upstream: allow security keys to act as host keys as well as user

keys. Previously we didn't do this because we didn't want to expose the attack surface presented by USB and FIDO protocol handling, but now that this is insulated behind ssh-sk-helper there is less risk. ok markus@ OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c
author: djm@openbsd.org <djm@openbsd.org> 2019-12-15 18:57:30 +0000
committer: Damien Miller <djm@mindrot.org> 2019-12-16 14:19:41 +1100
commit: 56584cce75f3d20aaa30befc7cbd331d922927f3 (patch)
tree: d3e9c2b7c9104b6528758b19eb7fa56dae2fcea6 /readconf.c
parent: 5af6fd5461bb709304e6979c8b7856c7af921c9e (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/readconf.c b/readconf.c
index c046e4dbf..4ea8ec566 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.314 2019/11/14 21:27:29 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.315 2019/12/15 18:57:30 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2153,7 +2153,7 @@ fill_default_options(Options * options)
        ASSEMBLE(macs, KEX_CLIENT_MAC, all_mac);
        ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, all_kex);
        ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
-        ASSEMBLE(pubkey_key_types, PUBKEY_DEFAULT_PK_ALG, all_key);
+        ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
        ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
 #undef ASSEMBLE
        free(all_cipher);
author	djm@openbsd.org <djm@openbsd.org>	2019-12-15 18:57:30 +0000
committer	Damien Miller <djm@mindrot.org>	2019-12-16 14:19:41 +1100
commit	56584cce75f3d20aaa30befc7cbd331d922927f3 (patch)
tree	d3e9c2b7c9104b6528758b19eb7fa56dae2fcea6 /readconf.c
parent	5af6fd5461bb709304e6979c8b7856c7af921c9e (diff)

diff --git a/readconf.c b/readconf.c index c046e4dbf..4ea8ec566 100644 --- a/readconf.c +++ b/readconf.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: readconf.c,v 1.314 2019/11/14 21:27:29 djm Exp $ */	1	/* $OpenBSD: readconf.c,v 1.315 2019/12/15 18:57:30 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2153,7 +2153,7 @@ fill_default_options(Options * options)
2153	ASSEMBLE(macs, KEX_CLIENT_MAC, all_mac);	2153	ASSEMBLE(macs, KEX_CLIENT_MAC, all_mac);
2154	ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, all_kex);	2154	ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, all_kex);
2155	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);	2155	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
2156	ASSEMBLE(pubkey_key_types, PUBKEY_DEFAULT_PK_ALG, all_key);	2156	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
2157	ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);	2157	ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
2158	#undef ASSEMBLE	2158	#undef ASSEMBLE
2159	free(all_cipher);	2159	free(all_cipher);