diff options
author | Colin Watson <cjwatson@debian.org> | 2008-06-02 13:04:55 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2008-06-02 13:04:55 +0000 |
commit | da162da0416abb367ea8a415eb90d072a01fa020 (patch) | |
tree | a6a649302f33b74be5052b54c66f074f2b788b11 /ssh-add.c | |
parent | 15d091acca07091e7f196168bdf08788f1ae8367 (diff) |
Check compromised key blacklist in ssh or ssh-add, as well as in the
server (LP: #232391). To override the blacklist check in ssh
temporarily, use 'ssh -o UseBlacklistedKeys=yes'; there is no override
for the blacklist check in ssh-add.
Diffstat (limited to 'ssh-add.c')
-rw-r--r-- | ssh-add.c | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -138,7 +138,7 @@ static int | |||
138 | add_file(AuthenticationConnection *ac, const char *filename) | 138 | add_file(AuthenticationConnection *ac, const char *filename) |
139 | { | 139 | { |
140 | Key *private; | 140 | Key *private; |
141 | char *comment = NULL; | 141 | char *comment = NULL, *fp; |
142 | char msg[1024]; | 142 | char msg[1024]; |
143 | int fd, perms_ok, ret = -1; | 143 | int fd, perms_ok, ret = -1; |
144 | 144 | ||
@@ -183,6 +183,14 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
183 | "Bad passphrase, try again for %.200s: ", comment); | 183 | "Bad passphrase, try again for %.200s: ", comment); |
184 | } | 184 | } |
185 | } | 185 | } |
186 | if (blacklisted_key(private, &fp) == 1) { | ||
187 | fprintf(stderr, "Public key %s blacklisted (see " | ||
188 | "ssh-vulnkey(1)); refusing to add it\n", fp); | ||
189 | xfree(fp); | ||
190 | key_free(private); | ||
191 | xfree(comment); | ||
192 | return -1; | ||
193 | } | ||
186 | 194 | ||
187 | if (ssh_add_identity_constrained(ac, private, comment, lifetime, | 195 | if (ssh_add_identity_constrained(ac, private, comment, lifetime, |
188 | confirm)) { | 196 | confirm)) { |