431 lines
15 KiB
Diff
431 lines
15 KiB
Diff
diff -ur '--exclude=.*.un~' a/openssh-8_5_P1-hpn-AES-CTR-15.2.diff b/openssh-8_5_P1-hpn-AES-CTR-15.2.diff
|
|
--- a/openssh-8_5_P1-hpn-AES-CTR-15.2.diff 2022-02-24 18:48:19.078457000 -0800
|
|
+++ b/openssh-8_5_P1-hpn-AES-CTR-15.2.diff 2022-02-24 18:49:22.195632128 -0800
|
|
@@ -3,9 +3,9 @@
|
|
--- a/Makefile.in
|
|
+++ b/Makefile.in
|
|
@@ -46,7 +46,7 @@ CFLAGS=@CFLAGS@
|
|
- CFLAGS_NOPIE=@CFLAGS_NOPIE@
|
|
- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
|
|
- PICFLAG=@PICFLAG@
|
|
+ LD=@LD@
|
|
+ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA)
|
|
+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
|
|
-LIBS=@LIBS@
|
|
+LIBS=@LIBS@ -lpthread
|
|
K5LIBS=@K5LIBS@
|
|
@@ -803,8 +803,8 @@
|
|
ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
|
|
{
|
|
struct session_state *state;
|
|
-- const struct sshcipher *none = cipher_by_name("none");
|
|
-+ struct sshcipher *none = cipher_by_name("none");
|
|
+- const struct sshcipher *none = cipher_none();
|
|
++ struct sshcipher *none = cipher_none();
|
|
int r;
|
|
|
|
if (none == NULL) {
|
|
@@ -894,24 +894,24 @@
|
|
intptr = &options->compression;
|
|
multistate_ptr = multistate_compression;
|
|
@@ -2272,6 +2278,7 @@ initialize_options(Options * options)
|
|
- options->revoked_host_keys = NULL;
|
|
options->fingerprint_hash = -1;
|
|
options->update_hostkeys = -1;
|
|
+ options->known_hosts_command = NULL;
|
|
+ options->disable_multithreaded = -1;
|
|
- options->hostbased_accepted_algos = NULL;
|
|
- options->pubkey_accepted_algos = NULL;
|
|
- options->known_hosts_command = NULL;
|
|
+ }
|
|
+
|
|
+ /*
|
|
@@ -2467,6 +2474,10 @@ fill_default_options(Options * options)
|
|
+ options->update_hostkeys = 0;
|
|
if (options->sk_provider == NULL)
|
|
options->sk_provider = xstrdup("$SSH_SK_PROVIDER");
|
|
- #endif
|
|
+ if (options->update_hostkeys == -1)
|
|
+ options->update_hostkeys = 0;
|
|
+ if (options->disable_multithreaded == -1)
|
|
+ options->disable_multithreaded = 0;
|
|
|
|
- /* Expand KEX name lists */
|
|
- all_cipher = cipher_alg_list(',', 0);
|
|
+ /* expand KEX and etc. name lists */
|
|
+ { char *all;
|
|
diff --git a/readconf.h b/readconf.h
|
|
index 2fba866e..7f8f0227 100644
|
|
--- a/readconf.h
|
|
@@ -950,9 +950,9 @@
|
|
/* Portable-specific options */
|
|
sUsePAM,
|
|
+ sDisableMTAES,
|
|
- /* Standard Options */
|
|
- sPort, sHostKeyFile, sLoginGraceTime,
|
|
- sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose,
|
|
+ /* X.509 Standard Options */
|
|
+ sHostbasedAlgorithms,
|
|
+ sPubkeyAlgorithms,
|
|
@@ -662,6 +666,7 @@ static struct {
|
|
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
|
|
{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
|
|
diff -ur '--exclude=.*.un~' a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff
|
|
--- a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2022-02-24 18:48:19.078457000 -0800
|
|
+++ b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2022-02-24 18:54:51.800546480 -0800
|
|
@@ -157,6 +157,36 @@
|
|
+ Allan Jude provided the code for the NoneMac and buffer normalization.
