[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 3/9] pkd: specify HostKeyAlgorithms for OpenSSH client

Subject: [PATCH 3/9] pkd: specify HostKeyAlgorithms for OpenSSH client
From: Jon Simons <jon@xxxxxxxxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Wed, 27 Jun 2018 22:43:45 -0700
To: libssh@xxxxxxxxxx
Cc: Jon Simons <jon@xxxxxxxxxxxxx>

As of OpenSSH 6.9, support for `ssh-dss` host keys is disabled by default
at runtime.  Specify an explicit `-o HostKeyAlgorithms` in the pkd tests
to explicitly enable each host key type being tested, including `ssh-dss`.

Signed-off-by: Jon Simons <jon@xxxxxxxxxxxxx>
---
 tests/pkd/pkd_client.h | 37 ++++++++++++++++++++++++++++++-------
 1 file changed, 30 insertions(+), 7 deletions(-)

diff --git a/tests/pkd/pkd_client.h b/tests/pkd/pkd_client.h
index c4a8a601..13909a66 100644
--- a/tests/pkd/pkd_client.h
+++ b/tests/pkd/pkd_client.h
@@ -2,24 +2,47 @@
  * pkd_client.h -- macros for generating client-specific command
  *                 invocations for use with pkd testing
  *
- * (c) 2014 Jon Simons
+ * (c) 2014, 2018 Jon Simons <jon@xxxxxxxxxxxxx>
  */
 
 #ifndef __PKD_CLIENT_H__
 #define __PKD_CLIENT_H__
 
+#include "config.h"
+
 /* OpenSSH */
 
 #define OPENSSH_BINARY "ssh"
 #define OPENSSH_KEYGEN "ssh-keygen"
 
+#define OPENSSH_HOSTKEY_ALGOS_DEFAULT "ssh-rsa"
+
+#if       HAVE_ECC
+#define OPENSSH_HOSTKEY_ALGOS_ECDSA   ",ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521"
+#else  /* HAVE_ECC */
+#define OPENSSH_HOSTKEY_ALGOS_ECDSA   ""
+#endif /* HAVE_ECC */
+
+#if       HAVE_DSA
+#define OPENSSH_HOSTKEY_ALGOS_DSA     ",ssh-dss"
+#else  /* HAVE_DSA */
+#define OPENSSH_HOSTKEY_ALGOS_DSA     ""
+#endif /* HAVE_DSA */
+
+#define OPENSSH_HOSTKEY_ALGOS \
+  "-o HostKeyAlgorithms="        \
+  OPENSSH_HOSTKEY_ALGOS_DEFAULT  \
+  OPENSSH_HOSTKEY_ALGOS_ECDSA    \
+  OPENSSH_HOSTKEY_ALGOS_DSA
+
 #define OPENSSH_CMD_START \
-    OPENSSH_BINARY " "                 \
-    "-o UserKnownHostsFile=/dev/null " \
-    "-o StrictHostKeyChecking=no "     \
-    "-i " CLIENT_ID_FILE " "           \
-    "1> %s.out "                       \
-    "2> %s.err "                       \
+    OPENSSH_BINARY " "                  \
+    "-o UserKnownHostsFile=/dev/null "  \
+    "-o StrictHostKeyChecking=no "      \
+    OPENSSH_HOSTKEY_ALGOS " "           \
+    "-i " CLIENT_ID_FILE " "            \
+    "1> %s.out "                        \
+    "2> %s.err "                        \
     "-vvv "
 
 #define OPENSSH_CMD_END "-p 1234 localhost ls"
-- 
2.14.1

References:
[PATCH 0/9] pkd: fixups for the 0.8 release	Jon Simons <jon@xxxxxxxxxxxxx>

Archive administrator: postmaster@lists.cynapses.org