From 86e2a00ab4bfcba7288263b29abdcbd8f2b1e914 Mon Sep 17 00:00:00 2001
From: Eugenio Paolantonio <eugenio.paolantonio@suse.com>
Date: Fri, 23 Feb 2024 18:15:47 +0100
Subject: [PATCH] console/sshd: ensure known host keys don't get dropped

Since OpenSSH 8.5 [0], UpdateHostKeys is enabled by default on
the ssh client configuration.

Calling the ssh client with -o HostKeyAlgorithms=<single_algorithm>
would then drop the other, now "foreign" algorithms from
~/.ssh/known_hosts, making the subsequent HostKeyAlgorithms tests
fail.

This commit fixes that by adding -o UpdateHostKeys=no on the
test command, so that the ssh client will not try to change
the known_hosts file anymore.

[0] https://www.openssh.com/txt/release-8.5

Signed-off-by: Eugenio Paolantonio <eugenio.paolantonio@suse.com>
---
 tests/console/sshd.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/console/sshd.pm b/tests/console/sshd.pm
index ee61bb7abc9e..3ee548512f31 100644
--- a/tests/console/sshd.pm
+++ b/tests/console/sshd.pm
@@ -76,7 +76,7 @@ sub test_cryptographic_policies() {
     # TODO: This does not work for Tumbleweed because of nmap
     # See pull request #11930 for more details
     my @crypto_params = (["Ciphers", "cipher", "-c "], ["KexAlgorithms", "kex", "-o kexalgorithms="], ["MACS", "mac", "-m "]);
-    push(@crypto_params, ["HostKeyAlgorithms", "key", "-o HostKeyAlgorithms="]) unless (is_opensuse);
+    push(@crypto_params, ["HostKeyAlgorithms", "key", "-o UpdateHostKeys=no -o HostKeyAlgorithms="]) unless (is_opensuse);
     my @policies;
 
     # Create an array of the different cryptographic policies that will be tested