Permalink
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
openssh-portable/regress/hostbased.sh
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03
66 lines (59 sloc)
2.12 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # $OpenBSD: hostbased.sh,v 1.4 2022/12/07 11:45:43 dtucker Exp $ | |
| # Placed in the Public Domain. | |
| # This test requires external setup and thus is skipped unless | |
| # TEST_SSH_HOSTBASED_AUTH and SUDO are set to "yes". | |
| # Since ssh-keysign has key paths hard coded, unlike the other tests it | |
| # needs to use the real host keys. It requires: | |
| # - ssh-keysign must be installed and setuid. | |
| # - "EnableSSHKeysign yes" must be in the system ssh_config. | |
| # - the system's own real FQDN the system-wide shosts.equiv. | |
| # - the system's real public key fingerprints must be in global ssh_known_hosts. | |
| # | |
| tid="hostbased" | |
| if [ -z "${TEST_SSH_HOSTBASED_AUTH}" ]; then | |
| skip "TEST_SSH_HOSTBASED_AUTH not set." | |
| elif [ -z "${SUDO}" ]; then | |
| skip "SUDO not set" | |
| fi | |
| # Enable all supported hostkey algos (but no others) | |
| hostkeyalgos=`${SSH} -Q HostKeyAlgorithms | tr '\n' , | sed 's/,$//'` | |
| cat >>$OBJ/sshd_proxy <<EOD | |
| HostbasedAuthentication yes | |
| HostbasedAcceptedAlgorithms $hostkeyalgos | |
| HostbasedUsesNameFromPacketOnly yes | |
| HostKeyAlgorithms $hostkeyalgos | |
| EOD | |
| cat >>$OBJ/ssh_proxy <<EOD | |
| HostbasedAuthentication yes | |
| HostKeyAlgorithms $hostkeyalgos | |
| HostbasedAcceptedAlgorithms $hostkeyalgos | |
| PreferredAuthentications hostbased | |
| EOD | |
| algos="" | |
| for key in `${SUDO} ${SSHD} -T | awk '$1=="hostkey"{print $2}'`; do | |
| case "`$SSHKEYGEN -l -f ${key}.pub`" in | |
| 256*ECDSA*) algos="$algos ecdsa-sha2-nistp256" ;; | |
| 384*ECDSA*) algos="$algos ecdsa-sha2-nistp384" ;; | |
| 521*ECDSA*) algos="$algos ecdsa-sha2-nistp521" ;; | |
| *RSA*) algos="$algos ssh-rsa rsa-sha2-256 rsa-sha2-512" ;; | |
| *ED25519*) algos="$algos ssh-ed25519" ;; | |
| *DSA*) algos="$algos ssh-dss" ;; | |
| *) verbose "unknown host key type $key" ;; | |
| esac | |
| done | |
| for algo in $algos; do | |
| trace "hostbased algo $algo" | |
| opts="-F $OBJ/ssh_proxy" | |
| if [ "x$algo" != "xdefault" ]; then | |
| opts="$opts -oHostbasedAcceptedAlgorithms=$algo" | |
| fi | |
| SSH_CONNECTION=`${SSH} $opts localhost 'echo $SSH_CONNECTION'` | |
| if [ $? -ne 0 ]; then | |
| fail "connect failed, hostbased algo $algo" | |
| elif [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then | |
| fail "hostbased algo $algo bad SSH_CONNECTION" \ | |
| "$SSH_CONNECTION" | |
| else | |
| verbose "ok hostbased algo $algo" | |
| fi | |
| done |