Take out the -a authorized_keys option

tmate-main.c

@@ -26,7 +26,6 @@ static char *cmdline_end;
 
 struct tmate_settings _tmate_settings = {
 	.keys_dir        	= TMATE_SSH_DEFAULT_KEYS_DIR,
-	.authorized_keys_path	= NULL,
 	.ssh_port        	= TMATE_SSH_DEFAULT_PORT,
 	.ssh_port_advertized    = -1,
 	.websocket_hostname  	= NULL,
@@ -52,7 +51,7 @@ void request_server_termination(void)
 
 static void usage(void)
 {
-	fprintf(stderr, "usage: tmate-ssh-server [-b ip] [-h hostname] [-k keys_dir] [-a authorized_keys_path] [-p listen_port] [-q ssh_port_advertized] [-w websocket_hostname] [-z websocket_port] [-x] [-s] [-v]\n");
+	fprintf(stderr, "usage: tmate-ssh-server [-b ip] [-h hostname] [-k keys_dir] [-p listen_port] [-q ssh_port_advertized] [-w websocket_hostname] [-z websocket_port] [-x] [-s] [-v]\n");
 }
 
 static char* get_full_hostname(void)
@@ -105,7 +104,7 @@ int main(int argc, char **argv, char **envp)
 {
 	int opt;
 
-	while ((opt = getopt(argc, argv, "b:h:k:a:p:q:w:z:xsv")) != -1) {
+	while ((opt = getopt(argc, argv, "b:h:k:p:q:w:z:xsv")) != -1) {
 		switch (opt) {
 		case 'b':
 			tmate_settings->bind_addr = xstrdup(optarg);
@@ -116,9 +115,6 @@ int main(int argc, char **argv, char **envp)
 		case 'k':
 			tmate_settings->keys_dir = xstrdup(optarg);
 			break;
-		case 'a':
-			tmate_settings->authorized_keys_path = xstrdup(optarg);
-			break;
 		case 'p':
 			tmate_settings->ssh_port = atoi(optarg);
 			break;

tmate-ssh-server.c

@@ -125,61 +125,6 @@ static ssh_channel channel_open_request_cb(ssh_session session, void *userdata)
 	return client->channel;
 }
 
-static int check_authorized_keys(struct ssh_key_struct *client_pubkey) {
-	#define MAX_PUBKEY_SIZE 0x4000
-
-	const char *authorized_keys_path = tmate_settings->authorized_keys_path;
-	const char *token_delim = " ";
-
-	FILE *file;
-	char key_buf[MAX_PUBKEY_SIZE], *key_type, *key_content;
-	enum ssh_keytypes_e type;
-	ssh_key pkey;
-
-	if (authorized_keys_path == NULL)
-		return SSH_AUTH_SUCCESS;
-
-	file = fopen(authorized_keys_path, "rb");
-	if (file == NULL) {
-		tmate_fatal("Could not open authorized_keys file: \"%s\"", authorized_keys_path);
-		return SSH_AUTH_DENIED;
-	}
-
-	while (fgets(key_buf, MAX_PUBKEY_SIZE, file)) {
-		if (key_buf[0] == '#' || key_buf[0] == '\0')
-			continue;
-
-		key_type = strtok(key_buf, token_delim);
-		if (key_type == NULL)
-			continue;
-
-		type = ssh_key_type_from_name(key_type);
-		if (type == SSH_KEYTYPE_UNKNOWN)
-			continue;
-
-		key_content = strtok(NULL, token_delim);
-		if (key_content == NULL)
-			continue;
-
-		pkey = ssh_key_new();
-		if (ssh_pki_import_pubkey_base64(key_content, type, &pkey) != SSH_OK) {
-			ssh_key_free(pkey);
-			continue;
-		}
-
-		if (!ssh_key_cmp(pkey, client_pubkey, SSH_KEY_CMP_PUBLIC)) {
-			ssh_key_free(pkey);
-			fclose(file);
-			return SSH_AUTH_SUCCESS;
-		}
-
-		ssh_key_free(pkey);
-	}
-
-	fclose(file);
-	return SSH_AUTH_DENIED;
-}
-
 static int auth_pubkey_cb(__unused ssh_session session,
 			  const char *user,
 			  struct ssh_key_struct *pubkey,
@@ -193,7 +138,7 @@ static int auth_pubkey_cb(__unused ssh_session session,
 		if (ssh_pki_export_pubkey_base64(pubkey, &client->pubkey) != SSH_OK)
 			tmate_fatal("error getting public key");
 
-		return check_authorized_keys(pubkey);
+		return SSH_AUTH_SUCCESS;
 	case SSH_PUBLICKEY_STATE_NONE:
 		return SSH_AUTH_SUCCESS;
 	default:
@@ -281,10 +226,8 @@ static void client_bootstrap(struct tmate_session *_session)
 	ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &grace_period);
 	ssh_options_set(session, SSH_OPTIONS_COMPRESSION, "yes");
 
-	unsigned int auth_flags = SSH_AUTH_METHOD_PUBLICKEY;
-	if (!tmate_settings->authorized_keys_path)
-		auth_flags |= SSH_AUTH_METHOD_NONE;
-	ssh_set_auth_methods(client->session, auth_flags);
+	ssh_set_auth_methods(client->session, SSH_AUTH_METHOD_NONE |
+					      SSH_AUTH_METHOD_PUBLICKEY);
 
 	tmate_debug("Exchanging DH keys");
 	if (ssh_handle_key_exchange(session) < 0)