Kuba/ssh/fixup zero fault tests

lib/ssh/test/ssh_protocol_SUITE.erl

@@ -278,7 +278,7 @@ end_per_group(_GroupName, Config) ->
 
 init_per_testcase(Tc, Config) when Tc == no_common_alg_server_disconnects;
                                    Tc == custom_kexinit ->
-    start_std_daemon(Config, [{preferred_algorithms,[{public_key,['ssh-rsa']},
+    start_std_daemon(Config, [{preferred_algorithms,[{public_key,['ssh-ed25519']},
                                                      {cipher,?DEFAULT_CIPHERS}
                                                     ]}]);
 init_per_testcase(kex_strict_negotiated, Config) ->
@@ -477,14 +477,14 @@ no_common_alg_server_disconnects(Config) ->
 	    [{silently_accept_hosts, true},
 	     {user_dir, ssh_test_lib:user_dir(Config)},
 	     {user_interaction, false},
-	     {preferred_algorithms,[{public_key,['ssh-dss']},
+             {preferred_algorithms,[{public_key,['ecdsa-sha2-nistp256']},
                                     {cipher,?DEFAULT_CIPHERS}
                                    ]}
 	    ]},
 	   receive_hello,
 	   {send, hello},
 	   {match, #ssh_msg_kexinit{_='_'}, receive_msg},
-	   {send, ssh_msg_kexinit},  % with server unsupported 'ssh-dss' !
+           {send, ssh_msg_kexinit},  % with server unsupported 'ecdsa-sha2-nistp256' !
 	   {match, disconnect(), receive_msg}
 	  ]
 	 ).
@@ -618,7 +618,7 @@ no_common_alg_client_disconnects(Config) ->
 
     %% and finally connect to it with a regular Erlang SSH client
     %% which of course does not support SOME-UNSUPPORTED as pub key algo:
-    Result = std_connect(HostPort, Config, [{preferred_algorithms,[{public_key,['ssh-dss']},
+    Result = std_connect(HostPort, Config, [{preferred_algorithms,[{public_key,['ecdsa-sha2-nistp256']},
                                                                    {cipher,?DEFAULT_CIPHERS}
                                                                   ]}]),
     ct:log("Result of connect is ~p",[Result]),

lib/ssh/test/ssh_to_openssh_SUITE.erl

@@ -316,14 +316,19 @@ eserver_oclient_renegotiate_helper1(Config) ->
     {Data, OpenSsh, Pid}.
 
 eserver_oclient_renegotiate_helper2({Data, OpenSsh, Pid}) ->
+    PQCAvailable = lists:member(mlkem768, crypto:supports(kems)),
     Expect = fun({data,R}) ->
                      Warning =
                          <<"WARNING: connection is not using a post-quantum key exchange algorithm">>,
                      case binary:match(R, Warning) of
                          nomatch -> ok;
-                         _ ->
+                         _ when PQCAvailable ->
                              ?CT_PAL("~p", [R]),
-                             ct:fail(pqc_warning_detected)
+                             ct:fail(pqc_warning_detected);
+                         _ ->
+                             ?CT_LOG("PQC warning ignored: mlkem768 not available in crypto backend"),
+                             ct:comment("PQC kex unavailable (LibreSSL lacks ML-KEM support)"),
+                             ok
                      end,
 		     try
 			 NonAlphaChars = [C || C<-lists:seq(1,255),
@@ -694,9 +699,8 @@ no_forwarding(Config) ->
 check_kex_strict(Sock) ->
     %% Send some version, in order to receive KEXINIT from server
     ok = gen_tcp:send(Sock, "SSH-2.0-OpenSSH_9.5\r\n"),
-    ct:sleep(100),
-    {ok, Packet} = gen_tcp:recv(Sock, 0),
-    case string:find(Packet, ?kex_strict_s) of
+    Data = recv_kexinit_data(Sock, <<>>),
+    case string:find(Data, ?kex_strict_s) of
         nomatch ->
             ct:log("KEX strict NOT supported by local OpenSSH"),
             false;
@@ -705,3 +709,17 @@ check_kex_strict(Sock) ->
             true
     end.
 
+recv_kexinit_data(_Sock, Acc) when byte_size(Acc) > 4096 ->
+    Acc;
+recv_kexinit_data(Sock, Acc) ->
+    case gen_tcp:recv(Sock, 0, 2000) of
+        {ok, Packet} ->
+            Combined = iolist_to_binary([Acc, Packet]),
+            case string:find(Combined, "kex-strict") of
+                nomatch -> recv_kexinit_data(Sock, Combined);
+                _ -> Combined
+            end;
+        {error, _} ->
+            Acc
+    end.
+