diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2015-02-16 22:30:03 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-02-17 09:32:32 +1100 |
| commit | ce63c4b063c39b2b22d4ada449c9e3fbde788cb3 (patch) | |
| tree | 789ea8156b9d04f2ef94fcf84cc3c96c7c7a2567 /sshd.c | |
| parent | 523463a3a2a9bfc6cfc5afa01bae9147f76a37cc (diff) | |
upstream commit
partial backout of:
revision 1.441
date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid
: x8klYPZMJSrVlt3O;
Let sshd load public host keys even when private keys are missing.
Allows sshd to advertise additional keys for future key rotation.
Also log fingerprint of hostkeys loaded; ok markus@
hostkey updates now require access to the private key, so we can't
load public keys only. The improved log messages (fingerprints of keys
loaded) are kept.
Diffstat (limited to 'sshd.c')
| -rw-r--r-- | sshd.c | 15 |
1 files changed, 7 insertions, 8 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshd.c,v 1.442 2015/02/16 22:13:32 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.443 2015/02/16 22:30:03 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -795,7 +795,7 @@ list_hostkey_types(void) | |||
| 795 | buffer_init(&b); | 795 | buffer_init(&b); |
| 796 | for (i = 0; i < options.num_host_key_files; i++) { | 796 | for (i = 0; i < options.num_host_key_files; i++) { |
| 797 | key = sensitive_data.host_keys[i]; | 797 | key = sensitive_data.host_keys[i]; |
| 798 | if (key == NULL && have_agent) | 798 | if (key == NULL) |
| 799 | key = sensitive_data.host_pubkeys[i]; | 799 | key = sensitive_data.host_pubkeys[i]; |
| 800 | if (key == NULL) | 800 | if (key == NULL) |
| 801 | continue; | 801 | continue; |
| @@ -1775,11 +1775,10 @@ main(int ac, char **av) | |||
| 1775 | sensitive_data.host_keys[i] = key; | 1775 | sensitive_data.host_keys[i] = key; |
| 1776 | sensitive_data.host_pubkeys[i] = pubkey; | 1776 | sensitive_data.host_pubkeys[i] = pubkey; |
| 1777 | 1777 | ||
| 1778 | if (key == NULL && pubkey != NULL && pubkey->type != KEY_RSA1) { | 1778 | if (key == NULL && pubkey != NULL && pubkey->type != KEY_RSA1 && |
| 1779 | if (have_agent) { | 1779 | have_agent) { |
| 1780 | debug("will rely on agent for hostkey %s", | 1780 | debug("will rely on agent for hostkey %s", |
| 1781 | options.host_key_files[i]); | 1781 | options.host_key_files[i]); |
| 1782 | } | ||
| 1783 | keytype = pubkey->type; | 1782 | keytype = pubkey->type; |
| 1784 | } else if (key != NULL) { | 1783 | } else if (key != NULL) { |
| 1785 | keytype = key->type; | 1784 | keytype = key->type; |
| @@ -1808,7 +1807,7 @@ main(int ac, char **av) | |||
| 1808 | SSH_FP_DEFAULT)) == NULL) | 1807 | SSH_FP_DEFAULT)) == NULL) |
| 1809 | fatal("sshkey_fingerprint failed"); | 1808 | fatal("sshkey_fingerprint failed"); |
| 1810 | debug("%s host key #%d: %s %s", | 1809 | debug("%s host key #%d: %s %s", |
| 1811 | key ? "private" : "public", i, keytype == KEY_RSA1 ? | 1810 | key ? "private" : "agent", i, keytype == KEY_RSA1 ? |
| 1812 | sshkey_type(pubkey) : sshkey_ssh_name(pubkey), fp); | 1811 | sshkey_type(pubkey) : sshkey_ssh_name(pubkey), fp); |
| 1813 | free(fp); | 1812 | free(fp); |
| 1814 | } | 1813 | } |