upstream: Specify hostkeyalgorithms in SSHFP test.

Specify host key algorithms in sshd's default set for the SSHFP test,
from djm@.  Make the reason for when the test is skipped a bit clearer.

OpenBSD-Regress-ID: 4f923dfc761480d5411de17ea6f0b30de3e32cea

1 files changed, 7 insertions, 7 deletions

diff --git a/regress/sshfp-connect.sh b/regress/sshfp-connect.sh
index 06e91cdbb..a6b6fab53 100644
--- a/regress/sshfp-connect.sh
+++ b/regress/sshfp-connect.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshfp-connect.sh,v 1.2 2021/07/19 08:48:33 dtucker Exp $
+#	$OpenBSD: sshfp-connect.sh,v 1.3 2021/08/31 01:25:27 dtucker Exp $
 #	Placed in the Public Domain.
 
 # This test requires external setup and thus is skipped unless
@@ -24,9 +24,11 @@
 
 tid="sshfp connect"
 
-if [ ! -z "${TEST_SSH_SSHFP_DOMAIN}" ] && \
-    $SSH -Q key-plain | grep ssh-rsa >/dev/null; then
-
+if ! $SSH -Q key-plain | grep ssh-rsa >/dev/null; then
+	echo SKIPPED: RSA keys not supported.
+elif [ -z "${TEST_SSH_SSHFP_DOMAIN}" ]; then
+	echo SKIPPED: TEST_SSH_SSHFP_DOMAIN not set.
+else
 	# Set RSA host key to match fingerprints above.
 	mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig
 	$SUDO cp $SRC/rsa_openssh.prv $OBJ/host.ssh-rsa
@@ -45,7 +47,7 @@ if [ ! -z "${TEST_SSH_SSHFP_DOMAIN}" ] && \
 		trace "sshfp connect $n good fingerprint"
 		host="${n}.dtucker.net"
 		opts="-F $OBJ/ssh_proxy -o VerifyHostKeyDNS=yes "
-		opts="$opts -o HostKeyAlgorithms=ssh-rsa"
+		opts="$opts -o HostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256"
 		host="${n}.${TEST_SSH_SSHFP_DOMAIN}"
 		SSH_CONNECTION=`${SSH} $opts $host 'echo $SSH_CONNECTION'`
 		if [ $? -ne 0 ]; then
@@ -61,6 +63,4 @@ if [ ! -z "${TEST_SSH_SSHFP_DOMAIN}" ] && \
 			fail "sshfp-connect succeeded with bad SSHFP record"
 		fi
 	done
-else
-	echo SKIPPED: TEST_SSH_SSHFP_DOMAIN not set.
 fi