From e7715095b649fd9582de4dff9930d9ee42013a6e Mon Sep 17 00:00:00 2001 From: Robey Pointer Date: Tue, 23 Dec 2003 06:44:56 +0000 Subject: [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-11] in server mode, don't offer keys we don't have (from Paolo Losi) in server mode, when advertising which key methods we support, don't list methods that we don't have any existing keys for. --- transport.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/transport.py b/transport.py index 521dbcb6..9e439344 100644 --- a/transport.py +++ b/transport.py @@ -524,11 +524,15 @@ class BaseTransport(threading.Thread): # FIXME: can't do group-exchange (gex) yet -- too slow if 'diffie-hellman-group-exchange-sha1' in self.preferred_kex: self.preferred_kex.remove('diffie-hellman-group-exchange-sha1') + + available_server_keys = filter(self.server_key_dict.keys().__contains__, + self.preferred_keys) + m = Message() m.add_byte(chr(MSG_KEXINIT)) m.add_bytes(randpool.get_bytes(16)) m.add(','.join(self.preferred_kex)) - m.add(','.join(self.preferred_keys)) + m.add(','.join(self.available_server_keys)) m.add(','.join(self.preferred_ciphers)) m.add(','.join(self.preferred_ciphers)) m.add(','.join(self.preferred_macs)) @@ -579,7 +583,9 @@ class BaseTransport(threading.Thread): self.kex_engine = self.kex_info[agreed_kex[0]](self) if self.server_mode: - agreed_keys = filter(self.preferred_keys.__contains__, server_key_algo_list) + available_server_keys = filter(self.server_key_dict.keys().__contains__, + self.preferred_keys) + agreed_keys = filter(available_server_keys.__contains__, server_key_algo_list) else: agreed_keys = filter(server_key_algo_list.__contains__, self.preferred_keys) if len(agreed_keys) == 0: -- cgit v1.2.3