Dropbear server since it won't currently run as a ProxyCommand.
-# $OpenBSD: Makefile,v 1.127 2023/09/24 08:14:13 claudio Exp $
+# $OpenBSD: Makefile,v 1.128 2023/10/20 06:56:45 dtucker Exp $
OPENSSL?= yes
match-subsystem
INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
+INTEROP_TESTS+= dropbear-ciphers dropbear-kex
#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
EXTRA_TESTS= agent-pkcs11
clean: ${CLEAN_SUBDIR}
rm -f ${CLEANFILES}
rm -rf .putty
+ rm -rf .dropbear
.include <bsd.regress.mk>
--- /dev/null
+# $OpenBSD: dropbear-ciphers.sh,v 1.1 2023/10/20 06:56:45 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="dropbear ciphers"
+
+if test "x$REGRESS_INTEROP_DROPBEAR" != "xyes" ; then
+ skip "dropbear interop tests not enabled"
+fi
+
+cat >>$OBJ/sshd_proxy <<EOD
+PubkeyAcceptedAlgorithms +ssh-rsa,ssh-dss
+HostkeyAlgorithms +ssh-rsa,ssh-dss
+EOD
+
+ciphers=`$DBCLIENT -c help 2>&1 | awk '/ ciphers: /{print $4}' | tr ',' ' '`
+macs=`$DBCLIENT -m help 2>&1 | awk '/ MACs: /{print $4}' | tr ',' ' '`
+keytype=`(cd $OBJ/.dropbear && ls id_*)`
+
+for c in $ciphers ; do
+ for m in $macs; do
+ for kt in $keytype; do
+ verbose "$tid: cipher $c mac $m kt $kt"
+ rm -f ${COPY}
+ env HOME=$OBJ dbclient -y -i $OBJ/.dropbear/$kt 2>$OBJ/dbclient.log \
+ -c $c -m $m -J "$OBJ/ssh_proxy.sh" somehost cat ${DATA} > ${COPY}
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
+ cmp ${DATA} ${COPY} || fail "corrupted copy"
+ done
+ done
+done
+rm -f ${COPY}
--- /dev/null
+# $OpenBSD: dropbear-kex.sh,v 1.1 2023/10/20 06:56:45 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="dropbear kex"
+
+if test "x$REGRESS_INTEROP_DROPBEAR" != "xyes" ; then
+ skip "dropbear interop tests not enabled"
+fi
+
+cat >>$OBJ/sshd_proxy <<EOD
+PubkeyAcceptedAlgorithms +ssh-rsa,ssh-dss
+HostkeyAlgorithms +ssh-rsa,ssh-dss
+EOD
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak
+
+kex="curve25519-sha256 curve25519-sha256@libssh.org
+ diffie-hellman-group14-sha256 diffie-hellman-group14-sha1"
+
+for k in $kex; do
+ verbose "$tid: kex $k"
+ rm -f ${COPY}
+ # dbclient doesn't have switch for kex, so force in server
+ (cat $OBJ/sshd_proxy.bak; echo "KexAlgorithms $k") >$OBJ/sshd_proxy
+ env HOME=$OBJ dbclient -y -i $OBJ/.dropbear/id_rsa 2>$OBJ/dbclient.log \
+ -J "$OBJ/ssh_proxy.sh" somehost cat ${DATA} > ${COPY}
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
+ cmp ${DATA} ${COPY} || fail "corrupted copy"
+done
+rm -f ${COPY}
-# $OpenBSD: test-exec.sh,v 1.99 2023/10/12 03:48:53 djm Exp $
+# $OpenBSD: test-exec.sh,v 1.100 2023/10/20 06:56:45 dtucker Exp $
# Placed in the Public Domain.
#SUDO=sudo
PLINK=/usr/local/bin/plink
PUTTYGEN=/usr/local/bin/puttygen
CONCH=/usr/local/bin/conch
+DROPBEAR=/usr/local/bin/dropbear
+DBCLIENT=/usr/local/bin/dbclient
+DROPBEARKEY=/usr/local/bin/dropbearkey
+DROPBEARCONVERT=/usr/local/bin/dropbearconvert
# Tools used by multiple tests
NC=nc
echo "ProxyLocalhost=1" >> ${OBJ}/.putty/sessions/localhost_proxy
fi
+REGRESS_INTEROP_DROPBEAR=no
+if test -x "$DROPBEARKEY" -a -x "$DBCLIENT" -a -x "$DROPBEARCONVERT"; then
+ REGRESS_INTEROP_DROPBEAR=yes
+fi
+case "$SCRIPT" in
+*dropbear*) ;;
+*) REGRESS_INTEROP_DROPBEAR=no ;;
+esac
+
+if test "$REGRESS_INTEROP_DROPBEAR" = "yes" ; then
+ trace Create dropbear keys and add to authorized_keys
+ mkdir -p $OBJ/.dropbear
+ for i in rsa ecdsa ed25519 dss; do
+ if [ ! -f "$OBJ/.dropbear/id_$i" ]; then
+ ($DROPBEARKEY -t $i -f $OBJ/.dropbear/id_$i
+ $DROPBEARCONVERT dropbear openssh \
+ $OBJ/.dropbear/id_$i $OBJ/.dropbear/ossh.id_$i
+ ) > /dev/null 2>&1
+ fi
+ $SSHKEYGEN -y -f $OBJ/.dropbear/ossh.id_$i \
+ >>$OBJ/authorized_keys_$USER
+ done
+fi
+
# create a proxy version of the client config
(
cat $OBJ/ssh_config
# check proxy config
${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken"
+# extract proxycommand into separate shell script for use by Dropbear.
+echo '#!/bin/sh' >$OBJ/ssh_proxy.sh
+awk '/^proxycommand/' $OBJ/ssh_proxy | sed 's/^proxycommand//' \
+ >>$OBJ/ssh_proxy.sh
+chmod a+x $OBJ/ssh_proxy.sh
+
start_sshd ()
{
# start sshd
projects / openbsd / commitdiff