- if ((!strncmp(imp, "OpenSSH_2.", 10) && imp[10]>='5' && imp[10]<='9') ||
- (!strncmp(imp, "OpenSSH_3.", 10) && imp[10]>='0' && imp[10]<='2')) {
+ if (cfg.sshbug_derivekey2 == BUG_ON ||
+ (cfg.sshbug_derivekey2 == BUG_AUTO &&
+ (!strncmp(imp, "2.0.", 4)))) {
+ /*
+ * These versions have the key-derivation bug (failing to
+ * include the literal shared secret in the hashes that
+ * generate the keys).
+ */
+ ssh_remote_bugs |= BUG_SSH2_DERIVEKEY;
+ logevent("We believe remote version has SSH2 key-derivation bug");
+ }
+
+ if (cfg.sshbug_rsapad2 == BUG_ON ||
+ (cfg.sshbug_rsapad2 == BUG_AUTO &&
+ ((!strncmp(imp, "OpenSSH_2.", 10) && imp[10]>='5' && imp[10]<='9') ||
+ (!strncmp(imp, "OpenSSH_3.", 10) && imp[10]>='0' && imp[10]<='2')))){