From: dtucker@openbsd.org Date: Wed, 19 Jun 2024 10:08:34 +0000 (+0000) Subject: upstream: Rework dropbear key setup X-Git-Tag: V_9_8_P1~23 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dbd3b833f6e3815e58f2dc6e14f61a51bcd4d6bd;p=thirdparty%2Fopenssh-portable.git upstream: Rework dropbear key setup to always generate ed25519 keys, other types only if OpenSSH has support for the corresponding key type. OpenBSD-Regress-ID: 8f91f12604cddb9f8d93aa34f3f93a3f6074395d --- diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 2f6c1486c..074f6dd96 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.117 2024/06/18 08:11:48 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.118 2024/06/19 10:08:34 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -845,20 +845,28 @@ esac if test "$REGRESS_INTEROP_DROPBEAR" = "yes" ; then trace Create dropbear keys and add to authorized_keys - kt="rsa ecdsa ed25519" - if $SSH -Q key-plain | grep ssh-dss >/dev/null; then + kt="ed25519" + if $SSH -Q key-plain | grep '^ssh-dss$' >/dev/null; then kt="$kt dss" fi + if $SSH -Q key-plain | grep '^ssh-rsa$' >/dev/null; then + kt="$kt rsa" + fi + if $SSH -Q key-plain | grep '^ecdsa-sha2' >/dev/null; then + kt="$kt ecdsa" + fi mkdir -p $OBJ/.dropbear - for i in rsa ecdsa ed25519; do + for i in $kt; do if [ ! -f "$OBJ/.dropbear/id_$i" ]; then - ($DROPBEARKEY -t $i -f $OBJ/.dropbear/id_$i - $DROPBEARCONVERT dropbear openssh \ - $OBJ/.dropbear/id_$i $OBJ/.dropbear/ossh.id_$i - ) > /dev/null 2>&1 + verbose Create dropbear key type $i + $DROPBEARKEY -t $i -f $OBJ/.dropbear/id_$i \ + >/dev/null 2>&1 fi + $DROPBEARCONVERT dropbear openssh $OBJ/.dropbear/id_$i \ + $OBJ/.dropbear/ossh.id_$i >/dev/null 2>&1 $SSHKEYGEN -y -f $OBJ/.dropbear/ossh.id_$i \ >>$OBJ/authorized_keys_$USER + rm -f $OBJ/.dropbear/id_$i.pub $OBJ/.dropbear/ossh.id_$i done fi