shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 10:40:27 +09:00
Code Issues Packages Projects Releases Wiki Activity

auth: do not prefer hostbound auth if there is no host key

Browse Source 
If there is no host key (e.g., because we are doing
gssapi-keyex with "null" host key algorithm), it does not
make sense to use host bound authentication.

Signed-off-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Pavol Žáčik
2025-12-09 13:11:06 +01:00
committed by Jakub Jelen
parent 9b4ee9c6d4
commit d2bb1ba889
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/auth.c
View File

@@ -548,7 +548,8 @@ static int build_pubkey_auth_request(ssh_session session,
int rc; int rc;
const char *auth_method = "publickey"; const char *auth_method = "publickey";
if (session->extensions & SSH_EXT_PUBLICKEY_HOSTBOUND) { if (session->extensions & SSH_EXT_PUBLICKEY_HOSTBOUND &&
session->current_crypto->server_pubkey != NULL) {
auth_method = "publickey-hostbound-v00@openssh.com"; auth_method = "publickey-hostbound-v00@openssh.com";
} }
@@ -567,7 +568,8 @@ static int build_pubkey_auth_request(ssh_session session,
return SSH_ERROR; return SSH_ERROR;
} }
if (session->extensions & SSH_EXT_PUBLICKEY_HOSTBOUND) { if (session->extensions & SSH_EXT_PUBLICKEY_HOSTBOUND &&
session->current_crypto->server_pubkey != NULL) {
rc = add_hostbound_pubkey(session); rc = add_hostbound_pubkey(session);
if (rc < 0) { if (rc < 0) {
return SSH_ERROR; return SSH_ERROR;