upstream: remove DSA from the regression/unit test suite too.

OpenBSD-Regress-ID: 4424d2eaf0bce3887318ef6d18de6c06f3617d6e

Author: djmdjm

INSTALL

@@ -245,7 +245,7 @@ manually using the following commands:
 
     ssh-keygen -t [type] -f /etc/ssh/ssh_host_key -N ""
 
-for each of the types you wish to generate (rsa, dsa or ecdsa) or
+for each of the types you wish to generate (rsa, ed25519 or ecdsa) or
 
     ssh-keygen -A
 

Makefile.in

@@ -194,7 +194,6 @@ PATHSUBS	= \
 	-e 's|/etc/shosts.equiv|$(sysconfdir)/shosts.equiv|g' \
 	-e 's|/etc/ssh/ssh_host_key|$(sysconfdir)/ssh_host_key|g' \
 	-e 's|/etc/ssh/ssh_host_ecdsa_key|$(sysconfdir)/ssh_host_ecdsa_key|g' \
-	-e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \
 	-e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \
 	-e 's|/etc/ssh/ssh_host_ed25519_key|$(sysconfdir)/ssh_host_ed25519_key|g' \
 	-e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \
@@ -494,7 +493,6 @@ host-key: ssh-keygen$(EXEEXT)
 	fi
 
 host-key-force: ssh-keygen$(EXEEXT) ssh$(EXEEXT)
-	./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N ""
 	./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N ""
 	./ssh-keygen -t ed25519 -f $(DESTDIR)$(sysconfdir)/ssh_host_ed25519_key -N ""
 	if ./ssh -Q key | grep ecdsa >/dev/null ; then \

contrib/redhat/openssh.spec

@@ -281,20 +281,6 @@ if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then
 	touch /var/run/sshd.restart
 fi
 
-%triggerun server -- openssh-server < 2.5.0p1
-# Count the number of HostKey and HostDsaKey statements we have.
-gawk	'BEGIN {IGNORECASE=1}
-	 /^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1}
-	 END {exit sawhostkey}' /etc/ssh/sshd_config
-# And if we only found one, we know the client was relying on the old default
-# behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't
-# specified.  Now that HostKey is used for both SSH1 and SSH2 keys, specifying
-# one nullifies the default, which would have loaded both.
-if [ $? -eq 1 ] ; then
-	echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config
-	echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config
-fi
-
 %triggerpostun server -- ssh-server
 if [ "$1" != 0 ] ; then
 	/sbin/chkconfig --add sshd

contrib/redhat/sshd.init

@@ -41,7 +41,7 @@ start()
 	/usr/bin/ssh-keygen -A
 	if [ -x /sbin/restorecon ]; then
 		/sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub
-		/sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub
+		/sbin/restorecon /etc/ssh/ssh_host_ed25519_key.pub
 		/sbin/restorecon /etc/ssh/ssh_host_ecdsa_key.pub
 	fi
 

openbsd-compat/openssl-compat.h

@@ -24,7 +24,6 @@
 #include <openssl/crypto.h>
 #include <openssl/evp.h>
 #include <openssl/rsa.h>
-#include <openssl/dsa.h>
 #ifdef OPENSSL_HAS_ECC
 #include <openssl/ecdsa.h>
 #endif

regress/Makefile

@@ -2,7 +2,7 @@
 
 tests:		prep file-tests t-exec unit
 
-REGRESS_TARGETS=	t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12
+REGRESS_TARGETS=	t1 t2 t3 t4 t5 t7 t9 t10 t11 t12
 
