[openssh-commits] [openssh] 03/05: upstream: Rework dropbear key setup

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Jun 19 20:37:12 AEST 2024 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit dbd3b833f6e3815e58f2dc6e14f61a51bcd4d6bd
Author: dtucker at openbsd.org <dtucker at openbsd.org>
AuthorDate: Wed Jun 19 10:08:34 2024 +0000

    upstream: Rework dropbear key setup
    
    to always generate ed25519 keys, other types only if OpenSSH has support
    for the corresponding key type.
    
    OpenBSD-Regress-ID: 8f91f12604cddb9f8d93aa34f3f93a3f6074395d
---
 regress/test-exec.sh | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 2f6c1486..074f6dd9 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: test-exec.sh,v 1.117 2024/06/18 08:11:48 dtucker Exp $
+#	$OpenBSD: test-exec.sh,v 1.118 2024/06/19 10:08:34 dtucker Exp $
 #	Placed in the Public Domain.
 
 #SUDO=sudo
@@ -845,20 +845,28 @@ esac
 
 if test "$REGRESS_INTEROP_DROPBEAR" = "yes" ; then
 	trace Create dropbear keys and add to authorized_keys
-	kt="rsa ecdsa ed25519"
-	if $SSH -Q key-plain | grep ssh-dss >/dev/null; then
+	kt="ed25519"
+	if $SSH -Q key-plain | grep '^ssh-dss$' >/dev/null; then
 		kt="$kt dss"
 	fi
+	if $SSH -Q key-plain | grep '^ssh-rsa$' >/dev/null; then
+		kt="$kt rsa"
+	fi
+	if $SSH -Q key-plain | grep '^ecdsa-sha2' >/dev/null; then
+		kt="$kt ecdsa"
+	fi
 	mkdir -p $OBJ/.dropbear
-	for i in rsa ecdsa ed25519; do
+	for i in $kt; do
 		if [ ! -f "$OBJ/.dropbear/id_$i" ]; then
-			($DROPBEARKEY -t $i -f $OBJ/.dropbear/id_$i
-			$DROPBEARCONVERT dropbear openssh \
-			    $OBJ/.dropbear/id_$i $OBJ/.dropbear/ossh.id_$i
-			) > /dev/null 2>&1
+			verbose Create dropbear key type $i
+			$DROPBEARKEY -t $i -f $OBJ/.dropbear/id_$i \
+			    >/dev/null 2>&1
 		fi
+		$DROPBEARCONVERT dropbear openssh $OBJ/.dropbear/id_$i \
+		    $OBJ/.dropbear/ossh.id_$i >/dev/null 2>&1
 		$SSHKEYGEN -y -f $OBJ/.dropbear/ossh.id_$i \
 		   >>$OBJ/authorized_keys_$USER
+		rm -f $OBJ/.dropbear/id_$i.pub $OBJ/.dropbear/ossh.id_$i
 	done
 fi
 

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list