1 files changed, 36 insertions, 54 deletions
diff --git a/ssh.c b/ssh.c
index d9611848d..ca279fbb8 100644
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.190 2003/02/06 09:27:29 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.201 2003/09/01 18:15:50 markus Exp $");
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -79,14 +79,6 @@ extern char *__progname;
 char *__progname;
 #endif
-/* Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
-   Default value is AF_UNSPEC means both IPv4 and IPv6. */
-#ifdef IPV4_DEFAULT
-int IPv4or6 = AF_INET;
-#else
-int IPv4or6 = AF_UNSPEC;
-#endif
 /* Flag indicating whether debug mode is on.  This can be set on the command line. */
 int debug_flag = 0;
@@ -162,9 +154,6 @@ usage(void)
             _PATH_SSH_USER_CONFFILE);
        fprintf(stderr, "  -A          Enable authentication agent forwarding.\n");
        fprintf(stderr, "  -a          Disable authentication agent forwarding (default).\n");
-#ifdef AFS
-        fprintf(stderr, "  -k          Disable Kerberos ticket and AFS token forwarding.\n");
-#endif                          /* AFS */
        fprintf(stderr, "  -X          Enable X11 connection forwarding.\n");
        fprintf(stderr, "  -x          Disable X11 connection forwarding (default).\n");
        fprintf(stderr, "  -i file     Identity for public key authentication "
@@ -222,7 +211,7 @@ main(int ac, char **av)
        extern int optind, optreset;
        extern char *optarg;
-        __progname = get_progname(av[0]);
+        __progname = ssh_get_progname(av[0]);
        init_rng();
        /*
@@ -253,7 +242,7 @@ main(int ac, char **av)
        /* Get user data. */
        pw = getpwuid(original_real_uid);
        if (!pw) {
-                log("You don't exist, go away!");
+                logit("You don't exist, go away!");
                exit(1);
        }
        /* Take a copy of the returned structure. */
@@ -284,10 +273,10 @@ again:
                        options.protocol = SSH_PROTO_2;
                        break;
                case '4':
-                        IPv4or6 = AF_INET;
+                        options.address_family = AF_INET;
                        break;
                case '6':
-                        IPv4or6 = AF_INET6;
+                        options.address_family = AF_INET6;
                        break;
                case 'n':
                        stdin_null_flag = 1;
@@ -314,12 +303,9 @@ again:
                case 'A':
                        options.forward_agent = 1;
                        break;
-#ifdef AFS
                case 'k':
-                        options.kerberos_tgt_passing = 0;
+                        /* ignored for backward compatibility */
-                        options.afs_token_passing = 0;
                        break;
-#endif
                case 'i':
                        if (stat(optarg, &st) < 0) {
                                fprintf(stderr, "Warning: Identity file %s "
@@ -346,22 +332,22 @@ again:
                        tty_flag = 1;
                        break;
                case 'v':
-                        if (0 == debug_flag) {
+                        if (debug_flag == 0) {
                                debug_flag = 1;
                                options.log_level = SYSLOG_LEVEL_DEBUG1;
-                        } else if (options.log_level < SYSLOG_LEVEL_DEBUG3) {
+                        } else {
-                                options.log_level++;
+                                if (options.log_level < SYSLOG_LEVEL_DEBUG3)
+                                        options.log_level++;
                                break;
-                        } else
+                        }
-                                fatal("Too high debugging level.");
                        /* fallthrough */
                case 'V':
                        fprintf(stderr,
-                            "%s, SSH protocols %d.%d/%d.%d, OpenSSL 0x%8.8lx\n",
+                            "%s, SSH protocols %d.%d/%d.%d, %s\n",
