summaryrefslogtreecommitdiff
path: root/ssh-keygen.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2019-12-14 09:21:46 +1100
committerDamien Miller <djm@mindrot.org>2019-12-14 09:21:46 +1100
commit9244990ecdcfa36bb9371058111685b05f201c1e (patch)
treea068b6ce79b806f20c0159cf3306a0234ef1f387 /ssh-keygen.c
parenta33ab1688b5c460a7e2a301418241ce1b13b2638 (diff)
remove a bunch of ENABLE_SK #ifdefs
The ssh-sk-helper client API gives us a nice place to disable security key support when it is wasn't enabled at compile time, so we don't need to check everywere. Also, verification of security key signatures can remain enabled all the time - it has no additional dependencies. So sshd can accept security key pubkeys in authorized_keys, etc regardless of the host's support for dlopen, etc.
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r--ssh-keygen.c4
1 files changed, 0 insertions, 4 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index e90b85ffa..24e246c0b 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -3303,9 +3303,6 @@ main(int argc, char **argv)
3303 switch (type) { 3303 switch (type) {
3304 case KEY_ECDSA_SK: 3304 case KEY_ECDSA_SK:
3305 case KEY_ED25519_SK: 3305 case KEY_ED25519_SK:
3306#ifndef ENABLE_SK
3307 fatal("Security key support was disabled at compile time");
3308#else /* ENABLE_SK */
3309 if (!quiet) { 3306 if (!quiet) {
3310 printf("You may need to touch your security key " 3307 printf("You may need to touch your security key "
3311 "to authorize key generation.\n"); 3308 "to authorize key generation.\n");
@@ -3316,7 +3313,6 @@ main(int argc, char **argv)
3316 sk_flags, NULL, &private, NULL) != 0) 3313 sk_flags, NULL, &private, NULL) != 0)
3317 exit(1); /* error message already printed */ 3314 exit(1); /* error message already printed */
3318 break; 3315 break;
3319#endif /* ENABLE_SK */
3320 default: 3316 default:
3321 if ((r = sshkey_generate(type, bits, &private)) != 0) 3317 if ((r = sshkey_generate(type, bits, &private)) != 0)
3322 fatal("sshkey_generate failed"); 3318 fatal("sshkey_generate failed");