ssh/test: enable Diffie-Hellman key exchange algorithms

drakkan · gopherbot · commit 88199028d729 · 2025-04-18T04:18:34.000-07:00
starting with OpenSSH 10, all Diffie-Hellman key exchange algorithms are disabled by default. To generate recordings, we must explicitly enable them. Change-Id: Icfbf46b30478f36d7040991e0f6324b9b4766aaf Reviewed-on: https://go-review.googlesource.com/c/crypto/+/665115 Reviewed-by: Filippo Valsorda <filippo@golang.org> Auto-Submit: Nicola Murino <nicola.murino@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Michael Pratt <mpratt@google.com>
diff --git a/ssh/test/recording_test.go b/ssh/test/recording_test.go
@@ -50,11 +50,11 @@ IgnoreRhosts yes
 RhostsRSAAuthentication no
 HostbasedAuthentication no
 PubkeyAcceptedKeyTypes=*
-# In recent OpenSSH versions, the 'diffie-hellman-group14-sha1'
-# algorithm is disabled by default. However, it remains part of
-# our default Key Exchange (KEX) configuration, so we explicitly
-# enable it to ensure compatibility for testing.
-KexAlgorithms +diffie-hellman-group14-sha1
+# In recent versions of OpenSSH, Diffie-Hellman key exchange algorithms
+# are disabled by default. However, they are still included in our default
+# Key Exchange (KEX) configuration. We explicitly enable them here to
+# maintain compatibility for our test cases.
+KexAlgorithms +diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256
 `
 	multiAuthSshdConfigTail = `
 UsePAM yes
