On Wednesday, February 23, 2022 7:09 AM, Damien Miller <djm@xxxxxxxxxxxxxxx> wrote: <OpenSSH 8.9 has just been released. It will be available from the mirrors listed at https://urldefense.com/v3/__https://www.openssh.com/__;!!OToaGQ!8Cf0KPZ5tLwOiN5u2XUTZs2M3RI-4WweqkikJOlCHgDAnnS_4y14RrV9Wu4mI3-S8v8$ shortly. Running "make tests" revealed 2 "cert type" tests in "hostkey-agent.sh" script to fail. Those 2 tests are not present in RC from Feb. 11, where all tests passed successfully. Those failed tests are "sk-ssh-*" and "sk-ecdsa-*" below (4 lines with errors are shifted to the right in output below): ok restrict pubkey type run test hostkey-agent.sh ... key type ssh-ed25519 key type ssh-rsa key type ssh-dss key type ecdsa-sha2-nistp256 key type ecdsa-sha2-nistp384 key type ecdsa-sha2-nistp521 cert type ssh-ed25519-cert-v01@xxxxxxxxxxx cert type sk-ssh-ed25519-cert-v01@xxxxxxxxxxx cert type sk-ssh-ed25519-cert-v01@xxxxxxxxxxx failed bad SSH_CONNECTION key type sk-ssh-ed25519-cert-v01@xxxxxxxxxxx cert type ssh-rsa-cert-v01@xxxxxxxxxxx cert type rsa-sha2-256-cert-v01@xxxxxxxxxxx cert type rsa-sha2-512-cert-v01@xxxxxxxxxxx cert type ssh-dss-cert-v01@xxxxxxxxxxx cert type ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx cert type ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx cert type ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx cert type sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx cert type sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx failed bad SSH_CONNECTION key type sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx failed hostkey agent Re-tested release candidate from Feb. 11 and no "cert type sk-*" tests were found. Could it happened that the required priv/pub keys are missing in "./regress" subdir and this is why it says "bad key type" ? Filtering out those 2 cert types helped to pass all tests successfully. Thanks -- Val Baranov val.baranov@xxxxxxxx> _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
