diff -r f9f922fd127d sys/src/cmd/ssh.c --- a/sys/src/cmd/ssh.c Mon Apr 20 00:08:35 2020 +0200 +++ b/sys/src/cmd/ssh.c Mon Apr 20 17:07:11 2020 -0700 @@ -492,6 +492,14 @@ static char macalgs[] = "hmac-sha1"; /* work around for github.com */ static char langs[] = ""; + if(debug){ + fprint(2, "%s: %s\n", "client supported kex_algorithms", kexalgs); + fprint(2, "%s: %s\n", "client supported encryption algorithms", cipheralgs); + fprint(2, "%s: %s\n", "client supported compression algorithms", zipalgs); + fprint(2, "%s: %s\n", "client supported mac algorithms", macalgs); + fprint(2, "%s: %s\n", "client supported languages", langs); + } + uchar cookie[16], x[32], yc[32], z[32], k[32+1], h[SHA2_256dlen], *ys, *ks, *sig; uchar k12[2*ChachaKeylen]; int i, nk, nys, nks, nsig; @@ -530,21 +538,25 @@ } ds = hashstr(recv.r, recv.w-recv.r, ds); - if(debug){ - char *tab[] = { - "kexalgs", "hostalgs", - "cipher1", "cipher2", - "mac1", "mac2", - "zip1", "zip2", - "lang1", "lang2", - nil, - }, **t, *s; - uchar *p = recv.r+17; - int n; - for(t=tab; *t != nil; t++){ - if(unpack(p, recv.w-p, "s.", &s, &n, &p) < 0) - break; + /* See RFC4253 Section 7.1 for descriptions. */ + char *tab[] = { + "kexalgs", "srvhostalgs", + "clicipher", "srvcipher", + "climac1", "srvmac", + "clipzip", "srvzip", + "clilang", "srvlang", + nil, + }, **t, *s; + uchar *p = recv.r+17; + int n; + for(t=tab; *t != nil; t++){ + if(unpack(p, recv.w-p, "s.", &s, &n, &p) < 0) + break; + if(debug) fprint(2, "%s: %.*s\n", *t, utfnlen(s, n), s); + if(!strcmp(*t,"clicipher") && !strstr(s,cipheralgs)) { + fprint(2, "%s not found in %.*s\n", cipheralgs, utfnlen(s, n), s); + sysfatal("server does not support cipher"); } } @@ -1258,7 +1270,7 @@ fprint(fd, "%s\r\n", send.v); recv.v = readline(); if(debug) - fprint(2, "server verison: %s\n", recv.v); + fprint(2, "server version: %s\n", recv.v); if(strncmp("SSH-2.0-", recv.v, 8) != 0) sysfatal("bad server version: %s", recv.v); recv.v = strdup(recv.v);