|
|
+ This work was financed, in part, by Cisco System, Inc., the National
|
|
+ Library of Medicine, and the National Science Foundation.
|
|
+diff --git a/auth2.c b/auth2.c
|
|
+--- a/auth2.c 2021-03-15 19:30:45.404060786 -0700
|
|
++++ b/auth2.c 2021-03-15 19:37:22.078476597 -0700
|
|
+@@ -229,16 +229,17 @@
|
|
+ double delay;
|
|
+
|
|
+ digest_alg = ssh_digest_maxbytes();
|
|
+- len = ssh_digest_bytes(digest_alg);
|
|
+- hash = xmalloc(len);
|
|
++ if (len = ssh_digest_bytes(digest_alg) > 0) {
|
|
++ hash = xmalloc(len);
|
|
+
|
|
+- (void)snprintf(b, sizeof b, "%llu%s",
|
|
+- (unsigned long long)options.timing_secret, user);
|
|
+- if (ssh_digest_memory(digest_alg, b, strlen(b), hash, len) != 0)
|
|
+- fatal_f("ssh_digest_memory");
|
|
+- /* 0-4.2 ms of delay */
|
|
+- delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000;
|
|
+- freezero(hash, len);
|
|
++ (void)snprintf(b, sizeof b, "%llu%s",
|
|
++ (unsigned long long)options.timing_secret, user);
|
|
++ if (ssh_digest_memory(digest_alg, b, strlen(b), hash, len) != 0)
|
|
++ fatal_f("ssh_digest_memory");
|
|
++ /* 0-4.2 ms of delay */
|
|
++ delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000;
|
|
++ freezero(hash, len);
|
|
++ }
|
|
+ debug3_f("user specific delay %0.3lfms", delay/1000);
|
|
+ return MIN_FAIL_DELAY_SECONDS + delay;
|
|
+ }
|
|
diff --git a/channels.c b/channels.c
|
|
index b60d56c4..0e363c15 100644
|
|
--- a/channels.c
|
|
@@ -209,14 +239,14 @@
|
|
static void
|
|
channel_pre_open(struct ssh *ssh, Channel *c,
|
|
fd_set *readset, fd_set *writeset)
|
|
-@@ -2120,22 +2147,32 @@ channel_check_window(struct ssh *ssh, Channel *c)
|
|
+@@ -2164,21 +2191,31 @@ channel_check_window(struct ssh *ssh, Channel *c)
|
|
|
|
if (c->type == SSH_CHANNEL_OPEN &&
|
|
!(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) &&
|
|
- ((c->local_window_max - c->local_window >
|
|
- c->local_maxpacket*3) ||
|
|
-+ ((ssh_packet_is_interactive(ssh) &&
|
|
-+ c->local_window_max - c->local_window > c->local_maxpacket*3) ||
|
|
++ ((ssh_packet_is_interactive(ssh) &&
|
|
++ c->local_window_max - c->local_window > c->local_maxpacket*3) ||
|
|
c->local_window < c->local_window_max/2) &&
|
|
c->local_consumed > 0) {
|
|
+ u_int addition = 0;
|
|
@@ -235,9 +265,8 @@
|
|
(r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
|
|
- (r = sshpkt_put_u32(ssh, c->local_consumed)) != 0 ||
|
|
+ (r = sshpkt_put_u32(ssh, c->local_consumed + addition)) != 0 ||
|
|
- (r = sshpkt_send(ssh)) != 0) {
|
|
- fatal_fr(r, "channel %i", c->self);
|
|
- }
|
|
+ (r = sshpkt_send(ssh)) != 0)
|
|
+ fatal_fr(r, "channel %d", c->self);
