From 1a25b7ff9e9f165c34803a8a9237417e96fcdb05 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@cvs.openbsd.org>
Date: Sun, 15 Dec 2019 18:57:31 +0000
Subject: allow security keys to act as host keys as well as user keys.

Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FIDO protocol handling,
but now that this is insulated behind ssh-sk-helper there is
less risk.

ok markus@
---
 usr.bin/ssh/monitor.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'usr.bin/ssh/monitor.c')

diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c
index 0ffc063f71e..91715274e4d 100644
--- a/usr.bin/ssh/monitor.c
+++ b/usr.bin/ssh/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.205 2019/11/25 10:23:36 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.206 2019/12/15 18:57:30 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -613,7 +613,7 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m)
 
 	if ((key = get_hostkey_by_index(keyid)) != NULL) {
 		if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg,
-		    NULL, compat)) != 0)
+		    options.sk_provider, compat)) != 0)
 			fatal("%s: sshkey_sign failed: %s",
 			    __func__, ssh_err(r));
 	} else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL &&
-- 
cgit v1.2.3