 # File based tests
 file-tests: $(REGRESS_TARGETS)
@@ -130,9 +130,9 @@ CLEANFILES=	*.core actual agent-key.* authorized_keys_${USERNAME} \
 		ed25519-agent.pub ed25519 ed25519.pub empty.in \
 		expect failed-regress.log failed-ssh.log failed-sshd.log \
 		hkr.* host.ecdsa-sha2-nistp256 host.ecdsa-sha2-nistp384 \
-		host.ecdsa-sha2-nistp521 host.ssh-dss host.ssh-ed25519 \
+		host.ecdsa-sha2-nistp521 host.ssh-ed25519 \
 		host.ssh-rsa host_ca_key* host_krl_* host_revoked_* key.* \
-		key.dsa-* key.ecdsa-* key.ed25519-512 \
+		key.ecdsa-* key.ed25519-512 \
 		key.ed25519-512.pub key.rsa-* keys-command-args kh.* askpass \
 		known_hosts known_hosts-cert known_hosts.* krl-* ls.copy \
 		modpipe netcat no_identity_config \
@@ -191,36 +191,18 @@ t5:
 		${TEST_SSH_SSHKEYGEN} -Bf ${.CURDIR}/rsa_openssh.pub |\
 			awk '{print $$2}' | diff - ${.CURDIR}/t5.ok ; \
 	fi
-t6:
-	set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \
-		${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.prv > $(OBJ)/t6.out1 ; \
-		${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.pub > $(OBJ)/t6.out2 ; \
-		chmod 600 $(OBJ)/t6.out1 ; \
-		${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t6.out1 | diff - $(OBJ)/t6.out2 ; \
-	fi
 
 $(OBJ)/t7.out:
-	set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \
+	set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \
 		${TEST_SSH_SSHKEYGEN} -q -t rsa -N '' -f $@ ; \
 	fi
 
 t7: $(OBJ)/t7.out
-	set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \
+	set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \
 		${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t7.out > /dev/null ; \
 		${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t7.out > /dev/null ; \
 	fi
 
-$(OBJ)/t8.out:
-	set -xe ; if ssh -Q key | grep -q "^ssh-dss" ; then \
-		${TEST_SSH_SSHKEYGEN} -q -t dsa -N '' -f $@ ; \
-	fi
-
-t8: $(OBJ)/t8.out
-	set -xe ; if ssh -Q key | grep -q "^ssh-dss" ; then \
-		${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t8.out > /dev/null ; \
-		${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t8.out > /dev/null ; \
-	fi
-
 $(OBJ)/t9.out:
 	! ${TEST_SSH_SSH} -Q key-plain | grep ecdsa >/dev/null || \
 	${TEST_SSH_SSHKEYGEN} -q -t ecdsa -N '' -f $@
@@ -240,7 +222,7 @@ t10: $(OBJ)/t10.out
 	${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t10.out > /dev/null
 
 t11:
-	set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \
+	set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \
 		${TEST_SSH_SSHKEYGEN} -E sha256 -lf ${.CURDIR}/rsa_openssh.pub |\
 			awk '{print $$2}' | diff - ${.CURDIR}/t11.ok ; \
 	fi

regress/agent.sh

@@ -1,4 +1,4 @@
-#	$OpenBSD: agent.sh,v 1.22 2024/10/24 03:28:34 djm Exp $
+#	$OpenBSD: agent.sh,v 1.23 2025/05/06 06:05:48 djm Exp $
 #	Placed in the Public Domain.
 
 tid="simple agent test"
@@ -86,10 +86,6 @@ fi
 
 for t in ${SSH_KEYTYPES}; do
 	trace "connect via agent using $t key"
-	if [ "$t" = "ssh-dss" ]; then
-		echo "PubkeyAcceptedAlgorithms +ssh-dss" >> $OBJ/ssh_proxy
-		echo "PubkeyAcceptedAlgorithms +ssh-dss" >> $OBJ/sshd_proxy
-	fi
 	${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \
 		somehost exit 52
 	r=$?
@@ -143,7 +139,6 @@ fi
 (printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \
 	> $OBJ/authorized_keys_$USER
 for t in ${SSH_KEYTYPES}; do
-    if [ "$t" != "ssh-dss" ]; then
 	trace "connect via agent using $t key"
 	${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub \
 		-oCertificateFile=$OBJ/$t-agent-cert.pub \
@@ -152,7 +147,6 @@ for t in ${SSH_KEYTYPES}; do
 	if [ $r -ne 52 ]; then
 		fail "ssh connect with failed (exit code $r)"
 	fi
-    fi
 done
 
