diff options
| author | Nicola Murino <nicola.murino@gmail.com> | 2025-06-05 18:49:31 +0200 |
|---|---|---|
| committer | Filippo Valsorda <filippo@golang.org> | 2025-06-05 10:42:09 -0700 |
| commit | 3bf9d2afd4f01ad3d1f1e2e19ea6ee7ea27f8384 (patch) | |
| tree | 8e02010f4147555d0d9febe5fd3367fc245d511d /ssh/test | |
| parent | 9bab96736ccafb2ee12ac5f5ac3655c5491825dd (diff) | |
| download | go-x-crypto-3bf9d2afd4f01ad3d1f1e2e19ea6ee7ea27f8384.tar.xz | |
ssh/test: skip KEX test if unsupported by system SSH clientv0.39.0
Skip the key exchange test when using the system's ssh CLI if the
required KEX algorithm (e.g., mlkem768x25519-sha256) is not supported.
This is determined by running ssh -Q kex and checking for the presence
of the target algorithm.
Prevents false test failures in CI environments with older or limited
SSH implementations.
Cq-Include-Trybots: luci.golang.try:x_crypto-gotip-darwin-amd64-longtest,x_crypto-gotip-linux-amd64-longtest,x_crypto-gotip-windows-amd64-longtest
Change-Id: I3fac703ec70559e18b30d5fff88274335a7c3952
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/679195
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Diffstat (limited to 'ssh/test')
| -rw-r--r-- | ssh/test/sshcli_test.go | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/ssh/test/sshcli_test.go b/ssh/test/sshcli_test.go index 6648067..767dd6c 100644 --- a/ssh/test/sshcli_test.go +++ b/ssh/test/sshcli_test.go @@ -119,6 +119,14 @@ func TestSSHCLIKeyExchanges(t *testing.T) { keyExchanges := append(ssh.SupportedAlgorithms().KeyExchanges, ssh.InsecureAlgorithms().KeyExchanges...) for _, kex := range keyExchanges { t.Run(kex, func(t *testing.T) { + cmd := testenv.Command(t, sshCLI, "-Q", "kex") + out, err := cmd.CombinedOutput() + if err != nil { + t.Fatalf("%s failed to check if the KEX is supported, error: %v, command output %q", kex, err, string(out)) + } + if !bytes.Contains(out, []byte(kex)) { + t.Skipf("KEX %q is not supported in the installed ssh CLI", kex) + } config := &ssh.ServerConfig{ Config: ssh.Config{ KeyExchanges: []string{kex}, @@ -144,9 +152,9 @@ func TestSSHCLIKeyExchanges(t *testing.T) { t.Fatalf("unable to get server port: %v", err) } - cmd := testenv.Command(t, sshCLI, "-vvv", "-i", keyPrivPath, "-o", "StrictHostKeyChecking=no", + cmd = testenv.Command(t, sshCLI, "-vvv", "-i", keyPrivPath, "-o", "StrictHostKeyChecking=no", "-o", fmt.Sprintf("KexAlgorithms=%s", kex), "-p", port, "testpubkey@127.0.0.1", "true") - out, err := cmd.CombinedOutput() + out, err = cmd.CombinedOutput() if err != nil { t.Fatalf("%s failed, error: %v, command output %q", kex, err, string(out)) } |