diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2019-11-25 00:54:24 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2019-11-25 00:54:24 +0000 |
| commit | f2e424ddbdfa891310d397d4bc3dc41489f3a69a (patch) | |
| tree | 13eac2bc9faa73b1cc68c1f954941dc37278cb33 /usr.bin/ssh/monitor.c | |
| parent | 4fb21d67a65c6ab35a243d94db5b7217eea38c9e (diff) | |
add a "no-touch-required" option for authorized_keys and a similar
extension for certificates. This option disables the default
requirement that security key signatures attest that the user touched
their key to authorize them.
feedback deraadt, ok markus
Diffstat (limited to 'usr.bin/ssh/monitor.c')
| -rw-r--r-- | usr.bin/ssh/monitor.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index d35875f3ff0..5eac9cd5abd 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.203 2019/11/25 00:52:46 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.204 2019/11/25 00:54:23 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -1196,7 +1196,8 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) if (ret == 0 && key_blobtype == MM_USERKEY && sig_details != NULL) { req_presence = (options.pubkey_auth_options & - PUBKEYAUTH_TOUCH_REQUIRED); + PUBKEYAUTH_TOUCH_REQUIRED) || + !key_opts->no_require_user_presence; if (req_presence && (sig_details->sk_flags & SSH_SK_USER_PRESENCE_REQD) == 0) { error("public key %s %s signature for %s%s from %.128s " |