From: djm Date: Thu, 6 Jan 2022 22:06:51 +0000 (+0000) Subject: allow hostbased auth to select RSA keys when only RSA/SHA2 are X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=872696c4045e4c13f1bfcb2d883da6f9d62de782;p=openbsd allow hostbased auth to select RSA keys when only RSA/SHA2 are configured (this is the default case); ok markus@ --- diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 6a6373fcd16..ce0f77e851a 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.354 2021/12/19 22:14:47 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.355 2022/01/06 22:06:51 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -2162,9 +2162,9 @@ userauth_hostbased(struct ssh *ssh) if (authctxt->sensitive->keys[i] == NULL || authctxt->sensitive->keys[i]->type == KEY_UNSPEC) continue; - if (match_pattern_list( + if (!sshkey_match_keyname_to_sigalgs( sshkey_ssh_name(authctxt->sensitive->keys[i]), - authctxt->active_ktype, 0) != 1) + authctxt->active_ktype)) continue; /* we take and free the key */ private = authctxt->sensitive->keys[i]; @@ -2190,7 +2190,8 @@ userauth_hostbased(struct ssh *ssh) error_f("sshkey_fingerprint failed"); goto out; } - debug_f("trying hostkey %s %s", sshkey_ssh_name(private), fp); + debug_f("trying hostkey %s %s using sigalg %s", + sshkey_ssh_name(private), fp, authctxt->active_ktype); /* figure out a name for the client host */ lname = get_local_name(ssh_packet_get_connection_in(ssh));