don't record hostbased authentication hostkeys as user keys

in test for multiple authentication with the same key
author: djm <djm@openbsd.org> 2015-09-04 04:44:08 +0000
committer: djm <djm@openbsd.org> 2015-09-04 04:44:08 +0000
commit: 5162f355958116a141a7532b4c78324df08c189a (patch)
tree: d92e84ae4ac9350076698617c64ec3a69f44f32a /usr.bin/ssh
parent: trim junk from end of file; bz#2455 from Jakub Jelen (diff)
download: wireguard-openbsd-5162f355958116a141a7532b4c78324df08c189a.tar.xz
wireguard-openbsd-5162f355958116a141a7532b4c78324df08c189a.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c
index 81dcb86e9a3..7ebcdacfda6 100644
--- a/usr.bin/ssh/monitor.c
+++ b/usr.bin/ssh/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.152 2015/09/02 07:51:12 jsg Exp $ */
+/* $OpenBSD: monitor.c,v 1.153 2015/09/04 04:44:08 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1156,7 +1156,7 @@ mm_answer_keyverify(int sock, Buffer *m)
 	    __func__, key, (verified == 1) ? "verified" : "unverified");
 
 	/* If auth was successful then record key to ensure it isn't reused */
-	if (verified == 1)
+	if (verified == 1 && key_blobtype == MM_USERKEY)
 		auth2_record_userkey(authctxt, key);
 	else
 		key_free(key);
author	djm <djm@openbsd.org>	2015-09-04 04:44:08 +0000
committer	djm <djm@openbsd.org>	2015-09-04 04:44:08 +0000
commit	5162f355958116a141a7532b4c78324df08c189a (patch)
tree	d92e84ae4ac9350076698617c64ec3a69f44f32a /usr.bin/ssh
parent	trim junk from end of file; bz#2455 from Jakub Jelen (diff)
download	wireguard-openbsd-5162f355958116a141a7532b4c78324df08c189a.tar.xz wireguard-openbsd-5162f355958116a141a7532b4c78324df08c189a.zip