Hello, The following patch avoids a warnign message when using hostbased authentication as root and protocol v1 support has been disabled. The case for non-root users has already been addressed, but root follows a different code path. -- Iain Morgan diff --git a/ssh.c b/ssh.c index cceb36e..e32aa0a 100644 --- a/ssh.c +++ b/ssh.c @@ -1242,8 +1242,10 @@ main(int ac, char **av) sensitive_data.keys[i] = NULL; PRIV_START; +#ifdef WITH_SSH1 sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, _PATH_HOST_KEY_FILE, "", NULL, NULL); +#endif #ifdef OPENSSL_HAS_ECC sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, "", NULL);
Iain Morgan wrote:> --- a/ssh.c > +++ b/ssh.c > @@ -1242,8 +1242,10 @@ main(int ac, char **av) > sensitive_data.keys[i] = NULL; > > PRIV_START; > +#ifdef WITH_SSH1 > sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, > _PATH_HOST_KEY_FILE, "", NULL, NULL); > +#endif > #ifdef OPENSSL_HAS_ECC > sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA,Wouldn't you need a counter or something, for the index? //Peter
On Wed, Nov 18, 2015 at 06:55:25 +0100, Peter Stuge wrote:> Iain Morgan wrote: > > --- a/ssh.c > > +++ b/ssh.c > > @@ -1242,8 +1242,10 @@ main(int ac, char **av) > > sensitive_data.keys[i] = NULL; > > > > PRIV_START; > > +#ifdef WITH_SSH1 > > sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, > > _PATH_HOST_KEY_FILE, "", NULL, NULL); > > +#endif > > #ifdef OPENSSL_HAS_ECC > > sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA, > > Wouldn't you need a counter or something, for the index? >Why? A fixed size array is used for sensitive_data.keys and the elements are initially all NULL. The code that walks through the array skips an elements that are NULL, and (if I recall correctly) each element is set back to NULL after the key is used. I tested this before the original post, and it worked correctly. -- Iain Morgan