diff options
author | djm@openbsd.org <djm@openbsd.org> | 2020-10-07 02:20:35 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-10-07 13:34:11 +1100 |
commit | f4f14e023cafee1cd9ebe4bb0db4029e6e1fafac (patch) | |
tree | ee5851108b463d3a456e7807fdf1101bd57346fa /sshconnect.c | |
parent | e79957e877db42c4c68fabcf6ecff2268e53acb5 (diff) | |
download | openssh-git-f4f14e023cafee1cd9ebe4bb0db4029e6e1fafac.tar.gz |
upstream: simply disable UpdateHostkeys when a certificate
successfully authenticated the host; simpler than the complicated plumbing
via kex->flags we have now.
ok markus@
OpenBSD-Commit-ID: 80e39644eed75717d563a7f177e8117a0e14f42c
Diffstat (limited to 'sshconnect.c')
-rw-r--r-- | sshconnect.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/sshconnect.c b/sshconnect.c index 31e012df..ba07a5ff 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.335 2020/10/04 09:45:01 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.336 2020/10/07 02:20:35 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -609,7 +609,12 @@ check_host_cert(const char *host, const struct sshkey *key) "(null)" : key->cert->signature_type, ssh_err(r)); return 0; } - + /* Do not attempt hostkey update if a certificate was successful */ + if (options.update_hostkeys != 0) { + options.update_hostkeys = 0; + debug3("%s: certificate host key in use; disabling " + "UpdateHostkeys", __func__); + } return 1; } |