Skip to content
Snippets Groups Projects
Commit ffcd70e4 authored by Nigel Kukard's avatar Nigel Kukard
Browse files

If the 'description' field has "needs ssh-dss" in it, we need to enable ssh-dss in ssh

parent 53480a31
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 13 additions and 0 deletions
awit-ssh
+ 13
0
View file @ ffcd70e4
...@@ -140,6 +140,8 @@ if ($mesg->code()) { ...@@ -140,6 +140,8 @@ if ($mesg->code()) {
} }
# Some flags we may need
my $needDSS;
# If no matches # If no matches
...@@ -192,6 +194,10 @@ if ($ldapEntry) { ...@@ -192,6 +194,10 @@ if ($ldapEntry) {
foreach my $line (split(/\n/,$ldapDescription)) { foreach my $line (split(/\n/,$ldapDescription)) {
logger('INFO'," %s",$line); logger('INFO'," %s",$line);
} }
# Hack'ish ... look if the description mentions dss is required...
if ($ldapDescription =~ /needs ssh-dss/i) {
$needDSS = 1;
}
} }
# Check if we have a wiki page # Check if we have a wiki page
...@@ -218,6 +224,13 @@ if (defined($port)) { ...@@ -218,6 +224,13 @@ if (defined($port)) {
} }
logger('NOTICE',"Connecting to host '$host'" . (defined($port) ? " on port '$port'" : "") . "..."); logger('NOTICE',"Connecting to host '$host'" . (defined($port) ? " on port '$port'" : "") . "...");
# If the server is ancient, we need to enable DSS
if (defined($needDSS)) {
push(@sshArgs,'-o','PubkeyAcceptedKeyTypes=+ssh-dss');
push(@sshArgs,'-o','HostbasedKeyTypes=+ssh-dss');
push(@sshArgs,'-o','HostKeyAlgorithms=+ssh-dss');
}
exec('/usr/bin/ssh', exec('/usr/bin/ssh',
'-F',$ENV{"HOME"}.'/.ssh/config', '-F',$ENV{"HOME"}.'/.ssh/config',
'-o','PreferredAuthentications=publickey,keyboard-interactive', '-o','PreferredAuthentications=publickey,keyboard-interactive',
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment