upstream: Only add ssh-dss to allowed key types if it's supported

by the binary.

OpenBSD-Regress-ID: 395a54cab16e9e4ece9aec047ab257954eebd413

1 files changed, 5 insertions, 4 deletions

diff --git a/regress/agent.sh b/regress/agent.sh
index 788b0206..48fa12b0 100644
--- a/regress/agent.sh
+++ b/regress/agent.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: agent.sh,v 1.14 2019/01/28 00:12:36 dtucker Exp $
+#	$OpenBSD: agent.sh,v 1.15 2019/07/23 07:39:43 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="simple agent test"
@@ -27,9 +27,6 @@ ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key \
 trace "overwrite authorized keys"
 printf '' > $OBJ/authorized_keys_$USER
 
-echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/ssh_proxy
-echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/sshd_proxy
-
 for t in ${SSH_KEYTYPES}; do
 	# generate user key for agent
 	rm -f $OBJ/$t-agent $OBJ/$t-agent.pub*
@@ -75,6 +72,10 @@ fi
 
 for t in ${SSH_KEYTYPES}; do
 	trace "connect via agent using $t key"
+	if [ "$t" = "ssh-dss" ]; then
+		echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/ssh_proxy
+		echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/sshd_proxy
+	fi
 	${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \
 		somehost exit 52
 	r=$?