diff options
author | Damien Miller <djm@mindrot.org> | 2010-08-05 13:04:50 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-08-05 13:04:50 +1000 |
commit | c158331f8c7e059c6c1d099bffc7f5fc6087ddbd (patch) | |
tree | f1998f0fb52e5fb666ee67064a424af45e941f6b /ssh.c | |
parent | 1da638895916bc061ff6aca9f373d48a9776810b (diff) |
- djm@cvs.openbsd.org 2010/08/04 05:42:47
[auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8]
[ssh-keysign.c ssh.c]
enable certificates for hostbased authentication, from Iain Morgan;
"looks ok" markus@
Diffstat (limited to 'ssh.c')
-rw-r--r-- | ssh.c | 24 |
1 files changed, 16 insertions, 8 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.344 2010/07/19 09:15:12 djm Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.345 2010/08/04 05:42:47 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -774,26 +774,34 @@ main(int ac, char **av) | |||
774 | sensitive_data.external_keysign = 0; | 774 | sensitive_data.external_keysign = 0; |
775 | if (options.rhosts_rsa_authentication || | 775 | if (options.rhosts_rsa_authentication || |
776 | options.hostbased_authentication) { | 776 | options.hostbased_authentication) { |
777 | sensitive_data.nkeys = 3; | 777 | sensitive_data.nkeys = 5; |
778 | sensitive_data.keys = xcalloc(sensitive_data.nkeys, | 778 | sensitive_data.keys = xcalloc(sensitive_data.nkeys, |
779 | sizeof(Key)); | 779 | sizeof(Key)); |
780 | 780 | ||
781 | PRIV_START; | 781 | PRIV_START; |
782 | sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, | 782 | sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, |
783 | _PATH_HOST_KEY_FILE, "", NULL, NULL); | 783 | _PATH_HOST_KEY_FILE, "", NULL, NULL); |
784 | sensitive_data.keys[1] = key_load_private_type(KEY_DSA, | 784 | sensitive_data.keys[1] = key_load_private_cert(KEY_DSA, |
785 | _PATH_HOST_DSA_KEY_FILE, "", NULL); | ||
786 | sensitive_data.keys[2] = key_load_private_cert(KEY_RSA, | ||
787 | _PATH_HOST_RSA_KEY_FILE, "", NULL); | ||
788 | sensitive_data.keys[3] = key_load_private_type(KEY_DSA, | ||
785 | _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); | 789 | _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); |
786 | sensitive_data.keys[2] = key_load_private_type(KEY_RSA, | 790 | sensitive_data.keys[4] = key_load_private_type(KEY_RSA, |
787 | _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); | 791 | _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); |
788 | PRIV_END; | 792 | PRIV_END; |
789 | 793 | ||
790 | if (options.hostbased_authentication == 1 && | 794 | if (options.hostbased_authentication == 1 && |
791 | sensitive_data.keys[0] == NULL && | 795 | sensitive_data.keys[0] == NULL && |
792 | sensitive_data.keys[1] == NULL && | 796 | sensitive_data.keys[3] == NULL && |
793 | sensitive_data.keys[2] == NULL) { | 797 | sensitive_data.keys[4] == NULL) { |
794 | sensitive_data.keys[1] = key_load_public( | 798 | sensitive_data.keys[1] = key_load_cert( |
799 | _PATH_HOST_DSA_KEY_FILE); | ||
800 | sensitive_data.keys[2] = key_load_cert( | ||
801 | _PATH_HOST_RSA_KEY_FILE); | ||
802 | sensitive_data.keys[3] = key_load_public( | ||
795 | _PATH_HOST_DSA_KEY_FILE, NULL); | 803 | _PATH_HOST_DSA_KEY_FILE, NULL); |
796 | sensitive_data.keys[2] = key_load_public( | 804 | sensitive_data.keys[4] = key_load_public( |
797 | _PATH_HOST_RSA_KEY_FILE, NULL); | 805 | _PATH_HOST_RSA_KEY_FILE, NULL); |
798 | sensitive_data.external_keysign = 1; | 806 | sensitive_data.external_keysign = 1; |
799 | } | 807 | } |