[Windows] Git installation tests for SSH hostkeys

[tvalenta]

Description

This is a follow-up to the comment in #13154 requesting tests be provided. While they did pass my meager testing, the tests aren't the most elegant and I will not be offended in the least should this PR be deemed a worthless addition.

Tests provisioned SSH hostkeys for github.com and ssh.dev.azure.com

• ssh-keygen is able to parse the ssh_known_hosts files
• Hostkeys for github.com and ssh.dev.azure.com are verified

Check list

• Related issue / work item is attached
• Tests are written (if applicable)
• Documentation is updated (if applicable)
• Changes are tested and related VM images are successfully generated

[erik-bershel]

@tvalenta 👋
FYI:

==> windows-2025.azure-arm.image: Describing SshHostkeys
==> windows-2025.azure-arm.image:  Context OpenSSH
==> windows-2025.azure-arm.image:    [+] KnownHosts for github.com 54ms (45ms|9ms)
==> windows-2025.azure-arm.image:    [+] KnownHosts for ssh.dev.azure.com 37ms (35ms|2ms)
==> windows-2025.azure-arm.image:    [-] SSH accepts github.com keys 590ms (587ms|3ms)
==> windows-2025.azure-arm.image:     RemoteException: git@github.com: Permission denied (publickey).
==> windows-2025.azure-arm.image:     at <ScriptBlock>, C:\image\tests\Git.Tests.ps1:45
==> windows-2025.azure-arm.image:    [-] SSH accepts ssh.dev.azure.com keys 126ms (125ms|1ms)
==> windows-2025.azure-arm.image:     RemoteException: git@ssh.dev.azure.com: Permission denied (password,publickey).
==> windows-2025.azure-arm.image:     at <ScriptBlock>, C:\image\tests\Git.Tests.ps1:45
==> windows-2025.azure-arm.image:  Context Git for Windows
==> windows-2025.azure-arm.image:    [+] KnownHosts for github.com 43ms (41ms|3ms)
==> windows-2025.azure-arm.image:    [+] KnownHosts for ssh.dev.azure.com 63ms (51ms|12ms)
==> windows-2025.azure-arm.image:    [-] SSH accepts github.com keys 529ms (527ms|1ms)
==> windows-2025.azure-arm.image:     RemoteException: git@github.com: Permission denied (publickey).
==> windows-2025.azure-arm.image:     at <ScriptBlock>, C:\image\tests\Git.Tests.ps1:58
==> windows-2025.azure-arm.image:    [-] SSH accepts ssh.dev.azure.com keys 159ms (157ms|1ms)
==> windows-2025.azure-arm.image:     RemoteException: ** WARNING: connection is not using a post-quantum key exchange algorithm.
==> windows-2025.azure-arm.image:     at <ScriptBlock>, C:\image\tests\Git.Tests.ps1:58
==> windows-2025.azure-arm.image: Tests completed in 7.3s
==> windows-2025.azure-arm.image: Tests Passed: 14, Failed: 4, Skipped: 0, Inconclusive: 0, NotRun: 0

😞

[tvalenta]

Rats. That checks failed at Permission denied tells me that ssh accepted the hostkeys and proceeded to the authentication step, which is expected to fail as there aren't any credentials for logging into GitHub. I don't have a good idea of how to test the ssh process without tripping at the final Permission denied phase. Any thoughts?

The first test checks the ssh_known_hosts file and ensures ssh-keygen is able to find entries for the targets. If ssh_known_hosts is UTF16, this step would fail. I could simply remove the steps that call ssh directly and stick with ssh-keygen but it doesn't guarantee ssh will accept those host keys; the test doesn't confirm this is the file which the ssh process will read.

Might OutputTextMatchingRegex from Helpers.psm1 swallow the expected failure messages from ssh?