                            SSH_VERSION,
                            PROTOCOL_MAJOR_1, PROTOCOL_MINOR_1,
                            PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,
-                            SSLeay());
+                            SSLeay_version(SSLEAY_VERSION));
                        if (opt == 'V')
                                exit(0);
                        break;
@@ -432,9 +418,9 @@ again:
                case 'L':
                case 'R':
-                        if (sscanf(optarg, "%5[0-9]:%255[^:]:%5[0-9]",
+                        if (sscanf(optarg, "%5[0123456789]:%255[^:]:%5[0123456789]",
                            sfwd_port, buf, sfwd_host_port) != 3 &&
-                            sscanf(optarg, "%5[0-9]/%255[^/]/%5[0-9]",
+                            sscanf(optarg, "%5[0123456789]/%255[^/]/%5[0123456789]",
                            sfwd_port, buf, sfwd_host_port) != 3) {
                                fprintf(stderr,
                                    "Bad forwarding specification '%s'\n",
@@ -463,7 +449,7 @@ again:
                                    optarg);
                                exit(1);
                        }
-                        add_local_forward(&options, fwd_port, "socks4", 0);
+                        add_local_forward(&options, fwd_port, "socks", 0);
                        break;
                case 'C':
@@ -523,7 +509,6 @@ again:
        SSLeay_add_all_algorithms();
        ERR_load_crypto_strings();
-        channel_set_af(IPv4or6);
        /* Initialize the command to execute on remote host. */
        buffer_init(&command);
@@ -564,7 +549,7 @@ again:
        /* Do not allocate a tty if stdin is not a tty. */
        if (!isatty(fileno(stdin)) && !force_tty_flag) {
                if (tty_flag)
-                        log("Pseudo-terminal will not be allocated because stdin is not a terminal.");
+                        logit("Pseudo-terminal will not be allocated because stdin is not a terminal.");
                tty_flag = 0;
        }
@@ -595,6 +580,8 @@ again:
        /* Fill configuration defaults. */
        fill_default_options(&options);
+        channel_set_af(options.address_family);
        /* reinit */
        log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1);
@@ -606,25 +593,20 @@ again:
        if (options.hostname != NULL)
                host = options.hostname;
+        /* force lowercase for hostkey matching */
+        if (options.host_key_alias != NULL) {
+                for (p = options.host_key_alias; *p; p++)
+                        if (isupper(*p))
+                                *p = tolower(*p);
+        }
        if (options.proxy_command != NULL &&
            strcmp(options.proxy_command, "none") == 0)
                options.proxy_command = NULL;
-        /* Disable rhosts authentication if not running as root. */
-#ifdef HAVE_CYGWIN
-        /* Ignore uid if running under Windows */
-        if (!options.use_privileged_port) {
-#else
-        if (original_effective_uid != 0 || !options.use_privileged_port) {
-#endif
-                debug("Rhosts Authentication disabled, "
-                    "originating port will not be trusted.");
-                options.rhosts_authentication = 0;
-        }
        /* Open a connection to the remote host. */
+        if (ssh_connect(host, &hostaddr, options.port,
-        if (ssh_connect(host, &hostaddr, options.port, IPv4or6,
+            options.address_family, options.connection_attempts,
-            options.connection_attempts,
 #ifdef HAVE_CYGWIN
            options.use_privileged_port,
 #else
@@ -798,7 +780,7 @@ x11_get_proto(char **_proto, char **_data)
        if (!got_data) {
                u_int32_t rand = 0;
-                log("Warning: No xauth data; using fake authentication data for X11 forwarding.");
+                logit("Warning: No xauth data; using fake authentication data for X11 forwarding.");
                strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto);
