From 43a633de1cabe77e652125dac394a99ad9cac3b4 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 14 Mar 2016 16:20:54 +0000 Subject: upstream commit unbreak authentication using lone certificate keys in ssh-agent: when attempting pubkey auth with a certificate, if no separate private key is found among the keys then try with the certificate key itself. bz#2550 reported by Peter Moody Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966 Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=c38905ba391434834da86abfc988a2b8b9b62477 Bug-Ubuntu: https://bugs.launchpad.net/bugs/1575961 Last-Update: 2016-04-28 Patch-Name: unbreak-certificate-auth.patch --- sshconnect2.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/sshconnect2.c b/sshconnect2.c index b452eae..40facda 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.239 2016/02/23 01:34:14 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.240 2016/03/14 16:20:54 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1224,12 +1224,8 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) "certificate", __func__, id->filename, id->agent_fd != -1 ? " from agent" : ""); } else { - /* XXX maybe verbose/error? */ - debug("%s: no private key for certificate " + debug("%s: no separate private key for certificate " "\"%s\"", __func__, id->filename); - free(blob); - buffer_free(&b); - return 0; } }