[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 4/9] pkd: specify PubkeyAcceptedTypes for OpenSSH client

Subject: [PATCH 4/9] pkd: specify PubkeyAcceptedTypes for OpenSSH client
From: Jon Simons <jon@xxxxxxxxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Wed, 27 Jun 2018 22:43:46 -0700
To: libssh@xxxxxxxxxx
Cc: Jon Simons <jon@xxxxxxxxxxxxx>

As of OpenSSH 6.9, support for `ssh-dss` user keys is disabled by default
at runtime.  Specify an explicit `-o PubkeyAcceptedKeyTYpes` in the pkd
tests to explicitly enable each user key type being tested, including
`ssh-dss`.

Signed-off-by: Jon Simons <jon@xxxxxxxxxxxxx>
---
 tests/pkd/pkd_client.h | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/tests/pkd/pkd_client.h b/tests/pkd/pkd_client.h
index 13909a66..4f9b48b4 100644
--- a/tests/pkd/pkd_client.h
+++ b/tests/pkd/pkd_client.h
@@ -15,18 +15,23 @@
 #define OPENSSH_BINARY "ssh"
 #define OPENSSH_KEYGEN "ssh-keygen"
 
-#define OPENSSH_HOSTKEY_ALGOS_DEFAULT "ssh-rsa"
+#define OPENSSH_HOSTKEY_ALGOS_DEFAULT "ssh-ed25519,ssh-rsa"
+#define OPENSSH_PKACCEPTED_DEFAULT    "ssh-ed25519,ssh-rsa"
 
 #if       HAVE_ECC
 #define OPENSSH_HOSTKEY_ALGOS_ECDSA   ",ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521"
+#define OPENSSH_PKACCEPTED_ECDSA      ",ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521"
 #else  /* HAVE_ECC */
 #define OPENSSH_HOSTKEY_ALGOS_ECDSA   ""
+#define OPENSSH_PKACCEPTED_ECDSA      ""
 #endif /* HAVE_ECC */
 
 #if       HAVE_DSA
 #define OPENSSH_HOSTKEY_ALGOS_DSA     ",ssh-dss"
+#define OPENSSH_PKACCEPTED_DSA        ",ssh-dss"
 #else  /* HAVE_DSA */
 #define OPENSSH_HOSTKEY_ALGOS_DSA     ""
+#define OPENSSH_PKACCEPTED_DSA        ""
 #endif /* HAVE_DSA */
 
 #define OPENSSH_HOSTKEY_ALGOS \
@@ -35,11 +40,19 @@
   OPENSSH_HOSTKEY_ALGOS_ECDSA    \
   OPENSSH_HOSTKEY_ALGOS_DSA
 
+#define OPENSSH_PKACCEPTED_TYPES \
+  "-o PubkeyAcceptedKeyTypes="  \
+  OPENSSH_PKACCEPTED_DEFAULT    \
+  OPENSSH_PKACCEPTED_ECDSA      \
+  OPENSSH_PKACCEPTED_DSA
+
 #define OPENSSH_CMD_START \
     OPENSSH_BINARY " "                  \
     "-o UserKnownHostsFile=/dev/null "  \
     "-o StrictHostKeyChecking=no "      \
+    "-F /dev/null "                     \
     OPENSSH_HOSTKEY_ALGOS " "           \
+    OPENSSH_PKACCEPTED_TYPES " "        \
     "-i " CLIENT_ID_FILE " "            \
     "1> %s.out "                        \
     "2> %s.err "                        \
-- 
2.14.1

References:
[PATCH 0/9] pkd: fixups for the 0.8 release	Jon Simons <jon@xxxxxxxxxxxxx>

Archive administrator: postmaster@lists.cynapses.org