- djm@cvs.openbsd.org 2009/08/27 17:44:52

[authfd.c ssh-add.c authfd.h] Do not fall back to adding keys without contraints (ssh-add -c / -t ...) when the agent refuses the constrained add request. This was a useful migration measure back in 2002 when constraints were new, but just adds risk now. bz #1612, report and patch from dkg AT fifthhorseman.net; ok markus@
author: Darren Tucker <dtucker@zip.com.au> 2009-10-07 08:47:02 +1100
committer: Darren Tucker <dtucker@zip.com.au> 2009-10-07 08:47:02 +1100
commit: 893d73549d7cfa277434bf0113688a5a14055408 (patch)
tree: 7cc83baeb70199c132f8f239be7acfcf694d0384 /ssh-add.c
parent: 6b286a46821fa230258f1da82d0e013cfe3bf685 (diff)
1 files changed, 1 insertions, 4 deletions
diff --git a/ssh-add.c b/ssh-add.c
index 7a43282f2..084478d78 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.90 2007/09/09 11:38:01 sobrado Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.91 2009/08/27 17:44:52 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -195,9 +195,6 @@ add_file(AuthenticationConnection *ac, const char *filename)
                if (confirm != 0)
                        fprintf(stderr,
                            "The user has to confirm each use of the key\n");
-        } else if (ssh_add_identity(ac, private, comment)) {
-                fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
-                ret = 0;
        } else {
                fprintf(stderr, "Could not add identity: %s\n", filename);
        }
author	Darren Tucker <dtucker@zip.com.au>	2009-10-07 08:47:02 +1100
committer	Darren Tucker <dtucker@zip.com.au>	2009-10-07 08:47:02 +1100
commit	893d73549d7cfa277434bf0113688a5a14055408 (patch)
tree	7cc83baeb70199c132f8f239be7acfcf694d0384 /ssh-add.c
parent	6b286a46821fa230258f1da82d0e013cfe3bf685 (diff)