diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2020-06-18 23:34:20 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2020-06-18 23:34:20 +0000 |
| commit | 8bce17a35647b95cbaa4d08cfc529d52a0c15e5e (patch) | |
| tree | 25930bd83b2399a8257c701c0dc713e26f3492c3 | |
| parent | 5774d0430c41a1ebf9417dda6127a7a4779ed7ce (diff) | |
check public host key matches private; ok markus@ (as part of
previous diff)
| -rw-r--r-- | usr.bin/ssh/sshd.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 68451bfcae8..40487cafca4 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.556 2020/06/05 06:18:07 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.557 2020/06/18 23:34:19 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1726,10 +1726,19 @@ main(int ac, char **av) &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR) do_log2(ll, "Unable to load host key \"%s\": %s", options.host_key_files[i], ssh_err(r)); - if (pubkey == NULL && key != NULL) + if (pubkey != NULL && key != NULL) { + if (!sshkey_equal(pubkey, key)) { + error("Public key for %s does not match " + "private key", options.host_key_files[i]); + sshkey_free(pubkey); + pubkey = NULL; + } + } + if (pubkey == NULL && key != NULL) { if ((r = sshkey_from_private(key, &pubkey)) != 0) fatal("Could not demote key: \"%s\": %s", options.host_key_files[i], ssh_err(r)); + } sensitive_data.host_keys[i] = key; sensitive_data.host_pubkeys[i] = pubkey; |