Attachment 2367 Details for Bug 2166 – do not use absent host keys for default HostKey value

[patch] do not use absent host keys for default HostKey value

check-existence-of-host-keys.patch (text/plain), 1.47 KB, created by Petr Lautrbach on 2013-10-30 01:13:16 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: Petr Lautrbach

Created: 2013-10-30 01:13:16 AEDT

Size: 1.47 KB

patch

obsolete

>diff --git a/servconf.c b/servconf.c
>index 8214672..e7c9b69 100644
>--- a/servconf.c
>+++ b/servconf.c
>@@ -168,18 +168,24 @@ fill_default_server_options(ServerOptions *options)
> 	if (options->num_host_key_files == 0) {
> 		/* fill default hostkeys for protocols */
> 		if (options->protocol & SSH_PROTO_1)
>-			options->host_key_files[options->num_host_key_files++] =
>-			    _PATH_HOST_KEY_FILE;
>+			if (access(_PATH_HOST_KEY_FILE, F_OK) == 0)
>+				options->host_key_files[options->num_host_key_files++] =
>+				   _PATH_HOST_KEY_FILE;
> 		if (options->protocol & SSH_PROTO_2) {
>-			options->host_key_files[options->num_host_key_files++] =
>-			    _PATH_HOST_RSA_KEY_FILE;
>-			options->host_key_files[options->num_host_key_files++] =
>-			    _PATH_HOST_DSA_KEY_FILE;
>+			if (access(_PATH_HOST_RSA_KEY_FILE, F_OK) == 0)
>+				options->host_key_files[options->num_host_key_files++] =
>+				    _PATH_HOST_RSA_KEY_FILE;
>+			if (access(_PATH_HOST_DSA_KEY_FILE, F_OK) == 0)
>+				options->host_key_files[options->num_host_key_files++] =
>+				    _PATH_HOST_DSA_KEY_FILE;
> #ifdef OPENSSL_HAS_ECC
>-			options->host_key_files[options->num_host_key_files++] =
>-			    _PATH_HOST_ECDSA_KEY_FILE;
>+			if (access(_PATH_HOST_ECDSA_KEY_FILE, F_OK) == 0)
>+				options->host_key_files[options->num_host_key_files++] =
>+				    _PATH_HOST_ECDSA_KEY_FILE;
> #endif
> 		}
>+		if (options->num_host_key_files == 0)
>+			fatal("sshd: no hostkeys available -- exiting.");
> 	}
> 	/* No certificates by default */
> 	if (options->num_ports == 0)

Actions: View | Diff

Attachments on bug 2166: 2366 | 2367