                for (i = 0; i < 16; i++) {
                        if (i % 4 == 0)
@@ -878,7 +860,7 @@ ssh_session(void)
                if (type == SSH_SMSG_SUCCESS)
                        packet_start_compression(options.compression_level);
                else if (type == SSH_SMSG_FAILURE)
-                        log("Warning: Remote host refused compression.");
+                        logit("Warning: Remote host refused compression.");
                else
                        packet_disconnect("Protocol error waiting for compression response.");
        }
@@ -917,7 +899,7 @@ ssh_session(void)
                        interactive = 1;
                        have_tty = 1;
                } else if (type == SSH_SMSG_FAILURE)
-                        log("Warning: Remote host failed or refused to allocate a pseudo tty.");
+                        logit("Warning: Remote host failed or refused to allocate a pseudo tty.");
                else
                        packet_disconnect("Protocol error waiting for pty request response.");
        }
@@ -935,7 +917,7 @@ ssh_session(void)
                if (type == SSH_SMSG_SUCCESS) {
                        interactive = 1;
                } else if (type == SSH_SMSG_FAILURE) {
-                        log("Warning: Remote host denied X11 forwarding.");
+                        logit("Warning: Remote host denied X11 forwarding.");
                } else {
                        packet_disconnect("Protocol error waiting for X11 forwarding");
                }
@@ -954,7 +936,7 @@ ssh_session(void)
                type = packet_read();
                packet_check_eom();
                if (type != SSH_SMSG_SUCCESS)
-                        log("Warning: Remote host denied authentication agent forwarding.");
+                        logit("Warning: Remote host denied authentication agent forwarding.");
        }
        /* Initiate port forwardings. */
@@ -1022,7 +1004,7 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt)
            options.remote_forwards[i].host,
            options.remote_forwards[i].host_port);
        if (type == SSH2_MSG_REQUEST_FAILURE)
-                log("Warning: remote port forwarding failed for listen port %d",
+                logit("Warning: remote port forwarding failed for listen port %d",
                    options.remote_forwards[i].port);
 }
@@ -1137,7 +1119,7 @@ ssh_session2_open(void)
        c = channel_new(
            "session", SSH_CHANNEL_OPENING, in, out, err,
            window, packetmax, CHAN_EXTENDED_WRITE,
-            xstrdup("client-session"), /*nonblock*/0);
+            "client-session", /*nonblock*/0);
        debug3("ssh_session2_open: channel_new: %d", c->self);
@@ -1189,7 +1171,7 @@ load_public_identity_files(void)
                            sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1));
                        options.num_identity_files++;
                        options.identity_keys[0] = keys[i];
-                        options.identity_files[0] = xstrdup("smartcard key");;
+                        options.identity_files[0] = sc_get_key_label(keys[i]);
                }
                if (options.num_identity_files > SSH_MAX_IDENTITY_FILES)
                        options.num_identity_files = SSH_MAX_IDENTITY_FILES;

diff --git a/ssh.c b/ssh.c index d9611848d..ca279fbb8 100644 --- a/ssh.c +++ b/ssh.c
@@ -40,7 +40,7 @@
40	*/	40	*/
41		41
42	#include "includes.h"	42	#include "includes.h"
43	RCSID("$OpenBSD: ssh.c,v 1.190 2003/02/06 09:27:29 markus Exp $");	43	RCSID("$OpenBSD: ssh.c,v 1.201 2003/09/01 18:15:50 markus Exp $");
44		44
45	#include <openssl/evp.h>	45	#include <openssl/evp.h>
46	#include <openssl/err.h>	46	#include <openssl/err.h>
@@ -79,14 +79,6 @@ extern char *__progname;
79	char *__progname;	79	char *__progname;
80	#endif	80	#endif
81		81
82	/* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
83	Default value is AF_UNSPEC means both IPv4 and IPv6. */
84	#ifdef IPV4_DEFAULT
