upstream commit

eliminate explicit specification of protocol in tests and loops over protocol. We only support SSHv2 now. Upstream-Regress-ID: 0082838a9b8a382b7ee9cbf0c1b9db727784fadd
author: djm@openbsd.org <djm@openbsd.org> 2017-04-30 23:34:55 +0000
committer: Damien Miller <djm@mindrot.org> 2017-05-01 11:59:42 +1000
commit: dd369320d2435b630a5974ab270d686dcd92d024 (patch)
tree: 97ae4bb34d835fbafad12180862195a9e9192d28 /regress/cert-userkey.sh
parent: 557f921aad004be15805e09fd9572969eb3d9321 (diff)
1 files changed, 18 insertions, 18 deletions
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
index 7005fd55e..6a23fe300 100644
--- a/regress/cert-userkey.sh
+++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: cert-userkey.sh,v 1.17 2016/11/30 03:01:33 djm Exp $
+#       $OpenBSD: cert-userkey.sh,v 1.18 2017/04/30 23:34:55 djm Exp $
 #       Placed in the Public Domain.
 tid="certified user keys"
@@ -67,7 +67,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
                # Missing authorized_principals
                verbose "$tid: ${_prefix} missing authorized_principals"
                rm -f $OBJ/authorized_principals_$USER
-                ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                ${SSH} -i $OBJ/cert_user_key_${ktype} \
                    -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
                if [ $? -eq 0 ]; then
                        fail "ssh cert connect succeeded unexpectedly"
@@ -76,7 +76,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
                # Empty authorized_principals
                verbose "$tid: ${_prefix} empty authorized_principals"
                echo > $OBJ/authorized_principals_$USER
-                ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                ${SSH} -i $OBJ/cert_user_key_${ktype} \
                    -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
                if [ $? -eq 0 ]; then
                        fail "ssh cert connect succeeded unexpectedly"
@@ -85,7 +85,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
                # Wrong authorized_principals
                verbose "$tid: ${_prefix} wrong authorized_principals"
                echo gregorsamsa > $OBJ/authorized_principals_$USER
-                ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                ${SSH} -i $OBJ/cert_user_key_${ktype} \
                    -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
                if [ $? -eq 0 ]; then
                        fail "ssh cert connect succeeded unexpectedly"
@@ -94,7 +94,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
                # Correct authorized_principals
                verbose "$tid: ${_prefix} correct authorized_principals"
                echo mekmitasdigoat > $OBJ/authorized_principals_$USER
-                ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                ${SSH} -i $OBJ/cert_user_key_${ktype} \
                    -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
                if [ $? -ne 0 ]; then
                        fail "ssh cert connect failed"
@@ -103,7 +103,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
                # authorized_principals with bad key option
                verbose "$tid: ${_prefix} authorized_principals bad key opt"
                echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER
-                ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                ${SSH} -i $OBJ/cert_user_key_${ktype} \
                    -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
                if [ $? -eq 0 ]; then
                        fail "ssh cert connect succeeded unexpectedly"
@@ -113,7 +113,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
                verbose "$tid: ${_prefix} authorized_principals command=false"
                echo 'command="false" mekmitasdigoat' > \
                    $OBJ/authorized_principals_$USER
-                ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                ${SSH} -i $OBJ/cert_user_key_${ktype} \
                    -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
                if [ $? -eq 0 ]; then
                        fail "ssh cert connect succeeded unexpectedly"
@@ -124,7 +124,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
                verbose "$tid: ${_prefix} authorized_principals command=true"
                echo 'command="true" mekmitasdigoat' > \
                    $OBJ/authorized_principals_$USER
-                ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                ${SSH} -i $OBJ/cert_user_key_${ktype} \
                    -F $OBJ/ssh_proxy somehost false >/dev/null 2>&1
                if [ $? -ne 0 ]; then
                        fail "ssh cert connect failed"
@@ -148,7 +148,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
                        printf 'cert-authority,principals="gregorsamsa" '
                        cat $OBJ/user_ca_key.pub
                ) > $OBJ/authorized_keys_$USER
-                ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                ${SSH} -i $OBJ/cert_user_key_${ktype} \
                    -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