 ## Deletion tests.

regress/cert-hostkey.sh

@@ -1,4 +1,4 @@
-#	$OpenBSD: cert-hostkey.sh,v 1.27 2021/09/30 05:26:26 dtucker Exp $
+#	$OpenBSD: cert-hostkey.sh,v 1.28 2025/05/06 06:05:48 djm Exp $
 #	Placed in the Public Domain.
 
 tid="certified host keys"
@@ -70,7 +70,7 @@ touch $OBJ/host_revoked_plain
 touch $OBJ/host_revoked_cert
 cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca
 
-PLAIN_TYPES=`echo "$SSH_KEYTYPES" | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'`
+PLAIN_TYPES=`echo "$SSH_KEYTYPES" | sed 's/^ssh-//'`
 
 if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then
 	PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512"

regress/cert-userkey.sh

@@ -1,4 +1,4 @@
-#	$OpenBSD: cert-userkey.sh,v 1.29 2024/12/06 16:25:58 djm Exp $
+#	$OpenBSD: cert-userkey.sh,v 1.30 2025/05/06 06:05:48 djm Exp $
 #	Placed in the Public Domain.
 
 tid="certified user keys"
@@ -10,7 +10,7 @@ cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
 grep -v AuthorizedKeysFile $OBJ/sshd_proxy > $OBJ/sshd_proxy_bak
 echo "AuthorizedKeysFile $OBJ/authorized_keys_%u_*" >> $OBJ/sshd_proxy_bak
 
-PLAIN_TYPES=`$SSH -Q key-plain | maybe_filter_sk | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
+PLAIN_TYPES=`$SSH -Q key-plain | maybe_filter_sk | sed 's/^ssh-//'`
 EXTRA_TYPES=""
 rsa=""
 
@@ -25,7 +25,7 @@ kname() {
 	sk-ecdsa-*) n="sk-ecdsa" ;;
 	sk-ssh-ed25519*) n="sk-ssh-ed25519" ;;
 	# subshell because some seds will add a newline
-	*) n=$(echo $1 | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/') ;;
+	*) n=$(echo $1 | sed 's/^rsa/ssh-rsa/;s/^ed/ssh-ed/') ;;
 	esac
 	if [ -z "$rsa" ]; then
 		echo "$n*,ssh-ed25519*"

regress/dsa_ssh2.prv

@@ -1,4 +1,4 @@
-#	$OpenBSD: hostbased.sh,v 1.4 2022/12/07 11:45:43 dtucker Exp $
+#	$OpenBSD: hostbased.sh,v 1.5 2025/05/06 06:05:48 djm Exp $
 #	Placed in the Public Domain.
 
 # This test requires external setup and thus is skipped unless
@@ -43,7 +43,6 @@ for key in `${SUDO} ${SSHD} -T | awk '$1=="hostkey"{print $2}'`; do
 	521*ECDSA*)	algos="$algos ecdsa-sha2-nistp521" ;;
 	*RSA*)		algos="$algos ssh-rsa rsa-sha2-256 rsa-sha2-512" ;;
 	*ED25519*)	algos="$algos ssh-ed25519" ;;
-	*DSA*)		algos="$algos ssh-dss" ;;
 	*) verbose "unknown host key type $key" ;;
 	esac
 done

regress/dsa_ssh2.pub

@@ -1,4 +1,4 @@
-#	$OpenBSD: keytype.sh,v 1.11 2021/02/25 03:27:34 djm Exp $
+#	$OpenBSD: keytype.sh,v 1.12 2025/05/06 06:05:48 djm Exp $
 #	Placed in the Public Domain.
 
