upstream: Enable ssh-dss for the agent test. Disable it for the

certificate test.

OpenBSD-Regress-ID: 388c1e03e1def539d350f139b37d69f12334668d
This commit is contained in:
dtucker@openbsd.org 2019-01-28 00:12:36 +00:00 committed by Darren Tucker
parent ffdde469ed
commit e30d32364d
1 changed files with 6 additions and 1 deletions

View File

@ -1,4 +1,4 @@
# $OpenBSD: agent.sh,v 1.13 2017/12/19 00:49:30 djm Exp $ # $OpenBSD: agent.sh,v 1.14 2019/01/28 00:12:36 dtucker Exp $
# Placed in the Public Domain. # Placed in the Public Domain.
tid="simple agent test" tid="simple agent test"
@ -27,6 +27,9 @@ ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key \
trace "overwrite authorized keys" trace "overwrite authorized keys"
printf '' > $OBJ/authorized_keys_$USER printf '' > $OBJ/authorized_keys_$USER
echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/ssh_proxy
echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/sshd_proxy
for t in ${SSH_KEYTYPES}; do for t in ${SSH_KEYTYPES}; do
# generate user key for agent # generate user key for agent
rm -f $OBJ/$t-agent $OBJ/$t-agent.pub* rm -f $OBJ/$t-agent $OBJ/$t-agent.pub*
@ -96,6 +99,7 @@ fi
(printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \ (printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \
> $OBJ/authorized_keys_$USER > $OBJ/authorized_keys_$USER
for t in ${SSH_KEYTYPES}; do for t in ${SSH_KEYTYPES}; do
if [ "$t" != "ssh-dss" ]; then
trace "connect via agent using $t key" trace "connect via agent using $t key"
${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub \ ${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub \
-oCertificateFile=$OBJ/$t-agent-cert.pub \ -oCertificateFile=$OBJ/$t-agent-cert.pub \
@ -104,6 +108,7 @@ for t in ${SSH_KEYTYPES}; do
if [ $r -ne 52 ]; then if [ $r -ne 52 ]; then
fail "ssh connect with failed (exit code $r)" fail "ssh connect with failed (exit code $r)"
fi fi
fi
done done
trace "delete all agent keys" trace "delete all agent keys"