upstream: Match host certificates against host public keys, not private

keys. Allows use of certificates with private keys held in a ssh-agent. Reported by Miles Zhou in bz3524; ok dtucker@ OpenBSD-Commit-ID: 25f5bf70003126d19162862d9eb380bf34bac22a
author: djm@openbsd.org <djm@openbsd.org> 2021-06-06 13:34:16 +0200
committer: Damien Miller <djm@mindrot.org> 2021-06-06 13:35:29 +0200
commit: 530739d42f6102668aecd699be0ce59815c1eceb (patch)
tree: 918c8fb18da9381bbf235b5de8dc39491abd7b04 /sshd.c
parent: upstream: Client-side workaround for a bug in OpenSSH 7.4: this release (diff)
download: openssh-530739d42f6102668aecd699be0ce59815c1eceb.tar.xz
openssh-530739d42f6102668aecd699be0ce59815c1eceb.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/sshd.c b/sshd.c
index b1a22e860..7e80b1749 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.574 2021/06/04 05:09:08 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.575 2021/06/06 11:34:16 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1934,7 +1934,7 @@ main(int ac, char **av)
 		/* Find matching private key */
 		for (j = 0; j < options.num_host_key_files; j++) {
 			if (sshkey_equal_public(key,
-			    sensitive_data.host_keys[j])) {
+			    sensitive_data.host_pubkeys[j])) {
 				sensitive_data.host_certificates[j] = key;
 				break;
 			}
author	djm@openbsd.org <djm@openbsd.org>	2021-06-06 13:34:16 +0200
committer	Damien Miller <djm@mindrot.org>	2021-06-06 13:35:29 +0200
commit	530739d42f6102668aecd699be0ce59815c1eceb (patch)
tree	918c8fb18da9381bbf235b5de8dc39491abd7b04 /sshd.c
parent	upstream: Client-side workaround for a bug in OpenSSH 7.4: this release (diff)
download	openssh-530739d42f6102668aecd699be0ce59815c1eceb.tar.xz openssh-530739d42f6102668aecd699be0ce59815c1eceb.zip