 tid="login with different key types"
@@ -10,7 +10,6 @@ cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
 ktypes=""
 for i in ${SSH_KEYTYPES}; do
 	case "$i" in
-		ssh-dss)		ktypes="$ktypes dsa-1024" ;;
 		ssh-rsa)		ktypes="$ktypes rsa-2048 rsa-3072" ;;
 		ssh-ed25519)		ktypes="$ktypes ed25519-512" ;;
 		ecdsa-sha2-nistp256)	ktypes="$ktypes ecdsa-256" ;;
@@ -36,7 +35,6 @@ done
 
 kname_to_ktype() {
 	case $1 in
-	dsa-1024)	echo ssh-dss;;
 	ecdsa-256)	echo ecdsa-sha2-nistp256;;
 	ecdsa-384)	echo ecdsa-sha2-nistp384;;
 	ecdsa-521)	echo ecdsa-sha2-nistp521;;

regress/hostbased.sh

@@ -1,4 +1,4 @@
-#	$OpenBSD: knownhosts-command.sh,v 1.3 2021/08/30 01:15:45 djm Exp $
+#	$OpenBSD: knownhosts-command.sh,v 1.4 2025/05/06 06:05:48 djm Exp $
 #	Placed in the Public Domain.
 
 tid="known hosts command "
@@ -40,7 +40,6 @@ ${SSH} -F $OBJ/ssh_proxy x true && fail "ssh connect succeeded with bad exit"
 
 for keytype in ${SSH_HOSTKEY_TYPES} ; do
 	algs=$keytype
-	test "x$keytype" = "xssh-dss" && continue
 	test "x$keytype" = "xssh-rsa" && algs=ssh-rsa,rsa-sha2-256,rsa-sha2-512
 	verbose "keytype $keytype"
 	cat > $OBJ/knownhosts_command << _EOF

regress/keytype.sh

@@ -1,4 +1,4 @@
-#	$OpenBSD: krl.sh,v 1.12 2023/01/16 04:11:29 djm Exp $
+#	$OpenBSD: krl.sh,v 1.13 2025/05/06 06:05:48 djm Exp $
 #	Placed in the Public Domain.
 
 tid="key revocation lists"
@@ -11,7 +11,6 @@ for t in $SSH_KEYTYPES; do
 	case "$t" in
 		ecdsa*)		ktype2=ecdsa ;;
 		ssh-rsa)	ktype3=rsa ;;
-		ssh-dss)	ktype4=dsa ;;
 		[email protected])		ktype5=ed25519-sk ;;
 		[email protected])	ktype6=ecdsa-sk ;;
 	esac

regress/knownhosts-command.sh

@@ -1,4 +1,4 @@
-#	$OpenBSD: limit-keytype.sh,v 1.10 2021/02/25 03:27:34 djm Exp $
+#	$OpenBSD: limit-keytype.sh,v 1.11 2025/05/06 06:05:48 djm Exp $
 #	Placed in the Public Domain.
 
 tid="restrict pubkey type"
@@ -17,7 +17,6 @@ for t in $SSH_KEYTYPES ; do
 	case "$t" in
 		ssh-rsa)	ktype2=rsa ;;
 		ecdsa*)		ktype3=ecdsa ;;  # unused
-		ssh-dss)	ktype4=dsa ;;
 		[email protected])		ktype5=ed25519-sk ;;
 		[email protected])	ktype6=ecdsa-sk ;;
 	esac
@@ -75,7 +74,6 @@ keytype() {
 	case "$1" in
 		ecdsa)		printf "ecdsa-sha2-*" ;;
 		ed25519)	printf "ssh-ed25519" ;;
-		dsa)		printf "ssh-dss" ;;
 		rsa)		printf "rsa-sha2-256,rsa-sha2-512,ssh-rsa" ;;
 		sk-ecdsa)	printf "sk-ecdsa-*" ;;
 		sk-ssh-ed25519)	printf "sk-ssh-ed25519-*" ;;
@@ -123,7 +121,7 @@ if [ "$ktype1" != "$ktype2" ]; then
 fi
 ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed"
 
