- markus@cvs.openbsd.org 2002/07/03 14:21:05
[ssh-keysign.8 ssh-keysign.c ssh.c ssh_config]
re-enable ssh-keysign's sbit, but make ssh-keysign read
/etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled
globally. based on discussions with deraadt, itojun and sommerfeld;
ok itojun@
diff --git a/ssh.c b/ssh.c
index 67d297c..77e709d 100644
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.180 2002/06/30 21:59:45 deraadt Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.181 2002/07/03 14:21:05 markus Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
@@ -649,7 +649,8 @@
_PATH_HOST_RSA_KEY_FILE, "", NULL);
PRIV_END;
- if (sensitive_data.keys[0] == NULL &&
+ if (options.hostbased_authentication == 1 &&
+ sensitive_data.keys[0] == NULL &&
sensitive_data.keys[1] == NULL &&
sensitive_data.keys[2] == NULL) {
sensitive_data.keys[1] = key_load_public(