upstream: Only add ssh-dss to allowed key types if it's supported

by the binary. OpenBSD-Regress-ID: 395a54cab16e9e4ece9aec047ab257954eebd413
author: dtucker@openbsd.org <dtucker@openbsd.org> 2019-07-23 07:39:43 +0000
committer: Darren Tucker <dtucker@dtucker.net> 2019-07-23 22:51:22 +1000
commit: 7e66b7d98c6e3f48a1918c3e1940c9b11b10ec63 (patch)
tree: 27360f172ef363799d6c4200efd1454eddfe826c /regress
parent: fd0684b319e664d8821dc4ca3026126dfea3ccf4 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/regress/agent.sh b/regress/agent.sh
index 788b02064..48fa12b0e 100644
--- a/regress/agent.sh
+++ b/regress/agent.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: agent.sh,v 1.14 2019/01/28 00:12:36 dtucker Exp $
+#       $OpenBSD: agent.sh,v 1.15 2019/07/23 07:39:43 dtucker Exp $
 #       Placed in the Public Domain.
 tid="simple agent test"
@@ -27,9 +27,6 @@ ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key \
 trace "overwrite authorized keys"
 printf '' > $OBJ/authorized_keys_$USER
-echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/ssh_proxy
-echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/sshd_proxy
 for t in ${SSH_KEYTYPES}; do
        # generate user key for agent
        rm -f $OBJ/$t-agent $OBJ/$t-agent.pub*
@@ -75,6 +72,10 @@ fi
 for t in ${SSH_KEYTYPES}; do
        trace "connect via agent using $t key"
+        if [ "$t" = "ssh-dss" ]; then
+                echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/ssh_proxy
+                echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/sshd_proxy
+        fi
        ${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \
                somehost exit 52
        r=$?
author	dtucker@openbsd.org <dtucker@openbsd.org>	2019-07-23 07:39:43 +0000
committer	Darren Tucker <dtucker@dtucker.net>	2019-07-23 22:51:22 +1000
commit	7e66b7d98c6e3f48a1918c3e1940c9b11b10ec63 (patch)
tree	27360f172ef363799d6c4200efd1454eddfe826c /regress
parent	fd0684b319e664d8821dc4ca3026126dfea3ccf4 (diff)