|
|
- debug2("channel %d: window %d sent adjust %d", c->self,
|
|
- c->local_window, c->local_consumed);
|
|
- c->local_window += c->local_consumed;
|
|
@@ -337,70 +366,92 @@
|
|
index 70f492f8..5503af1d 100644
|
|
--- a/clientloop.c
|
|
+++ b/clientloop.c
|
|
-@@ -1578,9 +1578,11 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan)
|
|
+@@ -1578,10 +1578,11 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan)
|
|
sock = x11_connect_display(ssh);
|
|
if (sock < 0)
|
|
return NULL;
|
|
- c = channel_new(ssh, "x11",
|
|
- SSH_CHANNEL_X11_OPEN, sock, sock, -1,
|
|
-- CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
|
|
-+ c = channel_new(ssh, "x11",
|
|
-+ SSH_CHANNEL_X11_OPEN, sock, sock, -1,
|
|
-+ /* again is this really necessary for X11? */
|
|
-+ options.hpn_disabled ? CHAN_TCP_WINDOW_DEFAULT : options.hpn_buffer_size,
|
|
-+ CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
|
|
+- CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11",
|
|
+- CHANNEL_NONBLOCK_SET);
|
|
++ c = channel_new(ssh, "x11",
|
|
++ SSH_CHANNEL_X11_OPEN, sock, sock, -1,
|
|
++ /* again is this really necessary for X11? */
|
|
++ options.hpn_disabled ? CHAN_TCP_WINDOW_DEFAULT : options.hpn_buffer_size,
|
|
++ CHAN_X11_PACKET_DEFAULT, 0, "x11", CHANNEL_NONBLOCK_SET);
|
|
c->force_drain = 1;
|
|
return c;
|
|
}
|
|
-@@ -1608,9 +1610,10 @@ client_request_agent(struct ssh *ssh, const char *request_type, int rchan)
|
|
+@@ -1608,9 +1609,10 @@ client_request_agent(struct ssh *ssh, const char *request_type, int rchan)
|
|
return NULL;
|
|
}
|
|
c = channel_new(ssh, "authentication agent connection",
|
|
- SSH_CHANNEL_OPEN, sock, sock, -1,
|
|
- CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
|
|
-- "authentication agent connection", 1);
|
|
-+ SSH_CHANNEL_OPEN, sock, sock, -1,
|
|
-+ options.hpn_disabled ? CHAN_X11_WINDOW_DEFAULT : options.hpn_buffer_size,
|
|
-+ CHAN_TCP_PACKET_DEFAULT, 0,
|
|
-+ "authentication agent connection", 1);
|
|
+- "authentication agent connection", CHANNEL_NONBLOCK_SET);
|
|
++ SSH_CHANNEL_OPEN, sock, sock, -1,
|
|
++ options.hpn_disabled ? CHAN_X11_WINDOW_DEFAULT : options.hpn_buffer_size,
|
|
++ CHAN_TCP_PACKET_DEFAULT, 0,
|
|
++ "authentication agent connection", CHANNEL_NONBLOCK_SET);
|
|
c->force_drain = 1;
|
|
return c;
|
|
}
|
|
-@@ -1635,10 +1638,13 @@ client_request_tun_fwd(struct ssh *ssh, int tun_mode,
|
|
+@@ -1635,9 +1637,9 @@ client_request_tun_fwd(struct ssh *ssh, int tun_mode,
|
|
}
|
|
debug("Tunnel forwarding using interface %s", ifname);
|
|
|
|
- c = channel_new(ssh, "tun", SSH_CHANNEL_OPENING, fd, fd, -1,
|
|
-- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
|
|
-+ c = channel_new(ssh, "tun", SSH_CHANNEL_OPENING, fd, fd, -1,
|
|
+- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun",
|
|
+- CHANNEL_NONBLOCK_SET);
|
|
++ c = channel_new(ssh, "tun", SSH_CHANNEL_OPENING, fd, fd, -1,
|
|
+ options.hpn_disabled ? CHAN_TCP_WINDOW_DEFAULT : options.hpn_buffer_size,
|
|
-+ CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
|
|
++ CHAN_TCP_PACKET_DEFAULT, 0, "tun", CHANNEL_NONBLOCK_SET);
|
|
c->datagram = 1;
|
|
|
|
-+
|
|
-+
|
|
#if defined(SSH_TUN_FILTER)
|
|
- if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
|
|
- channel_register_filter(ssh, c->self, sys_tun_infilter,
|
|
diff --git a/compat.c b/compat.c
|
|
index 69befa96..90b5f338 100644
|
|
--- a/compat.c
|
|
+++ b/compat.c
|
|
-@@ -149,6 +149,14 @@ compat_banner(struct ssh *ssh, const char *version)
|
|
- debug_f("match: %s pat %s compat 0x%08x",
|
|
+@@ -43,7 +43,7 @@ compat_datafellows(const char *version)
|
|
+ static u_int
|
|
+ compat_datafellows(const char *version)
|
|
+ {
|
|
+- int i;
|
|
++ int i, bugs = 0;
|
|
+ static struct {
|
|
+ char *pat;
|
|
+ int bugs;
|
|
+@@ -147,11 +147,26 @@
|
|
+ if (match_pattern_list(version, check[i].pat, 0) == 1) {
|
|
+ debug("match: %s pat %s compat 0x%08x",
|
|
version, check[i].pat, check[i].bugs);
|
|
- ssh->compat = check[i].bugs;
|
|
+ /* Check to see if the remote side is OpenSSH and not HPN */
|
|
-+ /* TODO: need to use new method to test for this */
|
|
+ if (strstr(version, "OpenSSH") != NULL) {
|
|
+ if (strstr(version, "hpn") == NULL) {
|
|
-+ ssh->compat |= SSH_BUG_LARGEWINDOW;
|
|
++ bugs |= SSH_BUG_LARGEWINDOW;
|
|
+ debug("Remote is NON-HPN aware");
|
|
+ }
|
|
+ }
|
|
- return;
|
|
+- return check[i].bugs;
|
|
++ bugs |= check[i].bugs;
|
|
}
|
|
}
|
|
+- debug("no match: %s", version);
|
|
+- return 0;
|
|
++ /* Check to see if the remote side is OpenSSH and not HPN */
|
|
++ if (strstr(version, "OpenSSH") != NULL) {
|
|
++ if (strstr(version, "hpn") == NULL) {
|
|
++ bugs |= SSH_BUG_LARGEWINDOW;
|
|
++ debug("Remote is NON-HPN aware");
|
|
++ }
|
|
++ }
|
|
++ if (bugs == 0)
|
|
++ debug("no match: %s", version);
|
|
++ return bugs;
|
|
+ }
|
|
+
|
|
+ char *
|
|
diff --git a/compat.h b/compat.h
|
|
index c197fafc..ea2e17a7 100644
|
|
--- a/compat.h
|
|
@@ -459,7 +510,7 @@
|
|
@@ -890,6 +890,10 @@ kex_choose_conf(struct ssh *ssh)
|
|
int nenc, nmac, ncomp;
|
|
u_int mode, ctos, need, dh_need, authlen;
|
|
- int r, first_kex_follows;
|
|
+ int r, first_kex_follows = 0;
|
|
+ int auth_flag = 0;
|
|
+
|
|
+ auth_flag = packet_authentication_state(ssh);
