- markus@cvs.openbsd.org 2002/07/03 14:21:05 [ssh-keysign.8 ssh-keysign.c ssh.c ssh_config] re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@

commit: 5d35a2f5828cfb0a8579228d80e8bec60c8f8c64 [log] [tgz]
author: Ben Lindstrom <mouring@eviladmin.org> Thu Jul 04 00:19:40 2002 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> Thu Jul 04 00:19:40 2002 +0000
tree: d166c5fa709b6c87f4d18888cddda02ed95b2f4f
parent: 43ce2c86a89a512e3c9361b40155db8bbef3f441 [diff] [blame]
diff --git a/ssh.c b/ssh.c
index 67d297c..77e709d 100644
--- a/ssh.c
+++ b/ssh.c

@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.180 2002/06/30 21:59:45 deraadt Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.181 2002/07/03 14:21:05 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -649,7 +649,8 @@
 		    _PATH_HOST_RSA_KEY_FILE, "", NULL);
 		PRIV_END;
 
-		if (sensitive_data.keys[0] == NULL &&
+		if (options.hostbased_authentication == 1 &&
+		    sensitive_data.keys[0] == NULL &&
 		    sensitive_data.keys[1] == NULL &&
 		    sensitive_data.keys[2] == NULL) {
 			sensitive_data.keys[1] = key_load_public(
commit	5d35a2f5828cfb0a8579228d80e8bec60c8f8c64	[log] [tgz]
author	Ben Lindstrom <mouring@eviladmin.org>	Thu Jul 04 00:19:40 2002 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	Thu Jul 04 00:19:40 2002 +0000
tree	d166c5fa709b6c87f4d18888cddda02ed95b2f4f
parent	43ce2c86a89a512e3c9361b40155db8bbef3f441 [diff] [blame]