From 787a64939035e60358c7ff25df2e8da67928a823 Mon Sep 17 00:00:00 2001 From: Jon Simons Date: Fri, 15 Jun 2018 18:45:43 -0400 Subject: [PATCH] pkd: specify HostKeyAlgorithms for OpenSSH client As of OpenSSH 6.9, support for `ssh-dss` host keys is disabled by default at runtime. Specify an explicit `-o HostKeyAlgorithms` in the pkd tests to explicitly enable each host key type being tested, including `ssh-dss`. Signed-off-by: Jon Simons Reviewed-by: Andreas Schneider --- tests/pkd/pkd_client.h | 37 ++++++++++++++++++++++++++++++------- 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/tests/pkd/pkd_client.h b/tests/pkd/pkd_client.h index c4a8a601..13909a66 100644 --- a/tests/pkd/pkd_client.h +++ b/tests/pkd/pkd_client.h @@ -2,24 +2,47 @@ * pkd_client.h -- macros for generating client-specific command * invocations for use with pkd testing * - * (c) 2014 Jon Simons + * (c) 2014, 2018 Jon Simons */ #ifndef __PKD_CLIENT_H__ #define __PKD_CLIENT_H__ +#include "config.h" + /* OpenSSH */ #define OPENSSH_BINARY "ssh" #define OPENSSH_KEYGEN "ssh-keygen" +#define OPENSSH_HOSTKEY_ALGOS_DEFAULT "ssh-rsa" + +#if HAVE_ECC +#define OPENSSH_HOSTKEY_ALGOS_ECDSA ",ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521" +#else /* HAVE_ECC */ +#define OPENSSH_HOSTKEY_ALGOS_ECDSA "" +#endif /* HAVE_ECC */ + +#if HAVE_DSA +#define OPENSSH_HOSTKEY_ALGOS_DSA ",ssh-dss" +#else /* HAVE_DSA */ +#define OPENSSH_HOSTKEY_ALGOS_DSA "" +#endif /* HAVE_DSA */ + +#define OPENSSH_HOSTKEY_ALGOS \ + "-o HostKeyAlgorithms=" \ + OPENSSH_HOSTKEY_ALGOS_DEFAULT \ + OPENSSH_HOSTKEY_ALGOS_ECDSA \ + OPENSSH_HOSTKEY_ALGOS_DSA + #define OPENSSH_CMD_START \ - OPENSSH_BINARY " " \ - "-o UserKnownHostsFile=/dev/null " \ - "-o StrictHostKeyChecking=no " \ - "-i " CLIENT_ID_FILE " " \ - "1> %s.out " \ - "2> %s.err " \ + OPENSSH_BINARY " " \ + "-o UserKnownHostsFile=/dev/null " \ + "-o StrictHostKeyChecking=no " \ + OPENSSH_HOSTKEY_ALGOS " " \ + "-i " CLIENT_ID_FILE " " \ + "1> %s.out " \ + "2> %s.err " \ "-vvv " #define OPENSSH_CMD_END "-p 1234 localhost ls"