From 3ad423c94d1c2bdd9e63ef215596c09005b9cc50 Mon Sep 17 00:00:00 2001 From: dtucker Date: Tue, 31 Aug 2021 06:13:23 +0000 Subject: [PATCH] When running PuTTY interop tests and using a PuTTY version older than 0.76, re-enable the ssh-rsa host key algorithm (the 256 and 512 variants of RSA were added some time between 0.73 and 0.76). --- regress/usr.bin/ssh/putty-ciphers.sh | 8 +++++++- regress/usr.bin/ssh/putty-kex.sh | 8 +++++++- regress/usr.bin/ssh/putty-transfer.sh | 8 +++++++- 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/regress/usr.bin/ssh/putty-ciphers.sh b/regress/usr.bin/ssh/putty-ciphers.sh index 620cc103d57..f26b7d8ce52 100644 --- a/regress/usr.bin/ssh/putty-ciphers.sh +++ b/regress/usr.bin/ssh/putty-ciphers.sh @@ -1,4 +1,4 @@ -# $OpenBSD: putty-ciphers.sh,v 1.7 2020/01/23 03:35:07 dtucker Exp $ +# $OpenBSD: putty-ciphers.sh,v 1.8 2021/08/31 06:13:23 dtucker Exp $ # Placed in the Public Domain. tid="putty ciphers" @@ -7,6 +7,12 @@ if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then fatal "putty interop tests not enabled" fi +# Re-enable ssh-rsa on older PuTTY versions. +oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`" +if [ "x$oldver" = "xyes" ]; then + echo "HostKeyalgorithms +ssh-rsa" >> sshd_config +fi + for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do verbose "$tid: cipher $c" cp ${OBJ}/.putty/sessions/localhost_proxy \ diff --git a/regress/usr.bin/ssh/putty-kex.sh b/regress/usr.bin/ssh/putty-kex.sh index ba6f5c2b3b1..87767793479 100644 --- a/regress/usr.bin/ssh/putty-kex.sh +++ b/regress/usr.bin/ssh/putty-kex.sh @@ -1,4 +1,4 @@ -# $OpenBSD: putty-kex.sh,v 1.5 2020/01/23 03:24:38 dtucker Exp $ +# $OpenBSD: putty-kex.sh,v 1.6 2021/08/31 06:13:23 dtucker Exp $ # Placed in the Public Domain. tid="putty KEX" @@ -7,6 +7,12 @@ if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then fatal "putty interop tests not enabled" fi +# Re-enable ssh-rsa on older PuTTY versions. +oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`" +if [ "x$oldver" = "xyes" ]; then + echo "HostKeyalgorithms +ssh-rsa" >> sshd_config +fi + for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ecdh ; do verbose "$tid: kex $k" cp ${OBJ}/.putty/sessions/localhost_proxy \ diff --git a/regress/usr.bin/ssh/putty-transfer.sh b/regress/usr.bin/ssh/putty-transfer.sh index ad297e9f78c..8d5c84f38bf 100644 --- a/regress/usr.bin/ssh/putty-transfer.sh +++ b/regress/usr.bin/ssh/putty-transfer.sh @@ -1,4 +1,4 @@ -# $OpenBSD: putty-transfer.sh,v 1.7 2020/01/23 11:19:12 dtucker Exp $ +# $OpenBSD: putty-transfer.sh,v 1.8 2021/08/31 06:13:23 dtucker Exp $ # Placed in the Public Domain. tid="putty transfer data" @@ -7,6 +7,12 @@ if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then fatal "putty interop tests not enabled" fi +# Re-enable ssh-rsa on older PuTTY versions. +oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`" +if [ "x$oldver" = "xyes" ]; then + echo "HostKeyalgorithms +ssh-rsa" >> sshd_config +fi + if [ "`${SSH} -Q compression`" = "none" ]; then comp="0" else -- 2.20.1