upstream: Match host certificates against host public keys, not private

keys. Allows use of certificates with private keys held in a ssh-agent.
Reported by Miles Zhou in bz3524; ok dtucker@

OpenBSD-Commit-ID: 25f5bf70003126d19162862d9eb380bf34bac22a
This commit is contained in:
djm@openbsd.org 2021-06-06 11:34:16 +00:00 committed by Damien Miller
parent 4265215d73
commit 530739d42f

4
sshd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshd.c,v 1.574 2021/06/04 05:09:08 dtucker Exp $ */ /* $OpenBSD: sshd.c,v 1.575 2021/06/06 11:34:16 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1934,7 +1934,7 @@ main(int ac, char **av)
/* Find matching private key */ /* Find matching private key */
for (j = 0; j < options.num_host_key_files; j++) { for (j = 0; j < options.num_host_key_files; j++) {
if (sshkey_equal_public(key, if (sshkey_equal_public(key,
sensitive_data.host_keys[j])) { sensitive_data.host_pubkeys[j])) {
sensitive_data.host_certificates[j] = key; sensitive_data.host_certificates[j] = key;
break; break;
} }