-# Allow only DSA in main config, Ed25519 for user.
+# Allow only Ed25519 in main config, Ed25519 for user.
 verbose "match w/ matching"
 prepare_config "PubkeyAcceptedAlgorithms `keytype $ktype4`" \
 	"Match user $USER" "PubkeyAcceptedAlgorithms +`keytype $ktype1`"

regress/krl.sh

@@ -34,41 +34,6 @@
 "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDf56l/5UYqgY9oBlet/pLRzK6ZCd12QYGdUVfQDl6HftG0u6DSpjm2HGwFRsYZWv2ZN3ZBfAu6MHBiDmXUw/8WaD7nfXZmDH2keZL6opQttqvSGU2Cm00Rv5o1R3ej2qDdpepebv5meMBXTl5/+bE1E3Zm+4STDtxGmlMlxsEj68XeVe4JedfaSUMj3kaXYBbdYdG1qeosdle4GSONEEMpzsxSr8Y/WGYuIB33l29Tt9mNGUgSw/zjMYQjUVvQv+SY8dw62JV8d+3wK2YL2/r73gms6I8EE1JxX53KuAAY+x0p2v/W8ilCYI2Ijyzc8KIPwntmIFpibQjx+rkb+qdT"
 #define CERT_RSA \
 "[email protected] AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg89JX6OBMYDSxER8fnU5y8xxeMCHR/hI0uVqdEhNyCpcAAAADAQABAAABAQDf56l/5UYqgY9oBlet/pLRzK6ZCd12QYGdUVfQDl6HftG0u6DSpjm2HGwFRsYZWv2ZN3ZBfAu6MHBiDmXUw/8WaD7nfXZmDH2keZL6opQttqvSGU2Cm00Rv5o1R3ej2qDdpepebv5meMBXTl5/+bE1E3Zm+4STDtxGmlMlxsEj68XeVe4JedfaSUMj3kaXYBbdYdG1qeosdle4GSONEEMpzsxSr8Y/WGYuIB33l29Tt9mNGUgSw/zjMYQjUVvQv+SY8dw62JV8d+3wK2YL2/r73gms6I8EE1JxX53KuAAY+x0p2v/W8ilCYI2Ijyzc8KIPwntmIFpibQjx+rkb+qdTAAAAAAAAA+0AAAABAAAAB3VseXNzZXMAAAAXAAAAB3VseXNzZXMAAAAIb2R5c3NldXMAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgM9BeYRUxUuZ4VHJp8oxVaA8OS/z+5EFPCZwQNq1nMwMAAABTAAAAC3NzaC1lZDI1NTE5AAAAQGCDA6PWw4x9bHQl0w7NqifHepumqD3dmyMx+hZGuPRon+TsyCjfytu7hWmV7l9XUF0fPQNFQ7FGat5e+7YUNgE= id_rsa.pub"
-#define PRIV_DSA \
-"-----BEGIN OPENSSH PRIVATE KEY-----\n"\
-"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABsgAAAAdzc2gtZH\n"\
-"NzAAAAgQCsGTfjpQ465EOkfQXJM9BOvfRQE0fqlykAls+ncz+T7hrbeScRu8xpwzsznJNm\n"\
-"xlW8o6cUDiHmBJ5OHgamUC9N7YJeU/6fnOAZifgN8mqK6k8pKHuje8ANOiYgHLl0yiASQA\n"\
-"3//qMyzZ+W/hemoLSmLAbEqlfWVeyYx+wta1Vm+QAAABUAvWyehvUvdHvQxavYgS5p0t5Q\n"\
