[PATCH] Skip RSA1 host key when using hostbased auth
Iain Morgan
imorgan at nas.nasa.gov
Thu Nov 19 11:53:31 AEDT 2015
On Wed, Nov 18, 2015 at 06:55:25 +0100, Peter Stuge wrote:
> Iain Morgan wrote:
> > --- a/ssh.c
> > +++ b/ssh.c
> > @@ -1242,8 +1242,10 @@ main(int ac, char **av)
> > sensitive_data.keys[i] = NULL;
> >
> > PRIV_START;
> > +#ifdef WITH_SSH1
> > sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,
> > _PATH_HOST_KEY_FILE, "", NULL, NULL);
> > +#endif
> > #ifdef OPENSSL_HAS_ECC
> > sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA,
>
> Wouldn't you need a counter or something, for the index?
>
Why? A fixed size array is used for sensitive_data.keys and the elements
are initially all NULL. The code that walks through the array skips an
elements that are NULL, and (if I recall correctly) each element is set
back to NULL after the key is used.
I tested this before the original post, and it worked correctly.
--
Iain Morgan
More information about the openssh-unix-dev
mailing list