Match host certificates against host public keys, not private keys.

Allows use of certificates with private keys held in a ssh-agent.
Reported by Miles Zhou in bz3524; ok dtucker@

diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 95c9aeb..0bd010d 100644 (file)
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.574 2021/06/04 05:09:08 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.575 2021/06/06 11:34:16 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1809,7 +1809,7 @@ main(int ac, char **av)
                /* Find matching private key */
                for (j = 0; j < options.num_host_key_files; j++) {
                        if (sshkey_equal_public(key,
-                           sensitive_data.host_keys[j])) {
+                           sensitive_data.host_pubkeys[j])) {
                                sensitive_data.host_certificates[j] = key;
                                break;
                        }