- markus@cvs.openbsd.org 2002/05/23 19:39:34

[ssh.c]
     add comment about ssh-keysign

ChangeLog

@@ -21,6 +21,9 @@
       sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
      add /usr/libexec/ssh-keysign: a setuid helper program for hostbased 
      authentication in protocol v2 (needs to access the hostkeys).
+   - markus@cvs.openbsd.org 2002/05/23 19:39:34
+     [ssh.c]
+     add comment about ssh-keysign
 
 20020604
  - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
@@ -705,4 +708,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2149 2002/06/06 19:57:33 mouring Exp $
+$Id: ChangeLog,v 1.2150 2002/06/06 19:58:27 mouring Exp $

ssh.c

@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.173 2002/05/23 19:24:30 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.174 2002/05/23 19:39:34 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -683,6 +683,8 @@ again:
 	 * in case we will need it later for combined rsa-rhosts
 	 * authentication. This must be done before releasing extra
 	 * privileges, because the file is only readable by root.
+	 * If we cannot access the private keys, load the public keys
+	 * instead and try to execute the ssh-keysign helper instead.
 	 */
 	sensitive_data.nkeys = 0;
 	sensitive_data.keys = NULL;