From e47b82a7bf51021afac218bf59a3be121827653d Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Tue, 31 Aug 2021 01:25:27 +0000 Subject: [PATCH] upstream: Specify hostkeyalgorithms in SSHFP test. Specify host key algorithms in sshd's default set for the SSHFP test, from djm@. Make the reason for when the test is skipped a bit clearer. OpenBSD-Regress-ID: 4f923dfc761480d5411de17ea6f0b30de3e32cea --- regress/sshfp-connect.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/regress/sshfp-connect.sh b/regress/sshfp-connect.sh index 06e91cdbb..a6b6fab53 100644 --- a/regress/sshfp-connect.sh +++ b/regress/sshfp-connect.sh @@ -1,4 +1,4 @@ -# $OpenBSD: sshfp-connect.sh,v 1.2 2021/07/19 08:48:33 dtucker Exp $ +# $OpenBSD: sshfp-connect.sh,v 1.3 2021/08/31 01:25:27 dtucker Exp $ # Placed in the Public Domain. # This test requires external setup and thus is skipped unless @@ -24,9 +24,11 @@ tid="sshfp connect" -if [ ! -z "${TEST_SSH_SSHFP_DOMAIN}" ] && \ - $SSH -Q key-plain | grep ssh-rsa >/dev/null; then - +if ! $SSH -Q key-plain | grep ssh-rsa >/dev/null; then + echo SKIPPED: RSA keys not supported. +elif [ -z "${TEST_SSH_SSHFP_DOMAIN}" ]; then + echo SKIPPED: TEST_SSH_SSHFP_DOMAIN not set. +else # Set RSA host key to match fingerprints above. mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig $SUDO cp $SRC/rsa_openssh.prv $OBJ/host.ssh-rsa @@ -45,7 +47,7 @@ if [ ! -z "${TEST_SSH_SSHFP_DOMAIN}" ] && \ trace "sshfp connect $n good fingerprint" host="${n}.dtucker.net" opts="-F $OBJ/ssh_proxy -o VerifyHostKeyDNS=yes " - opts="$opts -o HostKeyAlgorithms=ssh-rsa" + opts="$opts -o HostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256" host="${n}.${TEST_SSH_SSHFP_DOMAIN}" SSH_CONNECTION=`${SSH} $opts $host 'echo $SSH_CONNECTION'` if [ $? -ne 0 ]; then @@ -61,6 +63,4 @@ if [ ! -z "${TEST_SSH_SSHFP_DOMAIN}" ] && \ fail "sshfp-connect succeeded with bad SSHFP record" fi done -else - echo SKIPPED: TEST_SSH_SSHFP_DOMAIN not set. fi