[openssh-commits] [openssh] 06/10: upstream commit

git+noreply at mindrot.org git+noreply at mindrot.org
Tue Feb 17 09:39:18 AEDT 2015


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit ce63c4b063c39b2b22d4ada449c9e3fbde788cb3
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Feb 16 22:30:03 2015 +0000

    upstream commit
    
    partial backout of:
    
    revision 1.441
    date: 2015/01/31 20:30:05;  author: djm;  state: Exp;  lines: +17 -10;  commitid
    : x8klYPZMJSrVlt3O;
    Let sshd load public host keys even when private keys are missing.
    Allows sshd to advertise additional keys for future key rotation.
    Also log fingerprint of hostkeys loaded; ok markus@
    
    hostkey updates now require access to the private key, so we can't
    load public keys only. The improved log messages (fingerprints of keys
    loaded) are kept.
---
 sshd.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/sshd.c b/sshd.c
index aaa63d4..2919efb 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.442 2015/02/16 22:13:32 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.443 2015/02/16 22:30:03 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -795,7 +795,7 @@ list_hostkey_types(void)
 	buffer_init(&b);
 	for (i = 0; i < options.num_host_key_files; i++) {
 		key = sensitive_data.host_keys[i];
-		if (key == NULL && have_agent)
+		if (key == NULL)
 			key = sensitive_data.host_pubkeys[i];
 		if (key == NULL)
 			continue;
@@ -1775,11 +1775,10 @@ main(int ac, char **av)
 		sensitive_data.host_keys[i] = key;
 		sensitive_data.host_pubkeys[i] = pubkey;
 
-		if (key == NULL && pubkey != NULL && pubkey->type != KEY_RSA1) {
-			if (have_agent) {
-				debug("will rely on agent for hostkey %s",
-				    options.host_key_files[i]);
-			}
+		if (key == NULL && pubkey != NULL && pubkey->type != KEY_RSA1 &&
+		    have_agent) {
+			debug("will rely on agent for hostkey %s",
+			    options.host_key_files[i]);
 			keytype = pubkey->type;
 		} else if (key != NULL) {
 			keytype = key->type;
@@ -1808,7 +1807,7 @@ main(int ac, char **av)
 		    SSH_FP_DEFAULT)) == NULL)
 			fatal("sshkey_fingerprint failed");
 		debug("%s host key #%d: %s %s",
-		    key ? "private" : "public", i, keytype == KEY_RSA1 ?
+		    key ? "private" : "agent", i, keytype == KEY_RSA1 ?
 		    sshkey_type(pubkey) : sshkey_ssh_name(pubkey), fp);
 		free(fp);
 	}

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list