-"d7UAAACBAIRA9Yy+f4Kzqpv/qICPO3zk42UuP7WAhSW2nCbQdLlCiSTxcjKgcvXNRckwJP\n"\
-"44JjSHOtJy/AMtJrPIbLYG6KuWTdBlEHFiG6DafvLG+qPMSL2bPjXTOhuOMbCHIZ+5WBkW\n"\
-"THeG/Nv11iI01Of9V6tXkig23K370flkRkXFi9MdAAAAgCt6YUcQkNwG7B/e5M1FZsLP9O\n"\
-"kVB3BwLAOjmWdHpyhu3HpwSJa3XLEvhXN0i6IVI2KgPo/2GtYA6rHt14L+6u1pmhh8sAvQ\n"\
-"ksp3qZB+xh/NP+hBqf0sbHX0yYbzKOvI5SCc/kKK6yagcBZOsubM/KC8TxyVgmD5c6WzYs\n"\
-"h5TEpvAAAB2PHjRbbx40W2AAAAB3NzaC1kc3MAAACBAKwZN+OlDjrkQ6R9Bckz0E699FAT\n"\
-"R+qXKQCWz6dzP5PuGtt5JxG7zGnDOzOck2bGVbyjpxQOIeYEnk4eBqZQL03tgl5T/p+c4B\n"\
-"mJ+A3yaorqTykoe6N7wA06JiAcuXTKIBJADf/+ozLNn5b+F6agtKYsBsSqV9ZV7JjH7C1r\n"\
-"VWb5AAAAFQC9bJ6G9S90e9DFq9iBLmnS3lB3tQAAAIEAhED1jL5/grOqm/+ogI87fOTjZS\n"\
-"4/tYCFJbacJtB0uUKJJPFyMqBy9c1FyTAk/jgmNIc60nL8Ay0ms8hstgboq5ZN0GUQcWIb\n"\
-"oNp+8sb6o8xIvZs+NdM6G44xsIchn7lYGRZMd4b82/XWIjTU5/1Xq1eSKDbcrfvR+WRGRc\n"\
-"WL0x0AAACAK3phRxCQ3AbsH97kzUVmws/06RUHcHAsA6OZZ0enKG7cenBIlrdcsS+Fc3SL\n"\
-"ohUjYqA+j/Ya1gDqse3Xgv7q7WmaGHywC9CSynepkH7GH80/6EGp/SxsdfTJhvMo68jlIJ\n"\
-"z+QorrJqBwFk6y5sz8oLxPHJWCYPlzpbNiyHlMSm8AAAAUUA+OGldMi76ClO/sstpdbBUE\n"\
-"lq8AAAAAAQI=\n"\
-"-----END OPENSSH PRIVATE KEY-----\n"
-#define PUB_DSA \
-"ssh-dss AAAAB3NzaC1kc3MAAACBAKwZN+OlDjrkQ6R9Bckz0E699FATR+qXKQCWz6dzP5PuGtt5JxG7zGnDOzOck2bGVbyjpxQOIeYEnk4eBqZQL03tgl5T/p+c4BmJ+A3yaorqTykoe6N7wA06JiAcuXTKIBJADf/+ozLNn5b+F6agtKYsBsSqV9ZV7JjH7C1rVWb5AAAAFQC9bJ6G9S90e9DFq9iBLmnS3lB3tQAAAIEAhED1jL5/grOqm/+ogI87fOTjZS4/tYCFJbacJtB0uUKJJPFyMqBy9c1FyTAk/jgmNIc60nL8Ay0ms8hstgboq5ZN0GUQcWIboNp+8sb6o8xIvZs+NdM6G44xsIchn7lYGRZMd4b82/XWIjTU5/1Xq1eSKDbcrfvR+WRGRcWL0x0AAACAK3phRxCQ3AbsH97kzUVmws/06RUHcHAsA6OZZ0enKG7cenBIlrdcsS+Fc3SLohUjYqA+j/Ya1gDqse3Xgv7q7WmaGHywC9CSynepkH7GH80/6EGp/SxsdfTJhvMo68jlIJz+QorrJqBwFk6y5sz8oLxPHJWCYPlzpbNiyHlMSm8="
-#define CERT_DSA \
