Specify hostkeyalgorithms in sshd's default set for the SSHFP test,

from djm@.  Make the reason for when the test is skipped a bit clearer.

diff --git a/regress/usr.bin/ssh/sshfp-connect.sh b/regress/usr.bin/ssh/sshfp-connect.sh
index 06e91cd..a6b6fab 100644 (file)
--- a/regress/usr.bin/ssh/sshfp-connect.sh
+++ b/regress/usr.bin/ssh/sshfp-connect.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: sshfp-connect.sh,v 1.2 2021/07/19 08:48:33 dtucker Exp $
+#      $OpenBSD: sshfp-connect.sh,v 1.3 2021/08/31 01:25:27 dtucker Exp $
 #      Placed in the Public Domain.
 
 # This test requires external setup and thus is skipped unless
@@ -24,9 +24,11 @@
 
 tid="sshfp connect"
 
-if [ ! -z "${TEST_SSH_SSHFP_DOMAIN}" ] && \
-    $SSH -Q key-plain | grep ssh-rsa >/dev/null; then
-
+if ! $SSH -Q key-plain | grep ssh-rsa >/dev/null; then
+       echo SKIPPED: RSA keys not supported.
+elif [ -z "${TEST_SSH_SSHFP_DOMAIN}" ]; then
+       echo SKIPPED: TEST_SSH_SSHFP_DOMAIN not set.
+else
        # Set RSA host key to match fingerprints above.
        mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig
        $SUDO cp $SRC/rsa_openssh.prv $OBJ/host.ssh-rsa
@@ -45,7 +47,7 @@ if [ ! -z "${TEST_SSH_SSHFP_DOMAIN}" ] && \
                trace "sshfp connect $n good fingerprint"
                host="${n}.dtucker.net"
                opts="-F $OBJ/ssh_proxy -o VerifyHostKeyDNS=yes "
-               opts="$opts -o HostKeyAlgorithms=ssh-rsa"
+               opts="$opts -o HostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256"
                host="${n}.${TEST_SSH_SSHFP_DOMAIN}"
                SSH_CONNECTION=`${SSH} $opts $host 'echo $SSH_CONNECTION'`
                if [ $? -ne 0 ]; then
@@ -61,6 +63,4 @@ if [ ! -z "${TEST_SSH_SSHFP_DOMAIN}" ] && \
                        fail "sshfp-connect succeeded with bad SSHFP record"
                fi
        done
-else
-       echo SKIPPED: TEST_SSH_SSHFP_DOMAIN not set.
 fi