9fe10288f0
ssh-keysign is used for host-based authentication, and is designed to be used as SUID-root program. OpenSSH defaults to referencing it from libexec, which cannot be made SUID in Nix.
29 lines
953 B
Diff
29 lines
953 B
Diff
diff --git a/pathnames.h b/pathnames.h
|
|
index cb44caa4..354fdf05 100644
|
|
--- a/pathnames.h
|
|
+++ b/pathnames.h
|
|
@@ -124,7 +124,7 @@
|
|
|
|
/* Location of ssh-keysign for hostbased authentication */
|
|
#ifndef _PATH_SSH_KEY_SIGN
|
|
-#define _PATH_SSH_KEY_SIGN "/usr/libexec/ssh-keysign"
|
|
+#define _PATH_SSH_KEY_SIGN "ssh-keysign"
|
|
#endif
|
|
|
|
/* Location of ssh-pkcs11-helper to support keys in tokens */
|
|
diff --git a/sshconnect2.c b/sshconnect2.c
|
|
index dffee90b..e9a86e59 100644
|
|
--- a/sshconnect2.c
|
|
+++ b/sshconnect2.c
|
|
@@ -1879,7 +1879,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
|
|
closefrom(sock + 1);
|
|
debug3("%s: [child] pid=%ld, exec %s",
|
|
__func__, (long)getpid(), _PATH_SSH_KEY_SIGN);
|
|
- execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL);
|
|
+ execlp(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL);
|
|
fatal("%s: exec(%s): %s", __func__, _PATH_SSH_KEY_SIGN,
|
|
strerror(errno));
|
|
}
|
|
--
|
|
2.22.0
|
|
|