diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-12-15 18:57:30 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-12-16 14:19:41 +1100 |
commit | 56584cce75f3d20aaa30befc7cbd331d922927f3 (patch) | |
tree | d3e9c2b7c9104b6528758b19eb7fa56dae2fcea6 /monitor.c | |
parent | 5af6fd5461bb709304e6979c8b7856c7af921c9e (diff) |
upstream: allow security keys to act as host keys as well as user
keys.
Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FIDO protocol handling,
but now that this is insulated behind ssh-sk-helper there is
less risk.
ok markus@
OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.205 2019/11/25 10:23:36 djm Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.206 2019/12/15 18:57:30 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -679,7 +679,7 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m) | |||
679 | 679 | ||
680 | if ((key = get_hostkey_by_index(keyid)) != NULL) { | 680 | if ((key = get_hostkey_by_index(keyid)) != NULL) { |
681 | if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, | 681 | if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, |
682 | NULL, compat)) != 0) | 682 | options.sk_provider, compat)) != 0) |
683 | fatal("%s: sshkey_sign failed: %s", | 683 | fatal("%s: sshkey_sign failed: %s", |
684 | __func__, ssh_err(r)); | 684 | __func__, ssh_err(r)); |
685 | } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && | 685 | } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && |