From 9beeab8a37a49a9e3ffb1972fff6621ee5bd7a71 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 25 Feb 2021 03:27:34 +0000 Subject: [PATCH] upstream: s/PubkeyAcceptedKeyTypes/PubkeyAcceptedAlgorithms/ OpenBSD-Regress-ID: 3dbc005fa29f69dc23d97e433b6dffed6fe7cb69 --- regress/agent.sh | 6 +++--- regress/cert-hostkey.sh | 6 +++--- regress/cert-userkey.sh | 22 +++++++++++----------- regress/keytype.sh | 6 +++--- regress/limit-keytype.sh | 18 +++++++++--------- 5 files changed, 29 insertions(+), 29 deletions(-) diff --git a/regress/agent.sh b/regress/agent.sh index a3ad1385f..f187b6757 100644 --- a/regress/agent.sh +++ b/regress/agent.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent.sh,v 1.19 2020/07/15 04:55:47 dtucker Exp $ +# $OpenBSD: agent.sh,v 1.20 2021/02/25 03:27:34 djm Exp $ # Placed in the Public Domain. tid="simple agent test" @@ -87,8 +87,8 @@ fi for t in ${SSH_KEYTYPES}; do trace "connect via agent using $t key" if [ "$t" = "ssh-dss" ]; then - echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/ssh_proxy - echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/sshd_proxy + echo "PubkeyAcceptedAlgorithms +ssh-dss" >> $OBJ/ssh_proxy + echo "PubkeyAcceptedAlgorithms +ssh-dss" >> $OBJ/sshd_proxy fi ${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \ somehost exit 52 diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 097bf8463..ebf6c9039 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-hostkey.sh,v 1.23 2020/01/03 03:02:26 djm Exp $ +# $OpenBSD: cert-hostkey.sh,v 1.24 2021/02/25 03:27:34 djm Exp $ # Placed in the Public Domain. tid="certified host keys" @@ -29,12 +29,12 @@ for i in `$SSH -Q key | maybe_filter_sk`; do done ( echo "HostKeyAlgorithms ${types}" - echo "PubkeyAcceptedKeyTypes *" + echo "PubkeyAcceptedAlgorithms *" ) >> $OBJ/ssh_proxy cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak ( echo "HostKeyAlgorithms *" - echo "PubkeyAcceptedKeyTypes *" + echo "PubkeyAcceptedAlgorithms *" ) >> $OBJ/sshd_proxy_bak HOSTS='localhost-with-alias,127.0.0.1,::1' diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 91596fa78..baa6903ea 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-userkey.sh,v 1.25 2020/01/03 03:02:26 djm Exp $ +# $OpenBSD: cert-userkey.sh,v 1.26 2021/02/25 03:27:34 djm Exp $ # Placed in the Public Domain. tid="certified user keys" @@ -71,11 +71,11 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do echo "AuthorizedPrincipalsFile " \ "$OBJ/authorized_principals_%u" echo "TrustedUserCAKeys $OBJ/user_ca_key.pub" - echo "PubkeyAcceptedKeyTypes ${t}" + echo "PubkeyAcceptedAlgorithms ${t}" ) > $OBJ/sshd_proxy ( cat $OBJ/ssh_proxy_bak - echo "PubkeyAcceptedKeyTypes ${t}" + echo "PubkeyAcceptedAlgorithms ${t}" ) > $OBJ/ssh_proxy # Missing authorized_principals @@ -149,11 +149,11 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do ( cat $OBJ/sshd_proxy_bak echo "UsePrivilegeSeparation $privsep" - echo "PubkeyAcceptedKeyTypes ${t}" + echo "PubkeyAcceptedAlgorithms ${t}" ) > $OBJ/sshd_proxy ( cat $OBJ/ssh_proxy_bak - echo "PubkeyAcceptedKeyTypes ${t}" + echo "PubkeyAcceptedAlgorithms ${t}" ) > $OBJ/ssh_proxy # Wrong principals list @@ -204,12 +204,12 @@ basic_tests() { ( cat $OBJ/sshd_proxy_bak echo "UsePrivilegeSeparation $privsep" - echo "PubkeyAcceptedKeyTypes ${t}" + echo "PubkeyAcceptedAlgorithms ${t}" echo "$extra_sshd" ) > $OBJ/sshd_proxy ( cat $OBJ/ssh_proxy_bak - echo "PubkeyAcceptedKeyTypes ${t}" + echo "PubkeyAcceptedAlgorithms ${t}" ) > $OBJ/ssh_proxy ${SSH} -i $OBJ/cert_user_key_${ktype} \ @@ -224,7 +224,7 @@ basic_tests() { cat $OBJ/sshd_proxy_bak echo "UsePrivilegeSeparation $privsep" echo "RevokedKeys $OBJ/cert_user_key_revoked" - echo "PubkeyAcceptedKeyTypes ${t}" + echo "PubkeyAcceptedAlgorithms ${t}" echo "$extra_sshd" ) > $OBJ/sshd_proxy cp $OBJ/cert_user_key_${ktype}.pub \ @@ -257,7 +257,7 @@ basic_tests() { ( cat $OBJ/sshd_proxy_bak echo "RevokedKeys $OBJ/user_ca_key.pub" - echo "PubkeyAcceptedKeyTypes ${t}" + echo "PubkeyAcceptedAlgorithms ${t}" echo "$extra_sshd" ) > $OBJ/sshd_proxy ${SSH} -i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \ @@ -270,7 +270,7 @@ basic_tests() { verbose "$tid: $auth CA does not authenticate" ( cat $OBJ/sshd_proxy_bak - echo "PubkeyAcceptedKeyTypes ${t}" + echo "PubkeyAcceptedAlgorithms ${t}" echo "$extra_sshd" ) > $OBJ/sshd_proxy verbose "$tid: ensure CA key does not authenticate user" @@ -308,7 +308,7 @@ test_one() { echo > $OBJ/authorized_keys_$USER echo "TrustedUserCAKeys $OBJ/user_ca_key.pub" \ >> $OBJ/sshd_proxy - echo "PubkeyAcceptedKeyTypes ${t}*" \ + echo "PubkeyAcceptedAlgorithms ${t}*" \ >> $OBJ/sshd_proxy if test "x$auth_opt" != "x" ; then echo $auth_opt >> $OBJ/sshd_proxy diff --git a/regress/keytype.sh b/regress/keytype.sh index 20a8ceaf2..f1c045183 100644 --- a/regress/keytype.sh +++ b/regress/keytype.sh @@ -1,4 +1,4 @@ -# $OpenBSD: keytype.sh,v 1.10 2019/12/16 02:39:05 djm Exp $ +# $OpenBSD: keytype.sh,v 1.11 2021/02/25 03:27:34 djm Exp $ # Placed in the Public Domain. tid="login with different key types" @@ -58,13 +58,13 @@ for ut in $ktypes; do ( grep -v HostKey $OBJ/sshd_proxy_bak echo HostKey $OBJ/key.$ht - echo PubkeyAcceptedKeyTypes $user_type + echo PubkeyAcceptedAlgorithms $user_type echo HostKeyAlgorithms $host_type ) > $OBJ/sshd_proxy ( grep -v IdentityFile $OBJ/ssh_proxy_bak echo IdentityFile $OBJ/key.$ut - echo PubkeyAcceptedKeyTypes $user_type + echo PubkeyAcceptedAlgorithms $user_type echo HostKeyAlgorithms $host_type ) > $OBJ/ssh_proxy ( diff --git a/regress/limit-keytype.sh b/regress/limit-keytype.sh index 010a88cd7..7127de007 100644 --- a/regress/limit-keytype.sh +++ b/regress/limit-keytype.sh @@ -1,4 +1,4 @@ -# $OpenBSD: limit-keytype.sh,v 1.9 2019/12/16 02:39:05 djm Exp $ +# $OpenBSD: limit-keytype.sh,v 1.10 2021/02/25 03:27:34 djm Exp $ # Placed in the Public Domain. tid="restrict pubkey type" @@ -69,7 +69,7 @@ prepare_config() { ) > $OBJ/sshd_proxy } -# Return the required parameter for PubkeyAcceptedKeyTypes corresponding to +# Return the required parameter for PubkeyAcceptedAlgorithms corresponding to # the supplied key type. keytype() { case "$1" in @@ -92,14 +92,14 @@ ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed" # Allow plain Ed25519 and RSA. The certificate should fail. verbose "allow $ktype2,$ktype1" prepare_config \ - "PubkeyAcceptedKeyTypes `keytype $ktype2`,`keytype $ktype1`" + "PubkeyAcceptedAlgorithms `keytype $ktype2`,`keytype $ktype1`" ${SSH} $certopts proxy true && fatal "cert succeeded" ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed" ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed" # Allow Ed25519 only. verbose "allow $ktype1" -prepare_config "PubkeyAcceptedKeyTypes `keytype $ktype1`" +prepare_config "PubkeyAcceptedAlgorithms `keytype $ktype1`" ${SSH} $certopts proxy true && fatal "cert succeeded" ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed" if [ "$ktype1" != "$ktype2" ]; then @@ -108,15 +108,15 @@ fi # Allow all certs. Plain keys should fail. verbose "allow cert only" -prepare_config "PubkeyAcceptedKeyTypes *-cert-v01@openssh.com" +prepare_config "PubkeyAcceptedAlgorithms *-cert-v01@openssh.com" ${SSH} $certopts proxy true || fatal "cert failed" ${SSH} $opts -i $OBJ/user_key1 proxy true && fatal "key1 succeeded" ${SSH} $opts -i $OBJ/user_key2 proxy true && fatal "key2 succeeded" # Allow RSA in main config, Ed25519 for non-existent user. verbose "match w/ no match" -prepare_config "PubkeyAcceptedKeyTypes `keytype $ktype2`" \ - "Match user x$USER" "PubkeyAcceptedKeyTypes +`keytype $ktype1`" +prepare_config "PubkeyAcceptedAlgorithms `keytype $ktype2`" \ + "Match user x$USER" "PubkeyAcceptedAlgorithms +`keytype $ktype1`" ${SSH} $certopts proxy true && fatal "cert succeeded" if [ "$ktype1" != "$ktype2" ]; then ${SSH} $opts -i $OBJ/user_key1 proxy true && fatal "key1 succeeded" @@ -125,8 +125,8 @@ ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed" # Allow only DSA in main config, Ed25519 for user. verbose "match w/ matching" -prepare_config "PubkeyAcceptedKeyTypes `keytype $ktype4`" \ - "Match user $USER" "PubkeyAcceptedKeyTypes +`keytype $ktype1`" +prepare_config "PubkeyAcceptedAlgorithms `keytype $ktype4`" \ + "Match user $USER" "PubkeyAcceptedAlgorithms +`keytype $ktype1`" ${SSH} $certopts proxy true || fatal "cert failed" ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed" ${SSH} $opts -i $OBJ/user_key4 proxy true && fatal "key4 succeeded"