85	int IPv4or6 = AF_INET;
86	#else
87	int IPv4or6 = AF_UNSPEC;
88	#endif
89
90	/* Flag indicating whether debug mode is on. This can be set on the command line. */	82	/* Flag indicating whether debug mode is on. This can be set on the command line. */
91	int debug_flag = 0;	83	int debug_flag = 0;
92		84
@@ -162,9 +154,6 @@ usage(void)
162	_PATH_SSH_USER_CONFFILE);	154	_PATH_SSH_USER_CONFFILE);
163	fprintf(stderr, " -A Enable authentication agent forwarding.\n");	155	fprintf(stderr, " -A Enable authentication agent forwarding.\n");
164	fprintf(stderr, " -a Disable authentication agent forwarding (default).\n");	156	fprintf(stderr, " -a Disable authentication agent forwarding (default).\n");
165	#ifdef AFS
166	fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n");
167	#endif /* AFS */
168	fprintf(stderr, " -X Enable X11 connection forwarding.\n");	157	fprintf(stderr, " -X Enable X11 connection forwarding.\n");
169	fprintf(stderr, " -x Disable X11 connection forwarding (default).\n");	158	fprintf(stderr, " -x Disable X11 connection forwarding (default).\n");
170	fprintf(stderr, " -i file Identity for public key authentication "	159	fprintf(stderr, " -i file Identity for public key authentication "
@@ -222,7 +211,7 @@ main(int ac, char **av)
222	extern int optind, optreset;	211	extern int optind, optreset;
223	extern char *optarg;	212	extern char *optarg;
224		213
225	__progname = get_progname(av[0]);	214	__progname = ssh_get_progname(av[0]);
226	init_rng();	215	init_rng();
227		216
228	/*	217	/*
@@ -253,7 +242,7 @@ main(int ac, char **av)
253	/* Get user data. */	242	/* Get user data. */
254	pw = getpwuid(original_real_uid);	243	pw = getpwuid(original_real_uid);
255	if (!pw) {	244	if (!pw) {
256	log("You don't exist, go away!");	245	logit("You don't exist, go away!");
257	exit(1);	246	exit(1);
258	}	247	}
259	/* Take a copy of the returned structure. */	248	/* Take a copy of the returned structure. */
@@ -284,10 +273,10 @@ again:
284	options.protocol = SSH_PROTO_2;	273	options.protocol = SSH_PROTO_2;
285	break;	274	break;
286	case '4':	275	case '4':
287	IPv4or6 = AF_INET;	276	options.address_family = AF_INET;
288	break;	277	break;
289	case '6':	278	case '6':
290	IPv4or6 = AF_INET6;	279	options.address_family = AF_INET6;
291	break;	280	break;
292	case 'n':	281	case 'n':
293	stdin_null_flag = 1;	282	stdin_null_flag = 1;
@@ -314,12 +303,9 @@ again:
314	case 'A':	303	case 'A':
315	options.forward_agent = 1;	304	options.forward_agent = 1;
316	break;	305	break;
317	#ifdef AFS
318	case 'k':	306	case 'k':
319	options.kerberos_tgt_passing = 0;	307	/* ignored for backward compatibility */
320	options.afs_token_passing = 0;
321	break;	308	break;
322	#endif
323	case 'i':	309	case 'i':
324	if (stat(optarg, &st) < 0) {	310	if (stat(optarg, &st) < 0) {
325	fprintf(stderr, "Warning: Identity file %s "	311	fprintf(stderr, "Warning: Identity file %s "
@@ -346,22 +332,22 @@ again:
346	tty_flag = 1;	332	tty_flag = 1;
347	break;	333	break;
348	case 'v':	334	case 'v':
349	if (0 == debug_flag) {	335	if (debug_flag == 0) {
350	debug_flag = 1;	336	debug_flag = 1;
351	options.log_level = SYSLOG_LEVEL_DEBUG1;	337	options.log_level = SYSLOG_LEVEL_DEBUG1;
352	} else if (options.log_level < SYSLOG_LEVEL_DEBUG3) {	338	} else {
353	options.log_level++;	339	if (options.log_level < SYSLOG_LEVEL_DEBUG3)
		340	options.log_level++;
354	break;	341	break;
355	} else	342	}
356	fatal("Too high debugging level.");
357	/* fallthrough */	343	/* fallthrough */
358	case 'V':	344	case 'V':
359	fprintf(stderr,	345	fprintf(stderr,
360	"%s, SSH protocols %d.%d/%d.%d, OpenSSL 0x%8.8lx\n",	346	"%s, SSH protocols %d.%d/%d.%d, %s\n",
361	SSH_VERSION,	347	SSH_VERSION,
362	PROTOCOL_MAJOR_1, PROTOCOL_MINOR_1,	348	PROTOCOL_MAJOR_1, PROTOCOL_MINOR_1,
363	PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,	349	PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,
364	SSLeay());	350	SSLeay_version(SSLEAY_VERSION));
365	if (opt == 'V')	351	if (opt == 'V')
366	exit(0);	352	exit(0);
367	break;	353	break;