|
|
@@ -553,10 +604,10 @@
|
|
#define MAX_PACKETS (1U<<31)
|
|
static int
|
|
ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
|
|
-@@ -1317,7 +1351,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
|
|
+@@ -1317,7 +1336,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
|
|
+ {
|
|
struct session_state *state = ssh->state;
|
|
int len, r, ms_remain;
|
|
- struct pollfd pfd;
|
|
- char buf[8192];
|
|
+ char buf[SSH_IOBUFSZ];
|
|
struct timeval start;
|
|
@@ -1072,7 +1123,7 @@
|
|
+ else
|
|
+ options.hpn_buffer_size = 2 * 1024 * 1024;
|
|
+
|
|
-+ if (ssh->compat & SSH_BUG_LARGEWINDOW) {
|
|
++ if (ssh_compat_fellows(ssh, SSH_BUG_LARGEWINDOW)) {
|
|
+ debug("HPN to Non-HPN Connection");
|
|
+ } else {
|
|
+ int sock, socksize;
|
|
@@ -1136,14 +1187,14 @@
|
|
}
|
|
@@ -2089,6 +2167,11 @@ ssh_session2_open(struct ssh *ssh)
|
|
window, packetmax, CHAN_EXTENDED_WRITE,
|
|
- "client-session", /*nonblock*/0);
|
|
+ "client-session", CHANNEL_NONBLOCK_STDIO);
|
|
|
|
+ if ((options.tcp_rcv_buf_poll > 0) && !options.hpn_disabled) {
|
|
+ c->dynamic_window = 1;
|
|
+ debug("Enabled Dynamic Window Scaling");
|
|
+ }
|
|
+
|
|
- debug3_f("channel_new: %d", c->self);
|
|
+ debug2_f("channel %d", c->self);
|
|
|
|
channel_send_open(ssh, c->self);
|
|
@@ -2105,6 +2188,13 @@ ssh_session2(struct ssh *ssh, const struct ssh_conn_info *cinfo)
|
|
@@ -1314,7 +1365,29 @@
|
|
/* Bind the socket to the desired port. */
|
|
if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) == -1) {
|
|
error("Bind to port %s on %s failed: %.200s.",
|
|
-@@ -1727,6 +1734,19 @@ main(int ac, char **av)
|
|
+@@ -1625,13 +1632,14 @@
|
|
+ if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg),
|
|
+ sshbuf_len(server_cfg)) != 0)
|
|
+ fatal_f("ssh_digest_update");
|
|
+- len = ssh_digest_bytes(digest_alg);
|
|
+- hash = xmalloc(len);
|
|
+- if (ssh_digest_final(ctx, hash, len) != 0)
|
|
+- fatal_f("ssh_digest_final");
|
|
+- options.timing_secret = PEEK_U64(hash);
|
|
+- freezero(hash, len);
|
|
+- ssh_digest_free(ctx);
|
|
++ if ((len = ssh_digest_bytes(digest_alg)) > 0) {
|
|
++ hash = xmalloc(len);
|
|
++ if (ssh_digest_final(ctx, hash, len) != 0)
|
|
++ fatal_f("ssh_digest_final");
|
|
++ options.timing_secret = PEEK_U64(hash);
|
|
++ freezero(hash, len);
|
|
++ ssh_digest_free(ctx);
|
|
++ }
|
|
+ ctx = NULL;
|
|
+ return;
|
|
+ }
|
|
+@@ -1727,6 +1735,19 @@ main(int ac, char **av)
|
|
fatal("AuthorizedPrincipalsCommand set without "
|
|
"AuthorizedPrincipalsCommandUser");
|
|
|
|
@@ -1334,7 +1407,7 @@
|
|
/*
|
|
* Check whether there is any path through configured auth methods.
