From 1268f0bcd8fc844ac6c27167888443c8350005eb Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 6 Sep 2019 04:24:06 +0000 Subject: upstream: Check for RSA support before using it for the user key, otherwise use ed25519 which is supported when built without OpenSSL. OpenBSD-Regress-ID: 3d23ddfe83c5062f00ac845d463f19a2ec78c0f7 --- regress/principals-command.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'regress/principals-command.sh') diff --git a/regress/principals-command.sh b/regress/principals-command.sh index 197c00021..7d380325b 100644 --- a/regress/principals-command.sh +++ b/regress/principals-command.sh @@ -1,4 +1,4 @@ -# $OpenBSD: principals-command.sh,v 1.6 2018/11/22 08:48:32 dtucker Exp $ +# $OpenBSD: principals-command.sh,v 1.7 2019/09/06 04:24:06 dtucker Exp $ # Placed in the Public Domain. tid="authorized principals command" @@ -12,12 +12,17 @@ if [ -z "$SUDO" -a ! -w /var/run ]; then exit 0 fi +case "`${SSH} -Q key-plain`" in + *ssh-rsa*) userkeytype=rsa ;; + *) userkeytype=ed25519 ;; +esac + SERIAL=$$ # Create a CA key and a user certificate. ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key || \ fatal "ssh-keygen of user_ca_key failed" -${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/cert_user_key || \ +${SSHKEYGEN} -q -N '' -t ${userkeytype} -f $OBJ/cert_user_key || \ fatal "ssh-keygen of cert_user_key failed" ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "Joanne User" \ -z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key || \ @@ -35,7 +40,7 @@ trap "$SUDO rm -f ${PRINCIPALS_COMMAND}" 0 cat << _EOF | $SUDO sh -c "cat > '$PRINCIPALS_COMMAND'" #!/bin/sh test "x\$1" != "x${LOGNAME}" && exit 1 -test "x\$2" != "xssh-rsa-cert-v01@openssh.com" && exit 1 +test "x\$2" != "xssh-${userkeytype}-cert-v01@openssh.com" && exit 1 test "x\$3" != "xssh-ed25519" && exit 1 test "x\$4" != "xJoanne User" && exit 1 test "x\$5" != "x${SERIAL}" && exit 1 -- cgit v1.2.3