                if [ $? -eq 0 ]; then
                        fail "ssh cert connect succeeded unexpectedly"
@@ -160,7 +160,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
                        printf 'cert-authority,principals="mekmitasdigoat" '
                        cat $OBJ/user_ca_key.pub
                ) > $OBJ/authorized_keys_$USER
-                ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                ${SSH} -i $OBJ/cert_user_key_${ktype} \
                    -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
                if [ $? -ne 0 ]; then
                        fail "ssh cert connect failed"
@@ -198,7 +198,7 @@ basic_tests() {
                                echo "PubkeyAcceptedKeyTypes ${t}"
                        ) > $OBJ/ssh_proxy
-                        ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                        ${SSH} -i $OBJ/cert_user_key_${ktype} \
                            -F $OBJ/ssh_proxy somehost true
                        if [ $? -ne 0 ]; then
                                fail "ssh cert connect failed"
@@ -215,7 +215,7 @@ basic_tests() {
                        ) > $OBJ/sshd_proxy
                        cp $OBJ/cert_user_key_${ktype}.pub \
                            $OBJ/cert_user_key_revoked
-                        ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                        ${SSH} -i $OBJ/cert_user_key_${ktype} \
                            -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
                        if [ $? -eq 0 ]; then
                                fail "ssh cert connect succeeded unexpecedly"
@@ -224,14 +224,14 @@ basic_tests() {
                        rm $OBJ/cert_user_key_revoked
                        ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked \
                            $OBJ/cert_user_key_${ktype}.pub
-                        ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                        ${SSH} -i $OBJ/cert_user_key_${ktype} \
                            -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
                        if [ $? -eq 0 ]; then
                                fail "ssh cert connect succeeded unexpecedly"
                        fi
                        verbose "$tid: ${_prefix} empty KRL"
                        ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked
-                        ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                        ${SSH} -i $OBJ/cert_user_key_${ktype} \
                            -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
                        if [ $? -ne 0 ]; then
                                fail "ssh cert connect failed"
@@ -246,7 +246,7 @@ basic_tests() {
                        echo "PubkeyAcceptedKeyTypes ${t}"
                        echo "$extra_sshd"
                ) > $OBJ/sshd_proxy
-                ${SSH} -2i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \
+                ${SSH} -i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \
                    somehost true >/dev/null 2>&1
                if [ $? -eq 0 ]; then
                        fail "ssh cert connect succeeded unexpecedly"
@@ -260,7 +260,7 @@ basic_tests() {
                echo "$extra_sshd"
        ) > $OBJ/sshd_proxy
        verbose "$tid: ensure CA key does not authenticate user"
-        ${SSH} -2i $OBJ/user_ca_key \
+        ${SSH} -i $OBJ/user_ca_key \
            -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
        if [ $? -eq 0 ]; then
                fail "ssh cert connect with CA key succeeded unexpectedly"
@@ -307,7 +307,7 @@ test_one() {
                            $sign_opts $OBJ/cert_user_key_${ktype} ||
                                fail "couldn't sign cert_user_key_${ktype}"
-                        ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+                        ${SSH} -i $OBJ/cert_user_key_${ktype} \
                            -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
                        rc=$?
                        if [ "x$result" = "xsuccess" ] ; then
@@ -378,7 +378,7 @@ for ktype in $PLAIN_TYPES ; do
            -n $USER $OBJ/cert_user_key_${ktype} ||
                fatal "couldn't sign cert_user_key_${ktype}"
        verbose "$tid: user ${ktype} connect wrong cert"
-        ${SSH} -2i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \
+        ${SSH} -i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \
            somehost true >/dev/null 2>&1
        if [ $? -eq 0 ]; then
                fail "ssh cert connect $ident succeeded unexpectedly"
author	djm@openbsd.org <djm@openbsd.org>	2017-04-30 23:34:55 +0000
committer	Damien Miller <djm@mindrot.org>	2017-05-01 11:59:42 +1000
commit	dd369320d2435b630a5974ab270d686dcd92d024 (patch)
tree	97ae4bb34d835fbafad12180862195a9e9192d28 /regress/cert-userkey.sh
parent	557f921aad004be15805e09fd9572969eb3d9321 (diff)

diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 7005fd55e..6a23fe300 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
1	# $OpenBSD: cert-userkey.sh,v 1.17 2016/11/30 03:01:33 djm Exp $	1	# $OpenBSD: cert-userkey.sh,v 1.18 2017/04/30 23:34:55 djm Exp $
2	# Placed in the Public Domain.	2	# Placed in the Public Domain.
