->dsa = NULL;
k->rsa = NULL;
k->cert = NULL;
+#ifndef WITHOUT_ED25519
k->ed25519_sk = NULL;
k->ed25519_pk = NULL;
+#endif /* WITHOUT_ED25519 */
switch (k->type) {
#ifdef WITH_OPENSSL
case KEY_RSA1:
@@ -508,10 +518,12 @@ sshkey_new(int type)
/* Cannot do anything until we know the group */
break;
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
case KEY_ED25519_CERT:
/* no need to prealloc */
break;
+#endif /* WITHOUT_ED25519 */
case KEY_UNSPEC:
break;
default:
@@ -558,10 +570,12 @@ sshkey_add_private(struct sshkey *k)
/* Cannot do anything until we know the group */
break;
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
case KEY_ED25519_CERT:
/* no need to prealloc */
break;
+#endif /* WITHOUT_ED25519 */
case KEY_UNSPEC:
break;
default:
@@ -613,6 +627,7 @@ sshkey_free(struct sshkey *k)
break;
# endif /* OPENSSL_HAS_ECC */
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
case KEY_ED25519_CERT:
if (k->ed25519_pk) {
@@ -626,6 +641,7 @@ sshkey_free(struct sshkey *k)
k->ed25519_sk = NULL;
}
break;
+#endif /* WITHOUT_ED25519 */
case KEY_UNSPEC:
break;
default:
@@ -703,10 +719,12 @@ sshkey_equal_public(const struct sshkey
return 1;
# endif /* OPENSSL_HAS_ECC */
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
case KEY_ED25519_CERT:
return a->ed25519_pk != NULL && b->ed25519_pk != NULL &&
memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0;
+#endif /* WITHOUT_ED25519 */
default:
return 0;
}
@@ -749,7 +767,9 @@ to_blob_buf(const struct sshkey *key, st
case KEY_ECDSA_CERT:
case KEY_RSA_CERT:
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519_CERT:
+#endif /* WITHOUT_ED25519 */
/* Use the existing blob */
/* XXX modified flag? */
if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0)
@@ -786,6 +806,7 @@ to_blob_buf(const struct sshkey *key, st
return ret;
break;
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
if (key->ed25519_pk == NULL)
return SSH_ERR_INVALID_ARGUMENT;
@@ -794,6 +815,7 @@ to_blob_buf(const struct sshkey *key, st
key->ed25519_pk, ED25519_PK_SZ)) != 0)
return ret;
break;
+#endif /* WITHOUT_ED25519 */
default:
return SSH_ERR_KEY_TYPE_UNKNOWN;
}
@@ -1267,11 +1289,13 @@ sshkey_read(struct sshkey *ret, char **c
case KEY_RSA:
case KEY_DSA:
case KEY_ECDSA:
- case KEY_ED25519:
+#ifndef WITHOUT_ED25519
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
+#endif /* WITHOUT_ED25519 */
case KEY_DSA_CERT:
case KEY_ECDSA_CERT:
case KEY_RSA_CERT:
- case KEY_ED25519_CERT:
space = strchr(cp, ' ');
if (space == NULL)
return SSH_ERR_INVALID_FORMAT;
@@ -1363,6 +1387,7 @@ sshkey_read(struct sshkey *ret, char **c
}
# endif /* OPENSSL_HAS_ECC */
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
if (sshkey_type_plain(ret->type) == KEY_ED25519) {
free(ret->ed25519_pk);
ret->ed25519_pk = k->ed25519_pk;
@@ -1371,6 +1396,7 @@ sshkey_read(struct sshkey *ret, char **c
/* XXX */
#endif
}
+#endif /* WITHOUT_ED25519 */
retval = 0;
/*XXXX*/
sshkey_free(k);
@@ -1662,7 +1688,8 @@ sshkey_generate(int type, u_int bits, st
if ((k = sshkey_new(KEY_UNSPEC)) == NULL)
return SSH_ERR_ALLOC_FAIL;
switch (type) {
- case KEY_ED25519:
