HTTPS clone URL
Subversion checkout URL
Please sign in to comment.
pam_ssh: Don't allow a bogus passphrase for unencrypted keys.
key_load_private() ignores the passphrase argument if the private key is unencrypted. This defeats the nullok check, because it means a non-null passphrase will successfully unlock the key. To address this, try at first to load the key without a passphrase. If this succeeds and the user provided a non-empty passphrase *or* nullok is false, reject the key. While I'm here: Load the ECDSA key if there is one. Obtained-from: FreeBSD 227757, 219426, & 226101
- Loading branch information...
1 parent 3254d1d commit 09e61f6cd8073fbb48eab8523b4bcc4f82dac34d Peter Avalos committed
Showing with 33 additions and 18 deletions.