[openssh-commits] [openssh] 01/01: upstream: Specify hostkeyalgorithms in SSHFP test.

git+noreply at mindrot.org git+noreply at mindrot.org
Tue Aug 31 12:12:28 AEST 2021 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit e47b82a7bf51021afac218bf59a3be121827653d
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Tue Aug 31 01:25:27 2021 +0000

    upstream: Specify hostkeyalgorithms in SSHFP test.
    
    Specify host key algorithms in sshd's default set for the SSHFP test,
    from djm at .  Make the reason for when the test is skipped a bit clearer.
    
    OpenBSD-Regress-ID: 4f923dfc761480d5411de17ea6f0b30de3e32cea
---
 regress/sshfp-connect.sh | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/regress/sshfp-connect.sh b/regress/sshfp-connect.sh
index 06e91cdb..a6b6fab5 100644
--- a/regress/sshfp-connect.sh
+++ b/regress/sshfp-connect.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshfp-connect.sh,v 1.2 2021/07/19 08:48:33 dtucker Exp $
+#	$OpenBSD: sshfp-connect.sh,v 1.3 2021/08/31 01:25:27 dtucker Exp $
 #	Placed in the Public Domain.
 
 # This test requires external setup and thus is skipped unless
@@ -24,9 +24,11 @@
 
 tid="sshfp connect"
 
-if [ ! -z "${TEST_SSH_SSHFP_DOMAIN}" ] && \
-    $SSH -Q key-plain | grep ssh-rsa >/dev/null; then
-
+if ! $SSH -Q key-plain | grep ssh-rsa >/dev/null; then
+	echo SKIPPED: RSA keys not supported.
+elif [ -z "${TEST_SSH_SSHFP_DOMAIN}" ]; then
+	echo SKIPPED: TEST_SSH_SSHFP_DOMAIN not set.
+else
 	# Set RSA host key to match fingerprints above.
 	mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig
 	$SUDO cp $SRC/rsa_openssh.prv $OBJ/host.ssh-rsa
@@ -45,7 +47,7 @@ if [ ! -z "${TEST_SSH_SSHFP_DOMAIN}" ] && \
 		trace "sshfp connect $n good fingerprint"
 		host="${n}.dtucker.net"
 		opts="-F $OBJ/ssh_proxy -o VerifyHostKeyDNS=yes "
-		opts="$opts -o HostKeyAlgorithms=ssh-rsa"
+		opts="$opts -o HostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256"
 		host="${n}.${TEST_SSH_SSHFP_DOMAIN}"
 		SSH_CONNECTION=`${SSH} $opts $host 'echo $SSH_CONNECTION'`
 		if [ $? -ne 0 ]; then
@@ -61,6 +63,4 @@ if [ ! -z "${TEST_SSH_SSHFP_DOMAIN}" ] && \
 			fail "sshfp-connect succeeded with bad SSHFP record"
 		fi
 	done
-else
-	echo SKIPPED: TEST_SSH_SSHFP_DOMAIN not set.
 fi

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list