@@ -432,9 +418,9 @@ again:
432		418
433	case 'L':	419	case 'L':
434	case 'R':	420	case 'R':
435	if (sscanf(optarg, "%5[0-9]:%255[^:]:%5[0-9]",	421	if (sscanf(optarg, "%5[0123456789]:%255[^:]:%5[0123456789]",
436	sfwd_port, buf, sfwd_host_port) != 3 &&	422	sfwd_port, buf, sfwd_host_port) != 3 &&
437	sscanf(optarg, "%5[0-9]/%255[^/]/%5[0-9]",	423	sscanf(optarg, "%5[0123456789]/%255[^/]/%5[0123456789]",
438	sfwd_port, buf, sfwd_host_port) != 3) {	424	sfwd_port, buf, sfwd_host_port) != 3) {
439	fprintf(stderr,	425	fprintf(stderr,
440	"Bad forwarding specification '%s'\n",	426	"Bad forwarding specification '%s'\n",
@@ -463,7 +449,7 @@ again:
463	optarg);	449	optarg);
464	exit(1);	450	exit(1);
465	}	451	}
466	add_local_forward(&options, fwd_port, "socks4", 0);	452	add_local_forward(&options, fwd_port, "socks", 0);
467	break;	453	break;
468		454
469	case 'C':	455	case 'C':
@@ -523,7 +509,6 @@ again:
523		509
524	SSLeay_add_all_algorithms();	510	SSLeay_add_all_algorithms();
525	ERR_load_crypto_strings();	511	ERR_load_crypto_strings();
526	channel_set_af(IPv4or6);
527		512
528	/* Initialize the command to execute on remote host. */	513	/* Initialize the command to execute on remote host. */
529	buffer_init(&command);	514	buffer_init(&command);
@@ -564,7 +549,7 @@ again:
564	/* Do not allocate a tty if stdin is not a tty. */	549	/* Do not allocate a tty if stdin is not a tty. */
565	if (!isatty(fileno(stdin)) && !force_tty_flag) {	550	if (!isatty(fileno(stdin)) && !force_tty_flag) {
566	if (tty_flag)	551	if (tty_flag)
567	log("Pseudo-terminal will not be allocated because stdin is not a terminal.");	552	logit("Pseudo-terminal will not be allocated because stdin is not a terminal.");
568	tty_flag = 0;	553	tty_flag = 0;
569	}	554	}
570		555
@@ -595,6 +580,8 @@ again:
595	/* Fill configuration defaults. */	580	/* Fill configuration defaults. */
596	fill_default_options(&options);	581	fill_default_options(&options);
597		582
		583	channel_set_af(options.address_family);
		584
598	/* reinit */	585	/* reinit */
599	log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1);	586	log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1);
600		587
@@ -606,25 +593,20 @@ again:
606	if (options.hostname != NULL)	593	if (options.hostname != NULL)
607	host = options.hostname;	594	host = options.hostname;
608		595
		596	/* force lowercase for hostkey matching */
		597	if (options.host_key_alias != NULL) {
		598	for (p = options.host_key_alias; *p; p++)
		599	if (isupper(*p))
		600	p = tolower(p);
		601	}
		602
609	if (options.proxy_command != NULL &&	603	if (options.proxy_command != NULL &&
610	strcmp(options.proxy_command, "none") == 0)	604	strcmp(options.proxy_command, "none") == 0)
611	options.proxy_command = NULL;	605	options.proxy_command = NULL;
612		606
613	/* Disable rhosts authentication if not running as root. */
614	#ifdef HAVE_CYGWIN
615	/* Ignore uid if running under Windows */
616	if (!options.use_privileged_port) {
617	#else
618	if (original_effective_uid != 0 \|\| !options.use_privileged_port) {
619	#endif
620	debug("Rhosts Authentication disabled, "
621	"originating port will not be trusted.");
622	options.rhosts_authentication = 0;
623	}
624	/* Open a connection to the remote host. */	607	/* Open a connection to the remote host. */
625		608	if (ssh_connect(host, &hostaddr, options.port,
626	if (ssh_connect(host, &hostaddr, options.port, IPv4or6,	609	options.address_family, options.connection_attempts,
627	options.connection_attempts,
628	#ifdef HAVE_CYGWIN	610	#ifdef HAVE_CYGWIN
629	options.use_privileged_port,	611	options.use_privileged_port,
630	#else	612	#else
@@ -798,7 +780,7 @@ x11_get_proto(char _proto, char _data)
798	if (!got_data) {	780	if (!got_data) {
799	u_int32_t rand = 0;	781	u_int32_t rand = 0;
800		782
801	log("Warning: No xauth data; using fake authentication data for X11 forwarding.");	783	logit("Warning: No xauth data; using fake authentication data for X11 forwarding.");
