Check compromised key blacklist in ssh or ssh-add, as well as in the

server (LP: #232391). To override the blacklist check in ssh
temporarily, use 'ssh -o UseBlacklistedKeys=yes'; there is no override
for the blacklist check in ssh-add.

1 files changed, 3 insertions, 1 deletions

diff --git a/sshconnect2.c b/sshconnect2.c
index e11cfaa00..97073e401 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1156,6 +1156,8 @@ pubkey_prepare(Authctxt *authctxt)
 
         /* list of keys stored in the filesystem */
         for (i = 0; i < options.num_identity_files; i++) {
+                if (options.identity_files[i] == NULL)
+                        continue;
                 key = options.identity_keys[i];
                 if (key && key->type == KEY_RSA1)
                         continue;
@@ -1246,7 +1248,7 @@ userauth_pubkey(Authctxt *authctxt)
                 if (id->key && id->key->type != KEY_RSA1) {
                         debug("Offering public key: %s", id->filename);
                         sent = send_pubkey_test(authctxt, id);
-                } else if (id->key == NULL) {
+                } else if (id->key == NULL && id->filename) {
                         debug("Trying private key: %s", id->filename);
                         id->key = load_identity_file(id->filename);
                         if (id->key != NULL) {