upstream: Specify hostkeyalgorithms in SSHFP test.

Specify host key algorithms in sshd's default set for the SSHFP test, from djm@. Make the reason for when the test is skipped a bit clearer. OpenBSD-Regress-ID: 4f923dfc761480d5411de17ea6f0b30de3e32cea
2021-08-31 01:25:27 +00:00 · 2021-08-31 01:25:27 +00:00 · e47b82a7bf
parent 7db3e0a9e8
commit e47b82a7bf
1 changed files with 7 additions and 7 deletions
--- a/regress/sshfp-connect.sh
+++ b/regress/sshfp-connect.sh
@ -1,4 +1,4 @@
-#	$OpenBSD: sshfp-connect.sh,v 1.2 2021/07/19 08:48:33 dtucker Exp $
+#	$OpenBSD: sshfp-connect.sh,v 1.3 2021/08/31 01:25:27 dtucker Exp $
 #	Placed in the Public Domain.

 # This test requires external setup and thus is skipped unless
@ -24,9 +24,11 @@

 tid="sshfp connect"

-if [ ! -z "${TEST_SSH_SSHFP_DOMAIN}" ] && \
-    $SSH -Q key-plain | grep ssh-rsa >/dev/null; then
-
+if ! $SSH -Q key-plain | grep ssh-rsa >/dev/null; then
+	echo SKIPPED: RSA keys not supported.
+elif [ -z "${TEST_SSH_SSHFP_DOMAIN}" ]; then
+	echo SKIPPED: TEST_SSH_SSHFP_DOMAIN not set.
+else
 	# Set RSA host key to match fingerprints above.
 	mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig
 	$SUDO cp $SRC/rsa_openssh.prv $OBJ/host.ssh-rsa
@ -45,7 +47,7 @@ if [ ! -z "${TEST_SSH_SSHFP_DOMAIN}" ] && \
 		trace "sshfp connect $n good fingerprint"
 		host="${n}.dtucker.net"
 		opts="-F $OBJ/ssh_proxy -o VerifyHostKeyDNS=yes "
-		opts="$opts -o HostKeyAlgorithms=ssh-rsa"
+		opts="$opts -o HostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256"
 		host="${n}.${TEST_SSH_SSHFP_DOMAIN}"
 		SSH_CONNECTION=`${SSH} $opts $host 'echo $SSH_CONNECTION'`
 		if [ $? -ne 0 ]; then
@ -61,6 +63,4 @@ if [ ! -z "${TEST_SSH_SSHFP_DOMAIN}" ] && \
 			fail "sshfp-connect succeeded with bad SSHFP record"
 		fi
 	done
-else
-	echo SKIPPED: TEST_SSH_SSHFP_DOMAIN not set.
 fi