Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 5891116cb328acbca829be47d3cd36a3bddaa85b^! / .
commit5891116cb328acbca829be47d3cd36a3bddaa85b[log] [tgz]
authorDarren Tucker <dtucker@zip.com.au>Tue Jan 01 20:33:09 2008 +1100
committerDarren Tucker <dtucker@zip.com.au>Tue Jan 01 20:33:09 2008 +1100
tree8ab749ec4ac65345a1db388028bc6872876c2fa7
parent1e44c5ded38b59ab6bdb8d5c5e85583628b9971c [diff]
   - dtucker@cvs.openbsd.org 2007/12/31 15:27:04
     [sshd.c]
     When in inetd mode, have sshd generate a Protocol 1 ephemeral server
     key only for connections where the client chooses Protocol 1 as opposed
     to when it's enabled in the server's config.  Speeds up Protocol 2
     connections to inetd-mode servers that also allow Protocol 1.  bz #440,
     based on a patch from bruno at wolff.to, ok markus@

diff --git a/ChangeLog b/ChangeLog
index 934c817..848d9cc 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -4,6 +4,13 @@
      [readconf.c servconf.c]
      Prevent strict-aliasing warnings on newer gcc versions.  bz #1355, patch
      from Dmitry V. Levin, ok djm@
+   - dtucker@cvs.openbsd.org 2007/12/31 15:27:04
+     [sshd.c]
+     When in inetd mode, have sshd generate a Protocol 1 ephemeral server
+     key only for connections where the client chooses Protocol 1 as opposed
+     to when it's enabled in the server's config.  Speeds up Protocol 2
+     connections to inetd-mode servers that also allow Protocol 1.  bz #440,
+     based on a patch from bruno at wolff.to, ok markus@
 
 20071231
  - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of
@@ -3494,4 +3501,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4812 2008/01/01 09:32:26 dtucker Exp $
+$Id: ChangeLog,v 1.4813 2008/01/01 09:33:09 dtucker Exp $

diff --git a/sshd.c b/sshd.c
index 3992378..9019411 100644
--- a/sshd.c
+++ b/sshd.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.352 2007/12/27 14:22:08 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.353 2007/12/31 15:27:04 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1599,10 +1599,6 @@
 	/* Get a connection, either from inetd or a listening TCP socket */
 	if (inetd_flag) {
 		server_accept_inetd(&sock_in, &sock_out);
-
-		if ((options.protocol & SSH_PROTO_1) &&
-		    sensitive_data.server_key == NULL)
-			generate_ephemeral_server_key();
 	} else {
 		server_listen();
 
@@ -1772,6 +1768,10 @@
 
 	sshd_exchange_identification(sock_in, sock_out);
 
+	/* In inetd mode, generate ephemeral key only for proto 1 connections */
+	if (!compat20 && inetd_flag && sensitive_data.server_key == NULL)
+		generate_ephemeral_server_key();
+
 	packet_set_nonblocking();
 
 	/* allocate authentication context */