diff options
author | dtucker@openbsd.org <dtucker@openbsd.org> | 2018-07-16 11:05:41 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-07-19 20:17:33 +1000 |
commit | 26efc2f5df0e3bcf6a6bbdd0506fd682d60c2145 (patch) | |
tree | 9cd4755df1683a1c861fb380f47b1d141ba25c44 /sshconnect2.c | |
parent | 3eb7f1038d17af7aea3c2c62d1e30cd545607640 (diff) |
upstream: Remove support for loading HostBasedAuthentication keys
directly in ssh(1) and always use ssh-keysign. This removes one of the few
remaining reasons why ssh(1) might be setuid. ok markus@
OpenBSD-Commit-ID: 97f01e1448707129a20d75f86bad5d27c3cf0b7d
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index fb90e8afc..7b0e18f28 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.280 2018/07/11 18:55:11 markus Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.281 2018/07/16 11:05:41 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -1990,12 +1990,8 @@ userauth_hostbased(Authctxt *authctxt) | |||
1990 | #ifdef DEBUG_PK | 1990 | #ifdef DEBUG_PK |
1991 | sshbuf_dump(b, stderr); | 1991 | sshbuf_dump(b, stderr); |
1992 | #endif | 1992 | #endif |
1993 | if (authctxt->sensitive->external_keysign) | 1993 | r = ssh_keysign(private, &sig, &siglen, |
1994 | r = ssh_keysign(private, &sig, &siglen, | 1994 | sshbuf_ptr(b), sshbuf_len(b)); |
1995 | sshbuf_ptr(b), sshbuf_len(b)); | ||
1996 | else if ((r = sshkey_sign(private, &sig, &siglen, | ||
1997 | sshbuf_ptr(b), sshbuf_len(b), NULL, datafellows)) != 0) | ||
1998 | debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); | ||
1999 | if (r != 0) { | 1995 | if (r != 0) { |
2000 | error("sign using hostkey %s %s failed", | 1996 | error("sign using hostkey %s %s failed", |
2001 | sshkey_ssh_name(private), fp); | 1997 | sshkey_ssh_name(private), fp); |