Add have_ssh_host_key() and use it to influence algorithm selection.

The general plan is that if PuTTY knows a host key for a server, it should preferentially ask for the same type of key so that there's some chance of actually getting the same key again. This should mean that when a server (or PuTTY) adds a new host key type, PuTTY doesn't gratuitously switch to that key type and then warn the user about an unrecognised key.
2025-07-09 15:23:50 -05:00 · 2015-05-29 22:40:50 +01:00
parent e222db14ff
commit d21041f7f8
4 changed files with 37 additions and 1 deletions
--- a/ssh.c
+++ b/ssh.c
@ -6350,9 +6350,20 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
        if (!s->got_session_id) {
            /*
             * In the first key exchange, we list all the algorithms
-             * we're prepared to cope with.
+             * we're prepared to cope with, but prefer those algorithms
+	     * for which we have a host key for this host.
             */
 	    n = 0;
+            for (i = 0; i < lenof(hostkey_algs); i++) {
+		if (have_ssh_host_key(ssh->savedhost, ssh->savedport,
+				      hostkey_algs[i]->keytype)) {
+		    assert(n < MAXKEXLIST);
+		    s->kexlists[KEXLIST_HOSTKEY][n].name =
+			hostkey_algs[i]->name;
+		    s->kexlists[KEXLIST_HOSTKEY][n].u.hostkey = hostkey_algs[i];
+		    n++;
+		}
+	    }
            for (i = 0; i < lenof(hostkey_algs); i++) {
 	        assert(n < MAXKEXLIST);
 		s->kexlists[KEXLIST_HOSTKEY][n].name = hostkey_algs[i]->name;