From 5d87ccae454b9c8867478788f97c885ac8188ddc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mikl=C3=B3s=20Fazekas?= <mfazekas@szemafor.com>
Date: Fri, 6 Aug 2021 08:40:07 +0200
Subject: Accept all cert host key algs

---
 .rubocop.yml                            |  5 +++++
 Gemfile                                 |  1 -
 lib/net/ssh/known_hosts.rb              |  3 +++
 test/integration/test_cert_host_auth.rb | 18 +++++++++++-------
 4 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/.rubocop.yml b/.rubocop.yml
index 973c53d..d80105c 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -1,3 +1,8 @@
+AllCops:
+  Exclude:
+    - 'tryout/**/*'
+  NewCops: enable
+
 inherit_from: .rubocop_todo.yml
 
 Style/DoubleNegation:
diff --git a/Gemfile b/Gemfile
index f3450cd..a328e11 100644
--- a/Gemfile
+++ b/Gemfile
@@ -8,7 +8,6 @@ gem 'byebug', group: %i[development test] if !Gem.win_platform? && RUBY_ENGINE =
 if ENV["CI"]
   gem 'codecov', require: false, group: :test
   gem 'simplecov', require: false, group: :test
-  gem 'x25519', github: 'RubyCrypto/x25519', ref: '60c0f2913460c7b13b516e4e887a5517a2bd9edd'
 end
 
 gem 'webrick', group: %i[development test] if RUBY_VERSION.split(".")[0].to_i >= 3
diff --git a/lib/net/ssh/known_hosts.rb b/lib/net/ssh/known_hosts.rb
index fddbffd..b52bc6a 100644
--- a/lib/net/ssh/known_hosts.rb
+++ b/lib/net/ssh/known_hosts.rb
@@ -43,6 +43,9 @@ module Net
             ecdsa-sha2-nistp256-cert-v01@openssh.com
             ecdsa-sha2-nistp384-cert-v01@openssh.com
             ecdsa-sha2-nistp521-cert-v01@openssh.com
+            ssh-ed25519-cert-v01@openssh.com
+            ssh-rsa-cert-v01@openssh.com
+            ssh-rsa-cert-v00@openssh.com
           ]
         end
 
diff --git a/test/integration/test_cert_host_auth.rb b/test/integration/test_cert_host_auth.rb
index 7bae3a9..fee5b2b 100644
--- a/test/integration/test_cert_host_auth.rb
+++ b/test/integration/test_cert_host_auth.rb
@@ -13,23 +13,27 @@ class TestCertHostAuth < NetSSHTest
 
   def setup_ssh_env(&block)
     tmpdir do |dir|
+      cert_type = "rsa"
+      # cert_type = "ssh-ed25519"
+      host_key_type = "ecdsa"
+      # host_key_type = "ed25519"
+
       # create a cert, and sign the host key
       @cert = "#{dir}/ca"
       sh "rm -rf #{@cert} #{@cert}.pub"
-      sh "ssh-keygen -t rsa -N '' -C 'ca@hosts.netssh' -f #{@cert}"
-      FileUtils.cp "/etc/ssh/ssh_host_ecdsa_key.pub", "#{dir}/one.hosts.netssh.pub"
+      sh "ssh-keygen -t #{cert_type} -N '' -C 'ca@hosts.netssh' -f #{@cert} #{debug ? '' : '-q'}"
+      FileUtils.cp "/etc/ssh/ssh_host_#{host_key_type}_key.pub", "#{dir}/one.hosts.netssh.pub"
       Dir.chdir(dir) do
-        sh "ssh-keygen -s #{@cert} -h -I one.hosts.netssh -n one.hosts.netssh #{dir}/one.hosts.netssh.pub"
-        sh "ssh-keygen -L -f one.hosts.netssh-cert.pub"
+        sh "ssh-keygen -s #{@cert} -h -I one.hosts.netssh -n one.hosts.netssh #{debug ? '' : '-q'} #{dir}/one.hosts.netssh.pub"
+        sh "ssh-keygen -L -f one.hosts.netssh-cert.pub" if debug
       end
-      signed_host_key = "/etc/ssh/ssh_host_ecdsa_key-cert.pub"
+      signed_host_key = "/etc/ssh/ssh_host_#{host_key_type}_key-cert.pub"
       sh "sudo cp -f #{dir}/one.hosts.netssh-cert.pub #{signed_host_key}"
 
       # we don't use this for signing the cert
       @badcert = "#{dir}/badca"
       sh "rm -rf #{@badcert} #{@badcert}.pub"
-      sh "ssh-keygen -t rsa -N '' -C 'ca@hosts.netssh' -f #{@badcert}"
-
+      sh "ssh-keygen -t #{cert_type} -N '' -C 'ca@hosts.netssh' -f #{@badcert} #{debug ? '' : '-q'}"
       yield(cert_pub: "#{@cert}.pub", badcert_pub: "#{@badcert}.pub", signed_host_key: signed_host_key)
     end
   end
-- 
cgit v1.2.1