From d9dbb5d9a0326e252d3c7bc13beb9c2434f59409 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 6 Jan 2022 22:06:51 +0000 Subject: [PATCH] upstream: allow hostbased auth to select RSA keys when only RSA/SHA2 are configured (this is the default case); ok markus@ OpenBSD-Commit-ID: 411c18c7bde40c60cc6dfb7017968577b4d4a827 --- sshconnect2.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/sshconnect2.c b/sshconnect2.c index 622ba4c67..6b884831e 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.354 2021/12/19 22:14:47 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.355 2022/01/06 22:06:51 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -2169,9 +2169,9 @@ userauth_hostbased(struct ssh *ssh) if (authctxt->sensitive->keys[i] == NULL || authctxt->sensitive->keys[i]->type == KEY_UNSPEC) continue; - if (match_pattern_list( + if (!sshkey_match_keyname_to_sigalgs( sshkey_ssh_name(authctxt->sensitive->keys[i]), - authctxt->active_ktype, 0) != 1) + authctxt->active_ktype)) continue; /* we take and free the key */ private = authctxt->sensitive->keys[i]; @@ -2197,7 +2197,8 @@ userauth_hostbased(struct ssh *ssh) error_f("sshkey_fingerprint failed"); goto out; } - debug_f("trying hostkey %s %s", sshkey_ssh_name(private), fp); + debug_f("trying hostkey %s %s using sigalg %s", + sshkey_ssh_name(private), fp, authctxt->active_ktype); /* figure out a name for the client host */ lname = get_local_name(ssh_packet_get_connection_in(ssh));