802	strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto);	784	strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto);
803	for (i = 0; i < 16; i++) {	785	for (i = 0; i < 16; i++) {
804	if (i % 4 == 0)	786	if (i % 4 == 0)
@@ -878,7 +860,7 @@ ssh_session(void)
878	if (type == SSH_SMSG_SUCCESS)	860	if (type == SSH_SMSG_SUCCESS)
879	packet_start_compression(options.compression_level);	861	packet_start_compression(options.compression_level);
880	else if (type == SSH_SMSG_FAILURE)	862	else if (type == SSH_SMSG_FAILURE)
881	log("Warning: Remote host refused compression.");	863	logit("Warning: Remote host refused compression.");
882	else	864	else
883	packet_disconnect("Protocol error waiting for compression response.");	865	packet_disconnect("Protocol error waiting for compression response.");
884	}	866	}
@@ -917,7 +899,7 @@ ssh_session(void)
917	interactive = 1;	899	interactive = 1;
918	have_tty = 1;	900	have_tty = 1;
919	} else if (type == SSH_SMSG_FAILURE)	901	} else if (type == SSH_SMSG_FAILURE)
920	log("Warning: Remote host failed or refused to allocate a pseudo tty.");	902	logit("Warning: Remote host failed or refused to allocate a pseudo tty.");
921	else	903	else
922	packet_disconnect("Protocol error waiting for pty request response.");	904	packet_disconnect("Protocol error waiting for pty request response.");
923	}	905	}
@@ -935,7 +917,7 @@ ssh_session(void)
935	if (type == SSH_SMSG_SUCCESS) {	917	if (type == SSH_SMSG_SUCCESS) {
936	interactive = 1;	918	interactive = 1;
937	} else if (type == SSH_SMSG_FAILURE) {	919	} else if (type == SSH_SMSG_FAILURE) {
938	log("Warning: Remote host denied X11 forwarding.");	920	logit("Warning: Remote host denied X11 forwarding.");
939	} else {	921	} else {
940	packet_disconnect("Protocol error waiting for X11 forwarding");	922	packet_disconnect("Protocol error waiting for X11 forwarding");
941	}	923	}
@@ -954,7 +936,7 @@ ssh_session(void)
954	type = packet_read();	936	type = packet_read();
955	packet_check_eom();	937	packet_check_eom();
956	if (type != SSH_SMSG_SUCCESS)	938	if (type != SSH_SMSG_SUCCESS)
957	log("Warning: Remote host denied authentication agent forwarding.");	939	logit("Warning: Remote host denied authentication agent forwarding.");
958	}	940	}
959		941
960	/* Initiate port forwardings. */	942	/* Initiate port forwardings. */
@@ -1022,7 +1004,7 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt)
1022	options.remote_forwards[i].host,	1004	options.remote_forwards[i].host,
1023	options.remote_forwards[i].host_port);	1005	options.remote_forwards[i].host_port);
1024	if (type == SSH2_MSG_REQUEST_FAILURE)	1006	if (type == SSH2_MSG_REQUEST_FAILURE)
1025	log("Warning: remote port forwarding failed for listen port %d",	1007	logit("Warning: remote port forwarding failed for listen port %d",
1026	options.remote_forwards[i].port);	1008	options.remote_forwards[i].port);
1027	}	1009	}
1028		1010
@@ -1137,7 +1119,7 @@ ssh_session2_open(void)
1137	c = channel_new(	1119	c = channel_new(
1138	"session", SSH_CHANNEL_OPENING, in, out, err,	1120	"session", SSH_CHANNEL_OPENING, in, out, err,
1139	window, packetmax, CHAN_EXTENDED_WRITE,	1121	window, packetmax, CHAN_EXTENDED_WRITE,
1140	xstrdup("client-session"), /nonblock/0);	1122	"client-session", /nonblock/0);
1141		1123
1142	debug3("ssh_session2_open: channel_new: %d", c->self);	1124	debug3("ssh_session2_open: channel_new: %d", c->self);
1143		1125
@@ -1189,7 +1171,7 @@ load_public_identity_files(void)
1189	sizeof(Key ) (SSH_MAX_IDENTITY_FILES - 1));	1171	sizeof(Key ) (SSH_MAX_IDENTITY_FILES - 1));
1190	options.num_identity_files++;	1172	options.num_identity_files++;
1191	options.identity_keys[0] = keys[i];	1173	options.identity_keys[0] = keys[i];
1192	options.identity_files[0] = xstrdup("smartcard key");;	1174	options.identity_files[0] = sc_get_key_label(keys[i]);
1193	}	1175	}
1194	if (options.num_identity_files > SSH_MAX_IDENTITY_FILES)	1176	if (options.num_identity_files > SSH_MAX_IDENTITY_FILES)
1195	options.num_identity_files = SSH_MAX_IDENTITY_FILES;	1177	options.num_identity_files = SSH_MAX_IDENTITY_FILES;