sshd: skip host keys with invalid algorithms

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-10-10 19:59:22 +02:00 · 2023-10-10 19:59:22 +02:00 · 904ad2f691
commit 904ad2f691
parent bc6bdb2f05
2 changed files with 9 additions and 2 deletions
--- a/internal/sftpd/internal_test.go
+++ b/internal/sftpd/internal_test.go
@ -1987,7 +1987,9 @@ func TestLoadHostKeys(t *testing.T) {
 	c.HostKeyAlgorithms = []string{ssh.KeyAlgoRSASHA256}
 	c.HostKeys = []string{ecdsaKeyName}
 	err = c.checkAndLoadHostKeys(configDir, serverConfig)
-	assert.Error(t, err)
+	if assert.Error(t, err) {
 		assert.Contains(t, err.Error(), "server has no host keys")
 	}
 	c.HostKeyAlgorithms = preferredHostKeyAlgos
 	err = c.checkAndLoadHostKeys(configDir, serverConfig)
 	assert.NoError(t, err)
--- a/internal/sftpd/server.go
+++ b/internal/sftpd/server.go
@ -1030,7 +1030,9 @@ func (c *Configuration) checkAndLoadHostKeys(configDir string, serverConfig *ssh
 		}
 		mas, err := ssh.NewSignerWithAlgorithms(private.(ssh.AlgorithmSigner), k.Algorithms)
 		if err != nil {
-			return fmt.Errorf("could not create signer for key %q with algorithms %+v: %w", k.Path, k.Algorithms, err)
+			logger.Warn(logSender, "", "could not create signer for key %q with algorithms %+v: %v", k.Path, k.Algorithms, err)
 			logger.WarnToConsole("could not create signer for key %q with algorithms %+v: %v", k.Path, k.Algorithms, err)
 			continue
 		}
 		serviceStatus.HostKeys = append(serviceStatus.HostKeys, k)
 		logger.Info(logSender, "", "Host key %q loaded, type %q, fingerprint %q, algorithms %+v", hostKey,
@ -1060,6 +1062,9 @@ func (c *Configuration) checkAndLoadHostKeys(configDir string, serverConfig *ssh
 			}
 		}
 	}
 	if len(serviceStatus.HostKeys) == 0 {
 		return errors.New("ssh: server has no host keys")
 	}
 	var fp []string
 	for idx := range serviceStatus.HostKeys {
 		h := &serviceStatus.HostKeys[idx]