tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: simply disable UpdateHostkeys when a certificate 

successfully authenticated the host; simpler than the complicated plumbing
via kex->flags we have now.

ok markus@

OpenBSD-Commit-ID: 80e39644eed75717d563a7f177e8117a0e14f42c
This commit is contained in:
djm@openbsd.org 2020-10-07 02:20:35 +00:00 committed by Damien Miller
parent e79957e877
commit f4f14e023c
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sshconnect.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect.c,v 1.335 2020/10/04 09:45:01 djm Exp $ */ /* $OpenBSD: sshconnect.c,v 1.336 2020/10/07 02:20:35 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -609,7 +609,12 @@ check_host_cert(const char *host, const struct sshkey *key)
"(null)" : key->cert->signature_type, ssh_err(r)); "(null)" : key->cert->signature_type, ssh_err(r));
return 0; return 0;
} }
/* Do not attempt hostkey update if a certificate was successful */
if (options.update_hostkeys != 0) {
options.update_hostkeys = 0;
debug3("%s: certificate host key in use; disabling "
"UpdateHostkeys", __func__);
}
return 1; return 1;
} }