tomaswolf opened a new pull request, #809:
URL: https://github.com/apache/mina-sshd/pull/809

   Respect server-side attributes that may be set in an `authorized_keys` file: 
`no-touch-required` and `verify-required`. These flags exist _only_ 
server-side; the public keys received in an SSH_MSG_USERAUTH packet do not have 
them.
   
   * Ensure that we do _not_ consider these flags when matching public keys 
received against the `authorited_keys` file.
   * Ensure that for signature verification, we _do_ use a key that does carry 
these flags (i.e., created from the matching `AuthorizedKeyEntry`) so that we 
can properly check the flags in the signature.
   
   Also throw an exception if there is bogus trailing data after the signature 
in the packet.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to