ssh/test: enable Diffie-Hellman key exchange algorithms

starting with OpenSSH 10, all Diffie-Hellman key exchange algorithms
are disabled by default. To generate recordings, we must explicitly
enable them.

Change-Id: Icfbf46b30478f36d7040991e0f6324b9b4766aaf
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/665115
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Michael Pratt <mpratt@google.com>

1 files changed, 5 insertions, 5 deletions

diff --git a/ssh/test/recording_test.go b/ssh/test/recording_test.go
index 8695439..25590a2 100644
--- a/ssh/test/recording_test.go
+++ b/ssh/test/recording_test.go
@@ -50,11 +50,11 @@ IgnoreRhosts yes
 RhostsRSAAuthentication no
 HostbasedAuthentication no
 PubkeyAcceptedKeyTypes=*
-# In recent OpenSSH versions, the 'diffie-hellman-group14-sha1'
-# algorithm is disabled by default. However, it remains part of
-# our default Key Exchange (KEX) configuration, so we explicitly
-# enable it to ensure compatibility for testing.
-KexAlgorithms +diffie-hellman-group14-sha1
+# In recent versions of OpenSSH, Diffie-Hellman key exchange algorithms
+# are disabled by default. However, they are still included in our default
+# Key Exchange (KEX) configuration. We explicitly enable them here to
+# maintain compatibility for our test cases.
+KexAlgorithms +diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256
 `
 	multiAuthSshdConfigTail = `
 UsePAM yes