diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-06-19 01:34:19 +0200 |
|---|---|---|
| committer | Darren Tucker <dtucker@dtucker.net> | 2020-06-19 07:51:04 +0200 |
| commit | 7775819c6de3e9547ac57b87c7dd2bfd28cefcc5 (patch) | |
| tree | b9892e35c102f3ac48b386509a9f0bd069464a61 | |
| parent | upstream: avoid spurious "Unable to load host key" message when (diff) | |
| download | openssh-7775819c6de3e9547ac57b87c7dd2bfd28cefcc5.tar.xz openssh-7775819c6de3e9547ac57b87c7dd2bfd28cefcc5.zip | |
upstream: check public host key matches private; ok markus@ (as
part of previous diff)
OpenBSD-Commit-ID: 65a4f66436028748b59fb88b264cb8c94ce2ba63
| -rw-r--r-- | sshd.c | 13 |
1 files changed, 11 insertions, 2 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.556 2020/06/05 06:18:07 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.557 2020/06/18 23:34:19 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1849,10 +1849,19 @@ main(int ac, char **av) &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR) do_log2(ll, "Unable to load host key \"%s\": %s", options.host_key_files[i], ssh_err(r)); - if (pubkey == NULL && key != NULL) + if (pubkey != NULL && key != NULL) { + if (!sshkey_equal(pubkey, key)) { + error("Public key for %s does not match " + "private key", options.host_key_files[i]); + sshkey_free(pubkey); + pubkey = NULL; + } + } + if (pubkey == NULL && key != NULL) { if ((r = sshkey_from_private(key, &pubkey)) != 0) fatal("Could not demote key: \"%s\": %s", options.host_key_files[i], ssh_err(r)); + } sensitive_data.host_keys[i] = key; sensitive_data.host_pubkeys[i] = pubkey; |