--- /dev/null
+# $OpenBSD: hostkey-agent.sh,v 1.1 2015/01/17 18:54:30 djm Exp $
+# Placed in the Public Domain.
+
+tid="hostkey agent"
+
+# Need full names here since they are used in HostKeyAlgorithms
+HOSTKEY_TYPES="ecdsa-sha2-nistp256 ssh-ed25519 ssh-rsa ssh-dss"
+
+rm -f $OBJ/agent.* $OBJ/ssh_proxy.orig
+
+trace "start agent"
+eval `${SSHAGENT} -s` > /dev/null
+r=$?
+[ $r -ne 0 ] && fatal "could not start ssh-agent: exit code $r"
+
+grep -vi 'hostkey' $OBJ/sshd_proxy > $OBJ/sshd_proxy.orig
+echo "HostKeyAgent $SSH_AUTH_SOCK" >> $OBJ/sshd_proxy.orig
+echo "LogLevel debug3" >> $OBJ/sshd_proxy.orig
+rm $OBJ/known_hosts
+
+trace "load hostkeys"
+for k in $HOSTKEY_TYPES ; do
+ ${SSHKEYGEN} -qt $k -f $OBJ/agent.$k -N '' || fatal "ssh-keygen $k"
+ (
+ echo -n 'localhost-with-alias,127.0.0.1,::1 '
+ cat $OBJ/agent.$k.pub
+ ) >> $OBJ/known_hosts
+ ${SSHADD} $OBJ/agent.$k >/dev/null 2>&1 || \
+ fatal "couldn't load key $OBJ/agent.$k"
+ echo "Hostkey $OBJ/agent.${k}" >> sshd_proxy.orig
+ # Remove private key so the server can't use it.
+ rm $OBJ/agent.$k || fatal "couldn't rm $OBJ/agent.$k"
+done
+
+unset SSH_AUTH_SOCK
+
+for ps in no yes; do
+ cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
+ echo "UsePrivilegeSeparation $ps" >> $OBJ/sshd_proxy
+ for k in $HOSTKEY_TYPES ; do
+ verbose "key type $k privsep=$ps"
+ opts="-oHostKeyAlgorithms=$k -F $OBJ/ssh_proxy"
+ SSH_CONNECTION=`${SSH} $opts host 'echo $SSH_CONNECTION'`
+ if [ $? -ne 0 ]; then
+ fail "protocol $p privsep=$ps failed"
+ fi
+ if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then
+ fail "bad SSH_CONNECTION key type $k privsep=$ps"
+ fi
+ done
+done
+
+trace "kill agent"
+${SSHAGENT} -k > /dev/null
+
-# $OpenBSD: test-exec.sh,v 1.48 2014/07/06 07:42:03 djm Exp $
+# $OpenBSD: test-exec.sh,v 1.49 2015/01/17 18:54:30 djm Exp $
# Placed in the Public Domain.
USER=`id -un`
chmod a+rx $OBJ/ssh-log-wrapper.sh
SSH="$SSHLOGWRAP"
+# Colourise output if we are attached to a tty
+if tty >/dev/null 2>&1 ; then
+ _R=`tput setaf 8 2>/dev/null`
+ _G=`tput setaf 2 2>/dev/null`
+ _B=`tput bold 2>/dev/null`
+ _N=`tput sgr0 2>/dev/null`
+else
+ _R=""
+ _G=""
+ _B=""
+ _N=""
+fi
+
# Some test data. We make a copy because some tests will overwrite it.
# The tests may assume that $DATA exists and is writable and $COPY does
# not exist. Tests requiring larger data files can call increase_datafile_size
fi
}
-
fail ()
{
save_debug_log "FAIL: $@"
RESULT=1
- echo "$@"
-
+ echo "${_B}$@${_N}"
+ cleanup
+ exit $RESULT
}
fatal ()
{
save_debug_log "FATAL: $@"
- printf "FATAL: "
+ printf "${_B}FATAL: $@${_N}"
fail "$@"
cleanup
exit $RESULT
cat << EOF > $OBJ/sshd_config
Port $PORT
Protocol 2,1
+ LoginGraceTime 15m
AddressFamily inet
ListenAddress 127.0.0.1
#ListenAddress ::1
AcceptEnv _XXX_TEST_*
AcceptEnv _XXX_TEST
Subsystem sftp $SFTPSERVER
+ StrictModes no
EOF
if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
# kill sshd
cleanup
if [ $RESULT -eq 0 ]; then
- verbose ok $tid
+ verbose ${_G}ok $tid${_N}
else
- echo failed $tid
+ echo ${_R}failed $tid${_N}
fi
exit $RESULT
projects / openbsd / commitdiff