diff options
| author | Colin Watson <cjwatson@debian.org> | 2008-06-02 13:04:55 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2008-06-02 13:04:55 +0000 |
| commit | da162da0416abb367ea8a415eb90d072a01fa020 (patch) | |
| tree | a6a649302f33b74be5052b54c66f074f2b788b11 /ssh-add.c | |
| parent | 15d091acca07091e7f196168bdf08788f1ae8367 (diff) | |
Check compromised key blacklist in ssh or ssh-add, as well as in the
server (LP: #232391). To override the blacklist check in ssh
temporarily, use 'ssh -o UseBlacklistedKeys=yes'; there is no override
for the blacklist check in ssh-add.
Diffstat (limited to 'ssh-add.c')
| -rw-r--r-- | ssh-add.c | 10 |
1 files changed, 9 insertions, 1 deletions
| @@ -138,7 +138,7 @@ static int | |||
| 138 | add_file(AuthenticationConnection *ac, const char *filename) | 138 | add_file(AuthenticationConnection *ac, const char *filename) |
| 139 | { | 139 | { |
| 140 | Key *private; | 140 | Key *private; |
| 141 | char *comment = NULL; | 141 | char *comment = NULL, *fp; |
| 142 | char msg[1024]; | 142 | char msg[1024]; |
| 143 | int fd, perms_ok, ret = -1; | 143 | int fd, perms_ok, ret = -1; |
| 144 | 144 | ||
| @@ -183,6 +183,14 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
| 183 | "Bad passphrase, try again for %.200s: ", comment); | 183 | "Bad passphrase, try again for %.200s: ", comment); |
| 184 | } | 184 | } |
| 185 | } | 185 | } |
| 186 | if (blacklisted_key(private, &fp) == 1) { | ||
| 187 | fprintf(stderr, "Public key %s blacklisted (see " | ||
| 188 | "ssh-vulnkey(1)); refusing to add it\n", fp); | ||
| 189 | xfree(fp); | ||
| 190 | key_free(private); | ||
| 191 | xfree(comment); | ||
| 192 | return -1; | ||
| 193 | } | ||
| 186 | 194 | ||
| 187 | if (ssh_add_identity_constrained(ac, private, comment, lifetime, | 195 | if (ssh_add_identity_constrained(ac, private, comment, lifetime, |
| 188 | confirm)) { | 196 | confirm)) { |