From c385abf76511451bcba78568167b1cd9e90587d5 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Sun, 19 Dec 2021 22:14:47 +0000
Subject: upstream: PubkeyAuthentication=yes|no|unbound|host-bound

Allow control over which pubkey methods are used. Added out of
concern that some hardware devices may have difficulty signing
the longer pubkey authentication challenges. This provides a
way for them to disable the extension. It's also handy for
testing.

feedback / ok markus@

OpenBSD-Commit-ID: ee52580db95c355cf6d563ba89974c210e603b1a
---
 readconf.h | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'readconf.h')

diff --git a/readconf.h b/readconf.h
index f24719f9..ded13c94 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.145 2021/09/15 06:56:01 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.146 2021/12/19 22:14:47 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -179,6 +179,11 @@ typedef struct {
 	char	*ignored_unknown; /* Pattern list of unknown tokens to ignore */
 }       Options;
 
+#define SSH_PUBKEY_AUTH_NO	0x00
+#define SSH_PUBKEY_AUTH_UNBOUND	0x01
+#define SSH_PUBKEY_AUTH_HBOUND	0x02
+#define SSH_PUBKEY_AUTH_ALL	0x03
+
 #define SSH_CANONICALISE_NO	0
 #define SSH_CANONICALISE_YES	1
 #define SSH_CANONICALISE_ALWAYS	2
-- 
cgit v1.2.1