summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@cvs.openbsd.org>2007-12-31 15:27:05 +0000
committerDarren Tucker <dtucker@cvs.openbsd.org>2007-12-31 15:27:05 +0000
commit92db87af8a449cc2c6b2dd7ad4ec93d73c1d96f9 (patch)
tree6951b279095ff7a57087cb2cb7fbbd4b7b7cf5f9
parentc5245a7cf6f93ec974f7211383092fb1d19b5d70 (diff)
When in inetd mode, have sshd generate a Protocol 1 ephemeral server
key only for connections where the client chooses Protocol 1 as opposed to when it's enabled in the server's config. Speeds up Protocol 2 connections to inetd-mode servers that also allow Protocol 1. bz #440, based on a patch from bruno at wolff.to, ok markus@
-rw-r--r--usr.bin/ssh/sshd.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 8d547f47b39..3b67e1514e8 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.352 2007/12/27 14:22:08 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.353 2007/12/31 15:27:04 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1506,10 +1506,6 @@ main(int ac, char **av)
/* Get a connection, either from inetd or a listening TCP socket */
if (inetd_flag) {
server_accept_inetd(&sock_in, &sock_out);
-
- if ((options.protocol & SSH_PROTO_1) &&
- sensitive_data.server_key == NULL)
- generate_ephemeral_server_key();
} else {
server_listen();
@@ -1668,6 +1664,10 @@ main(int ac, char **av)
sshd_exchange_identification(sock_in, sock_out);
+ /* In inetd mode, generate ephemeral key only for proto 1 connections */
+ if (!compat20 && inetd_flag && sensitive_data.server_key == NULL)
+ generate_ephemeral_server_key();
+
packet_set_nonblocking();
/* allocate authentication context */