+#ifndef WITHOUT_ED25519
+ case KEY_ED25519:
if ((k->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL ||
(k->ed25519_sk = malloc(ED25519_SK_SZ)) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
@@ -1671,6 +1698,7 @@ sshkey_generate(int type, u_int bits, st
crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk);
ret = 0;
break;
+#endif /* WITHOUT_ED25519 */
#ifdef WITH_OPENSSL
case KEY_DSA:
ret = dsa_generate_private_key(bits, &k->dsa);
@@ -1806,6 +1834,7 @@ sshkey_from_private(const struct sshkey
}
break;
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
case KEY_ED25519_CERT:
if ((n = sshkey_new(k->type)) == NULL)
@@ -1818,6 +1847,7 @@ sshkey_from_private(const struct sshkey
memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
}
break;
+#endif /* WITHOUT_ED25519 */
default:
return SSH_ERR_KEY_TYPE_UNKNOWN;
}
@@ -2084,6 +2114,7 @@ sshkey_from_blob_internal(struct sshbuf
break;
# endif /* OPENSSL_HAS_ECC */
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519_CERT:
/* Skip nonce */
if (sshbuf_get_string_direct(b, NULL, NULL) != 0) {
@@ -2105,6 +2136,7 @@ sshkey_from_blob_internal(struct sshbuf
key->ed25519_pk = pk;
pk = NULL;
break;
+#endif /* WITHOUT_ED25519 */
case KEY_UNSPEC:
if ((key = sshkey_new(type)) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
@@ -2197,9 +2229,11 @@ sshkey_sign(const struct sshkey *key,
case KEY_RSA:
return ssh_rsa_sign(key, sigp, lenp, data, datalen, compat);
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
case KEY_ED25519_CERT:
return ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat);
+#endif /* WITHOUT_ED25519 */
default:
return SSH_ERR_KEY_TYPE_UNKNOWN;
}
@@ -2229,9 +2263,11 @@ sshkey_verify(const struct sshkey *key,
case KEY_RSA:
return ssh_rsa_verify(key, sig, siglen, data, dlen, compat);
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
case KEY_ED25519_CERT:
return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat);
+#endif /* WITHOUT_ED25519 */
default:
return SSH_ERR_KEY_TYPE_UNKNOWN;
}
@@ -2255,8 +2291,10 @@ sshkey_demote(const struct sshkey *k, st
pk->dsa = NULL;
pk->ecdsa = NULL;
pk->rsa = NULL;
+#ifndef WITHOUT_ED25519
pk->ed25519_pk = NULL;
pk->ed25519_sk = NULL;
+#endif /* WITHOUT_ED25519 */
switch (k->type) {
#ifdef WITH_OPENSSL
@@ -2306,6 +2344,7 @@ sshkey_demote(const struct sshkey *k, st
break;
# endif /* OPENSSL_HAS_ECC */
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519_CERT:
if ((ret = sshkey_cert_copy(k, pk)) != 0)
goto fail;
@@ -2319,6 +2358,7 @@ sshkey_demote(const struct sshkey *k, st
memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
}
break;
+#endif /* WITHOUT_ED25519 */
default:
ret = SSH_ERR_KEY_TYPE_UNKNOWN;
fail:
@@ -2347,9 +2387,11 @@ sshkey_to_certified(struct sshkey *k)
newtype = KEY_ECDSA_CERT;
break;
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
newtype = KEY_ED25519_CERT;
break;
+#endif /* WITHOUT_ED25519 */
default:
return SSH_ERR_INVALID_ARGUMENT;
}
@@ -2428,11 +2470,13 @@ sshkey_certify(struct sshkey *k, struct
goto out;
break;
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519_CERT:
if ((ret = sshbuf_put_string(cert,