-"[email protected] AAAAHHNzaC1kc3MtY2VydC12MDFAb3BlbnNzaC5jb20AAAAguF716Yub+vVKNlONKLsfxGYWkRe/PyjfYdGRTsFaDvAAAACBAKwZN+OlDjrkQ6R9Bckz0E699FATR+qXKQCWz6dzP5PuGtt5JxG7zGnDOzOck2bGVbyjpxQOIeYEnk4eBqZQL03tgl5T/p+c4BmJ+A3yaorqTykoe6N7wA06JiAcuXTKIBJADf/+ozLNn5b+F6agtKYsBsSqV9ZV7JjH7C1rVWb5AAAAFQC9bJ6G9S90e9DFq9iBLmnS3lB3tQAAAIEAhED1jL5/grOqm/+ogI87fOTjZS4/tYCFJbacJtB0uUKJJPFyMqBy9c1FyTAk/jgmNIc60nL8Ay0ms8hstgboq5ZN0GUQcWIboNp+8sb6o8xIvZs+NdM6G44xsIchn7lYGRZMd4b82/XWIjTU5/1Xq1eSKDbcrfvR+WRGRcWL0x0AAACAK3phRxCQ3AbsH97kzUVmws/06RUHcHAsA6OZZ0enKG7cenBIlrdcsS+Fc3SLohUjYqA+j/Ya1gDqse3Xgv7q7WmaGHywC9CSynepkH7GH80/6EGp/SxsdfTJhvMo68jlIJz+QorrJqBwFk6y5sz8oLxPHJWCYPlzpbNiyHlMSm8AAAAAAAAD6AAAAAEAAAAHdWx5c3NlcwAAABcAAAAHdWx5c3NlcwAAAAhvZHlzc2V1cwAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAz0F5hFTFS5nhUcmnyjFVoDw5L/P7kQU8JnBA2rWczAwAAAFMAAAALc3NoLWVkMjU1MTkAAABAjMQEZcbdUYJBjIC4GxByFDOb8tv71vDZdx7irHwaqIjx5rzpJUuOV1r8ZO4kY+Yaiun1yrWj2QYkfJrHBvD1DA== id_dsa.pub"
-#define PRIV_ECDSA \
-"-----BEGIN OPENSSH PRIVATE KEY-----\n"\
-"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS\n"\
-"1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTDJ0VlMv+0rguNzaJ1DF2KueHaxRSQ\n"\
-"6LpIxGbulrg1a8RPbnMXwag5GcDiDllD2lDUJUuBEWyjXA0rZoZX35ELAAAAoE/Bbr5PwW\n"\
-"6+AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMMnRWUy/7SuC43N\n"\
-"onUMXYq54drFFJDoukjEZu6WuDVrxE9ucxfBqDkZwOIOWUPaUNQlS4ERbKNcDStmhlffkQ\n"\
-"sAAAAhAIhE6hCID5oOm1TDktc++KFKyScjLifcZ6Cgv5xSSyLOAAAAAAECAwQFBgc=\n"\
-"-----END OPENSSH PRIVATE KEY-----\n"
 #define PUB_ECDSA \
 "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMMnRWUy/7SuC43NonUMXYq54drFFJDoukjEZu6WuDVrxE9ucxfBqDkZwOIOWUPaUNQlS4ERbKNcDStmhlffkQs="
 #define CERT_ECDSA \

regress/limit-keytype.sh

@@ -14,7 +14,7 @@ sleep 1
 AGENT_PID=$!
 trap "kill $AGENT_PID" EXIT
 
-PRIV="id_dsa id_ecdsa id_ecdsa_sk id_ed25519 id_ed25519_sk id_rsa"
+PRIV="id_ecdsa id_ecdsa_sk id_ed25519 id_ed25519_sk id_rsa"
 
 # add keys
 ssh-add $PRIV