From 7e66b7d98c6e3f48a1918c3e1940c9b11b10ec63 Mon Sep 17 00:00:00 2001
From: "dtucker@openbsd.org" <dtucker@openbsd.org>
Date: Tue, 23 Jul 2019 07:39:43 +0000
Subject: upstream: Only add ssh-dss to allowed key types if it's supported

by the binary.

OpenBSD-Regress-ID: 395a54cab16e9e4ece9aec047ab257954eebd413
---
 regress/agent.sh | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/regress/agent.sh b/regress/agent.sh
index 788b02064..48fa12b0e 100644
--- a/regress/agent.sh
+++ b/regress/agent.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: agent.sh,v 1.14 2019/01/28 00:12:36 dtucker Exp $
+#	$OpenBSD: agent.sh,v 1.15 2019/07/23 07:39:43 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="simple agent test"
@@ -27,9 +27,6 @@ ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key \
 trace "overwrite authorized keys"
 printf '' > $OBJ/authorized_keys_$USER
 
-echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/ssh_proxy
-echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/sshd_proxy
-
 for t in ${SSH_KEYTYPES}; do
 	# generate user key for agent
 	rm -f $OBJ/$t-agent $OBJ/$t-agent.pub*
@@ -75,6 +72,10 @@ fi
 
 for t in ${SSH_KEYTYPES}; do
 	trace "connect via agent using $t key"
+	if [ "$t" = "ssh-dss" ]; then
+		echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/ssh_proxy
+		echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/sshd_proxy
+	fi
 	${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \
 		somehost exit 52
 	r=$?
-- 
cgit v1.2.3