Don't propose disallowed algorithms during hostkey negotiation

[ZoltanFridrich]

I would like to propose a patch from rhel-9.1.0

Context: In rhel-9.1.0 when I try to connect to host that only presents ssh-rsa host keys, the connection fails with a very cryptic error message: ssh_dispatch_run_fatal: Connection to 10.19.208.80 port 22: error in libcrypto I believe this happens because ssh-rsa is disallowed by crypto-policies but openssh disregards the configuration when negotiating hostkey algorithm. Therefore the ssh-rsa hostkey alg is negotiated and the connection fails when openssl returns an error somewhere inside sshkey_verify function.

This patch restricts the range of negotiated algorithms to only those that are allowed by the configuration. Effectively making the connection fail during hostkey negotiation and with a much more descriptive error message.

Signed-off-by: Zoltan Fridrich [email protected]

[ZoltanFridrich]

@djmdjm @daztucker Hi, can you please review this MR? I would like to know your opinion on this.

Also, I believe there still remained one memory leak. Afaik order_hostkeyalgs() returns allocated memory which is never freed.

[ZoltanFridrich]

The test failures seem expected judging by the output. Basically the negotiation fails because ssh-rsa is not accepted_algo

[djmdjm]

I added a comment on the change, but this isn't correct. We already have HostkeyAlgorithms to control which signature algorithms are used for hostkey negotiation. Your patch instead adds filtering by PubkeyAcceptedAlgorithms, which is used for user authentication.

Please just use HostkeyAlgorithms for what you're trying to achieve.