[openssh-commits] [openssh] 01/02: upstream: Enable all supported hostkey algorithms (but no others).

git+noreply at mindrot.org git+noreply at mindrot.org
Sat Jan 8 19:04:37 AEDT 2022 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit 1a7c88e26fd673813dc5f61c4ac278564845e004
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Sat Jan 8 07:01:13 2022 +0000

    upstream: Enable all supported hostkey algorithms (but no others).
    
    Allows hostbased test to pass when built without OpenSSL.
    
    OpenBSD-Regress-ID: 5ddd677a68b672517e1e78460dc6ca2ccc0a9562
---
 regress/hostbased.sh | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/regress/hostbased.sh b/regress/hostbased.sh
index f62d6f5f..470bce88 100644
--- a/regress/hostbased.sh
+++ b/regress/hostbased.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: hostbased.sh,v 1.1 2022/01/06 21:46:56 dtucker Exp $
+#	$OpenBSD: hostbased.sh,v 1.2 2022/01/08 07:01:13 dtucker Exp $
 #	Placed in the Public Domain.
 
 # This test requires external setup and thus is skipped unless
@@ -18,20 +18,24 @@ elif [ -z "${SUDO}" ]; then
 	skip "SUDO not set"
 fi
 
+# Enable all supported hostkey algos (but no others)
+hostkeyalgos=`${SSH} -Q HostKeyAlgorithms | tr '\n' , | sed 's/,$//'`
+
 cat >>$OBJ/sshd_proxy <<EOD
 HostbasedAuthentication yes
-HostbasedAcceptedAlgorithms +ssh-rsa,ssh-dss
+HostbasedAcceptedAlgorithms $hostkeyalgos
 HostbasedUsesNameFromPacketOnly yes
-HostKeyAlgorithms +ssh-rsa,ssh-dss
+HostKeyAlgorithms $hostkeyalgos
 EOD
 
 cat >>$OBJ/ssh_proxy <<EOD
 HostbasedAuthentication yes
-HostKeyAlgorithms +ssh-rsa,ssh-dss
-HostbasedAcceptedAlgorithms +ssh-rsa,ssh-dss
+HostKeyAlgorithms $hostkeyalgos
+HostbasedAcceptedAlgorithms $hostkeyalgos
 PreferredAuthentications hostbased
 EOD
 
+set -x 
 algos=""
 for key in `${SUDO} ${SSHD} -T | awk '$1=="hostkey"{print $2}'`; do
 	case "`$SSHKEYGEN -l -f ${key}.pub`" in
@@ -41,7 +45,7 @@ for key in `${SUDO} ${SSHD} -T | awk '$1=="hostkey"{print $2}'`; do
 	*RSA*)		algos="$algos ssh-rsa rsa-sha2-256 rsa-sha2-512" ;;
 	*ED25519*)	algos="$algos ssh-ed25519" ;;
 	*DSA*)		algos="$algos ssh-dss" ;;
-	*) warn "unknown host key type $key" ;;
+	*) verbose "unknown host key type $key" ;;
 	esac
 done
 
@@ -54,9 +58,10 @@ for algo in $algos; do
 	SSH_CONNECTION=`${SSH} $opts localhost 'echo $SSH_CONNECTION'`
 	if [ $? -ne 0 ]; then
 		fail "connect failed, hostbased algo $algo"
-	fi
-	if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then
+	elif [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then
 		fail "hostbased algo $algo bad SSH_CONNECTION" \
 		    "$SSH_CONNECTION"
+	else
+		verbose "ok hostbased algo $algo"
 	fi
 done

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list