diff options
author | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
commit | efd3d4522636ae029488c2e9730b60c88e257d2e (patch) | |
tree | 31e02ac3f16090ce8c53448677356b2b7f423683 /regress/addrmatch.sh | |
parent | bbec4db36d464ea1d464a707625125f9fd5c7b5e (diff) | |
parent | d1a87e462e1db89f19cd960588d0c6b287cb5ccc (diff) |
* New upstream release (LP: #535029).
- After a transition period of about 10 years, this release disables SSH
protocol 1 by default. Clients and servers that need to use the
legacy protocol must explicitly enable it in ssh_config / sshd_config
or on the command-line.
- Remove the libsectok/OpenSC-based smartcard code and add support for
PKCS#11 tokens. This support is enabled by default in the Debian
packaging, since it now doesn't involve additional library
dependencies (closes: #231472, LP: #16918).
- Add support for certificate authentication of users and hosts using a
new, minimal OpenSSH certificate format (closes: #482806).
- Added a 'netcat mode' to ssh(1): "ssh -W host:port ...".
- Add the ability to revoke keys in sshd(8) and ssh(1). (For the Debian
package, this overlaps with the key blacklisting facility added in
openssh 1:4.7p1-9, but with different file formats and slightly
different scopes; for the moment, I've roughly merged the two.)
- Various multiplexing improvements, including support for requesting
port-forwardings via the multiplex protocol (closes: #360151).
- Allow setting an explicit umask on the sftp-server(8) commandline to
override whatever default the user has (closes: #496843).
- Many sftp client improvements, including tab-completion, more options,
and recursive transfer support for get/put (LP: #33378). The old
mget/mput commands never worked properly and have been removed
(closes: #270399, #428082).
- Do not prompt for a passphrase if we fail to open a keyfile, and log
the reason why the open failed to debug (closes: #431538).
- Prevent sftp from crashing when given a "-" without a command. Also,
allow whitespace to follow a "-" (closes: #531561).
Diffstat (limited to 'regress/addrmatch.sh')
-rw-r--r-- | regress/addrmatch.sh | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/regress/addrmatch.sh b/regress/addrmatch.sh index a258f7bb4..23ddd65ce 100644 --- a/regress/addrmatch.sh +++ b/regress/addrmatch.sh | |||
@@ -1,9 +1,9 @@ | |||
1 | # $OpenBSD: addrmatch.sh,v 1.1 2008/06/10 05:23:32 dtucker Exp $ | 1 | # $OpenBSD: addrmatch.sh,v 1.3 2010/02/09 04:57:36 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="address match" | 4 | tid="address match" |
5 | 5 | ||
6 | mv $OBJ/sshd_proxy $OBJ/sshd_proxy_orig | 6 | mv $OBJ/sshd_proxy $OBJ/sshd_proxy_bak |
7 | 7 | ||
8 | run_trial() | 8 | run_trial() |
9 | { | 9 | { |
@@ -12,13 +12,13 @@ run_trial() | |||
12 | verbose "test $descr for $user $addr $host" | 12 | verbose "test $descr for $user $addr $host" |
13 | result=`${SSHD} -f $OBJ/sshd_proxy -T \ | 13 | result=`${SSHD} -f $OBJ/sshd_proxy -T \ |
14 | -C user=${user},addr=${addr},host=${host} | \ | 14 | -C user=${user},addr=${addr},host=${host} | \ |
15 | awk '/passwordauthentication/ {print $2}'` | 15 | awk '/^passwordauthentication/ {print $2}'` |
16 | if [ "$result" != "$expected" ]; then | 16 | if [ "$result" != "$expected" ]; then |
17 | fail "failed for $user $addr $host: expected $expected, got $result" | 17 | fail "failed for $user $addr $host: expected $expected, got $result" |
18 | fi | 18 | fi |
19 | } | 19 | } |
20 | 20 | ||
21 | cp $OBJ/sshd_proxy_orig $OBJ/sshd_proxy | 21 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy |
22 | cat >>$OBJ/sshd_proxy <<EOD | 22 | cat >>$OBJ/sshd_proxy <<EOD |
23 | PasswordAuthentication no | 23 | PasswordAuthentication no |
24 | Match Address 192.168.0.0/16,!192.168.30.0/24,10.0.0.0/8,host.example.com | 24 | Match Address 192.168.0.0/16,!192.168.30.0/24,10.0.0.0/8,host.example.com |
@@ -40,3 +40,6 @@ run_trial user ::3 somehost no "deny IP6 negated" | |||
40 | run_trial user ::4 somehost no "deny, IP6 no match" | 40 | run_trial user ::4 somehost no "deny, IP6 no match" |
41 | run_trial user 2000::1 somehost yes "permit, IP6 network" | 41 | run_trial user 2000::1 somehost yes "permit, IP6 network" |
42 | run_trial user 2001::1 somehost no "deny, IP6 network" | 42 | run_trial user 2001::1 somehost no "deny, IP6 network" |
43 | |||
44 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy | ||
45 | rm $OBJ/sshd_proxy_bak | ||