k->ed25519_pk, ED25519_PK_SZ)) != 0)
goto out;
break;
+#endif /* WITHOUT_ED25519 */
default:
ret = SSH_ERR_INVALID_ARGUMENT;
goto out;
@@ -2607,6 +2651,7 @@ sshkey_private_serialize(const struct ss
break;
# endif /* OPENSSL_HAS_ECC */
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
if ((r = sshbuf_put_string(b, key->ed25519_pk,
ED25519_PK_SZ)) != 0 ||
@@ -2626,6 +2671,7 @@ sshkey_private_serialize(const struct ss
ED25519_SK_SZ)) != 0)
goto out;
break;
+#endif /* WITHOUT_ED25519 */
default:
r = SSH_ERR_INVALID_ARGUMENT;
goto out;
@@ -2750,6 +2796,7 @@ sshkey_private_deserialize(struct sshbuf
goto out;
break;
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
if ((k = sshkey_new_private(type)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
@@ -2780,6 +2827,7 @@ sshkey_private_deserialize(struct sshbuf
k->ed25519_sk = ed25519_sk;
ed25519_pk = ed25519_sk = NULL;
break;
+#endif /* WITHOUT_ED25519 */
default:
r = SSH_ERR_KEY_TYPE_UNKNOWN;
goto out;
@@ -3545,9 +3593,11 @@ sshkey_private_to_fileblob(struct sshkey
return sshkey_private_pem_to_blob(key, blob,
passphrase, comment);
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
return sshkey_private_to_blob2(key, blob, passphrase,
comment, new_format_cipher, new_format_rounds);
+#endif /* WITHOUT_ED25519 */
default:
return SSH_ERR_KEY_TYPE_UNKNOWN;
}
@@ -3853,9 +3903,11 @@ sshkey_parse_private_fileblob_type(struc
return sshkey_parse_private_pem_fileblob(blob, type,
passphrase, keyp);
#endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
return sshkey_parse_private2(blob, type, passphrase,
keyp, commentp);
+#endif /* WITHOUT_ED25519 */
case KEY_UNSPEC:
if ((r = sshkey_parse_private2(blob, type, passphrase, keyp,
commentp)) == 0)
diff -pur old/sshkey.h new/sshkey.h
--- old/sshkey.h
+++ new/sshkey.h
@@ -57,11 +57,15 @@ enum sshkey_types {
KEY_RSA,
KEY_DSA,
KEY_ECDSA,
- KEY_ED25519,
+#ifndef WITHOUT_ED25519
+ KEY_ED25519,
+#endif /* WITHOUT_ED25519 */
KEY_RSA_CERT,
KEY_DSA_CERT,
KEY_ECDSA_CERT,
+#ifndef WITHOUT_ED25519
KEY_ED25519_CERT,
+#endif /* WITHOUT_ED25519 */
KEY_NULL,
KEY_UNSPEC
};
@@ -104,13 +108,17 @@ struct sshkey {
DSA *dsa;
int ecdsa_nid; /* NID of curve */
EC_KEY *ecdsa;
+#ifndef WITHOUT_ED25519
u_char *ed25519_sk;
u_char *ed25519_pk;
+#endif /* WITHOUT_ED25519 */
struct sshkey_cert *cert;
};
+#ifndef WITHOUT_ED25519
#define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES
#define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES
+#endif /* WITHOUT_ED25519 */
struct sshkey *sshkey_new(int);
int sshkey_add_private(struct sshkey *);
@@ -208,11 +216,13 @@ int ssh_ecdsa_sign(const struct sshkey *
int ssh_ecdsa_verify(const struct sshkey *key,
const u_char *signature, size_t signaturelen,
const u_char *data, size_t datalen, u_int compat);
+#ifndef WITHOUT_ED25519
int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
const u_char *data, size_t datalen, u_int compat);
int ssh_ed25519_verify(const struct sshkey *key,
const u_char *signature, size_t signaturelen,
const u_char *data, size_t datalen, u_int compat);
+#endif /* WITHOUT_ED25519 */
#endif
#if !defined(WITH_OPENSSL)