go.crypto/ssh: let client accept DSA and ECDSA host key algorithms.

R=agl, dave, jpsugar, m4dh4tt3r, agl
CC=golang-dev
https://golang.org/cl/14420045

ssh/common.go

@@ -16,8 +16,6 @@ import (
 
 // These are string constants in the SSH protocol.
 const (
-	hostAlgoRSA     = "ssh-rsa"
-	hostAlgoDSA     = "ssh-dss"
 	compressionNone = "none"
 	serviceUserAuth = "ssh-userauth"
 	serviceSSH      = "ssh-connection"
@@ -28,7 +26,11 @@ var supportedKexAlgos = []string{
 	kexAlgoDH14SHA1, kexAlgoDH1SHA1,
 }
 
-var supportedHostKeyAlgos = []string{hostAlgoRSA}
+var supportedHostKeyAlgos = []string{
+	KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521,
+	KeyAlgoRSA, KeyAlgoDSA,
+}
+
 var supportedCompressions = []string{compressionNone}
 
 // hashFuncs keeps the mapping of supported algorithms to their respective

ssh/test/session_test.go

@@ -40,8 +40,10 @@ func TestHostKeyCheck(t *testing.T) {
 	conf := clientConfig()
 	k := conf.HostKeyChecker.(*storedHostKey)
 
-	// change the key.
-	k.keys["ssh-rsa"][25]++
+	// change the keys.
+	k.keys[ssh.KeyAlgoRSA][25]++
+	k.keys[ssh.KeyAlgoDSA][25]++
+	k.keys[ssh.KeyAlgoECDSA256][25]++
 
 	conn, err := server.TryDial(conf)
 	if err == nil {

ssh/test/test_unix_test.go

@@ -48,22 +48,32 @@ HostbasedAuthentication no
 `
 
 var (
-	configTmpl template.Template
-	privateKey ssh.Signer
-	hostKey    ssh.Signer
+	configTmpl   template.Template
+	privateKey   ssh.Signer
+	hostKeyRSA   ssh.Signer
+	hostKeyECDSA ssh.Signer
+	hostKeyDSA   ssh.Signer
 )
 
 func init() {
 	template.Must(configTmpl.Parse(sshd_config))
 
-	var err error
-	hostKey, err = ssh.ParsePrivateKey([]byte(keys["ssh_host_rsa_key"]))
-	if err != nil {
-		panic("ParsePrivateKey: " + err.Error())
+	for n, k := range map[string]*ssh.Signer{
+		"ssh_host_ecdsa_key": &hostKeyECDSA,
+		"ssh_host_rsa_key":   &hostKeyRSA,
+		"ssh_host_dsa_key":   &hostKeyDSA,
+	} {
+		var err error
+		*k, err = ssh.ParsePrivateKey([]byte(keys[n]))
+		if err != nil {
+			panic(fmt.Sprintf("ParsePrivateKey(%q): %v", n, err))
+		}
 	}
+
+	var err error
 	privateKey, err = ssh.ParsePrivateKey([]byte(testClientPrivateKey))
 	if err != nil {
-		panic("ParsePrivateKey: " + err.Error())
+		panic(fmt.Sprintf("ParsePrivateKey: %v", err))
 	}
 }
 
@@ -103,7 +113,7 @@ func (k *storedHostKey) Add(key ssh.PublicKey) {
 	if k.keys == nil {
 		k.keys = map[string][]byte{}
 	}
-	k.keys[key.PublicKeyAlgo()] = append([]byte(nil), ssh.MarshalPublicKey(key)...)
+	k.keys[key.PublicKeyAlgo()] = ssh.MarshalPublicKey(key)
 }
 
 func (k *storedHostKey) Check(addr string, remote net.Addr, algo string, key []byte) error {
@@ -115,7 +125,9 @@ func (k *storedHostKey) Check(addr string, remote net.Addr, algo string, key []b
 
 func clientConfig() *ssh.ClientConfig {
 	keyChecker := storedHostKey{}
-	keyChecker.Add(hostKey.PublicKey())
+	keyChecker.Add(hostKeyECDSA.PublicKey())
+	keyChecker.Add(hostKeyRSA.PublicKey())
+	keyChecker.Add(hostKeyDSA.PublicKey())
 
 	kc := new(keychain)
 	kc.keys = append(kc.keys, privateKey)