|
|
* Unfortunately it is not possible to verify this generally before
|
|
-@@ -2166,6 +2186,9 @@ main(int ac, char **av)
|
|
+@@ -2166,6 +2187,9 @@ main(int ac, char **av)
|
|
rdomain == NULL ? "" : "\"");
|
|
free(laddr);
|
|
|
|
@@ -1344,7 +1417,7 @@
|
|
/*
|
|
* We don't want to listen forever unless the other side
|
|
* successfully authenticates itself. So we set up an alarm which is
|
|
-@@ -2343,6 +2366,12 @@ do_ssh2_kex(struct ssh *ssh)
|
|
+@@ -2343,6 +2367,12 @@ do_ssh2_kex(struct ssh *ssh)
|
|
struct kex *kex;
|
|
int r;
|
|
|
|
@@ -1384,14 +1457,3 @@
|
|
# Example of overriding settings on a per-user basis
|
|
#Match User anoncvs
|
|
# X11Forwarding no
|
|
-diff --git a/version.h b/version.h
|
|
-index 6b4fa372..332fb486 100644
|
|
---- a/version.h
|
|
-+++ b/version.h
|
|
-@@ -3,4 +3,5 @@
|
|
- #define SSH_VERSION "OpenSSH_8.5"
|
|
-
|
|
- #define SSH_PORTABLE "p1"
|
|
--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
|
|
-+#define SSH_HPN "-hpn15v2"
|
|
-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
|
|
diff -ur '--exclude=.*.un~' a/openssh-8_5_P1-hpn-PeakTput-15.2.diff b/openssh-8_5_P1-hpn-PeakTput-15.2.diff
|
|
--- a/openssh-8_5_P1-hpn-PeakTput-15.2.diff 2022-02-24 18:48:19.078457000 -0800
|
|
+++ b/openssh-8_5_P1-hpn-PeakTput-15.2.diff 2022-02-24 18:49:22.196632131 -0800
|
|
@@ -12,9 +12,9 @@
|
|
static long stalled; /* how long we have been stalled */
|
|
static int bytes_per_second; /* current speed in bytes per second */
|
|
@@ -127,6 +129,7 @@ refresh_progress_meter(int force_update)
|
|
+ off_t bytes_left;
|
|
int cur_speed;
|
|
- int hours, minutes, seconds;
|
|
- int file_len;
|
|
+ int len;
|
|
+ off_t delta_pos;
|
|
|
|
if ((!force_update && !alarm_fired && !win_resized) || !can_output())
|
|
@@ -30,15 +30,17 @@
|
|
if (bytes_left > 0)
|
|
elapsed = now - last_update;
|
|
else {
|
|
-@@ -166,7 +173,7 @@ refresh_progress_meter(int force_update)
|
|
-
|
|
+@@ -166,8 +173,8 @@ refresh_progress_meter(int force_update)
|
|
+ buf[1] = '\0';
|
|
+
|
|
/* filename */
|
|
- buf[0] = '\0';
|
|
-- file_len = win_size - 36;
|
|
-+ file_len = win_size - 45;
|
|
- if (file_len > 0) {
|
|
- buf[0] = '\r';
|
|
- snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s",
|
|
+- if (win_size > 36) {
|
|
++ if (win_size > 45) {
|
|
+- int file_len = win_size - 36;
|
|
++ int file_len = win_size - 45;
|
|
+ snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s ",
|
|
+ file_len, file);
|
|
+ }
|
|
@@ -191,6 +198,15 @@ refresh_progress_meter(int force_update)
|
|
(off_t)bytes_per_second);
|
|
strlcat(buf, "/s ", win_size);
|
|
@@ -63,15 +65,3 @@
|
|
}
|
|
|
|
/*ARGSUSED*/
|
|
-diff --git a/ssh-keygen.c b/ssh-keygen.c
|
|
-index cfb5f115..986ff59b 100644
|
|
---- a/ssh-keygen.c
|
|
-+++ b/ssh-keygen.c
|
|
-@@ -2959,7 +2959,6 @@ do_download_sk(const char *skprovider, const char *device)
|
|
-
|
|
- if (skprovider == NULL)
|
|
- fatal("Cannot download keys without provider");
|
|
--
|
|
- pin = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN);
|
|
- if (!quiet) {
|
|
- printf("You may need to touch your authenticator "
|