3		3
4	tid="certified user keys"	4	tid="certified user keys"
@@ -67,7 +67,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
67	# Missing authorized_principals	67	# Missing authorized_principals
68	verbose "$tid: ${_prefix} missing authorized_principals"	68	verbose "$tid: ${_prefix} missing authorized_principals"
69	rm -f $OBJ/authorized_principals_$USER	69	rm -f $OBJ/authorized_principals_$USER
70	${SSH} -2i $OBJ/cert_user_key_${ktype} \	70	${SSH} -i $OBJ/cert_user_key_${ktype} \
71	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1	71	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
72	if [ $? -eq 0 ]; then	72	if [ $? -eq 0 ]; then
73	fail "ssh cert connect succeeded unexpectedly"	73	fail "ssh cert connect succeeded unexpectedly"
@@ -76,7 +76,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
76	# Empty authorized_principals	76	# Empty authorized_principals
77	verbose "$tid: ${_prefix} empty authorized_principals"	77	verbose "$tid: ${_prefix} empty authorized_principals"
78	echo > $OBJ/authorized_principals_$USER	78	echo > $OBJ/authorized_principals_$USER
79	${SSH} -2i $OBJ/cert_user_key_${ktype} \	79	${SSH} -i $OBJ/cert_user_key_${ktype} \
80	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1	80	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
81	if [ $? -eq 0 ]; then	81	if [ $? -eq 0 ]; then
82	fail "ssh cert connect succeeded unexpectedly"	82	fail "ssh cert connect succeeded unexpectedly"
@@ -85,7 +85,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
85	# Wrong authorized_principals	85	# Wrong authorized_principals
86	verbose "$tid: ${_prefix} wrong authorized_principals"	86	verbose "$tid: ${_prefix} wrong authorized_principals"
87	echo gregorsamsa > $OBJ/authorized_principals_$USER	87	echo gregorsamsa > $OBJ/authorized_principals_$USER
88	${SSH} -2i $OBJ/cert_user_key_${ktype} \	88	${SSH} -i $OBJ/cert_user_key_${ktype} \
89	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1	89	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
90	if [ $? -eq 0 ]; then	90	if [ $? -eq 0 ]; then
91	fail "ssh cert connect succeeded unexpectedly"	91	fail "ssh cert connect succeeded unexpectedly"
@@ -94,7 +94,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
94	# Correct authorized_principals	94	# Correct authorized_principals
95	verbose "$tid: ${_prefix} correct authorized_principals"	95	verbose "$tid: ${_prefix} correct authorized_principals"
96	echo mekmitasdigoat > $OBJ/authorized_principals_$USER	96	echo mekmitasdigoat > $OBJ/authorized_principals_$USER
97	${SSH} -2i $OBJ/cert_user_key_${ktype} \	97	${SSH} -i $OBJ/cert_user_key_${ktype} \
98	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1	98	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
99	if [ $? -ne 0 ]; then	99	if [ $? -ne 0 ]; then
100	fail "ssh cert connect failed"	100	fail "ssh cert connect failed"
@@ -103,7 +103,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
103	# authorized_principals with bad key option	103	# authorized_principals with bad key option
104	verbose "$tid: ${_prefix} authorized_principals bad key opt"	104	verbose "$tid: ${_prefix} authorized_principals bad key opt"
105	echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER	105	echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER
106	${SSH} -2i $OBJ/cert_user_key_${ktype} \	106	${SSH} -i $OBJ/cert_user_key_${ktype} \
107	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1	107	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
108	if [ $? -eq 0 ]; then	108	if [ $? -eq 0 ]; then
109	fail "ssh cert connect succeeded unexpectedly"	109	fail "ssh cert connect succeeded unexpectedly"
@@ -113,7 +113,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
113	verbose "$tid: ${_prefix} authorized_principals command=false"	113	verbose "$tid: ${_prefix} authorized_principals command=false"
114	echo 'command="false" mekmitasdigoat' > \	114	echo 'command="false" mekmitasdigoat' > \
115	$OBJ/authorized_principals_$USER	115	$OBJ/authorized_principals_$USER
116	${SSH} -2i $OBJ/cert_user_key_${ktype} \	116	${SSH} -i $OBJ/cert_user_key_${ktype} \
117	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1	117	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
118	if [ $? -eq 0 ]; then	118	if [ $? -eq 0 ]; then
119	fail "ssh cert connect succeeded unexpectedly"	119	fail "ssh cert connect succeeded unexpectedly"
@@ -124,7 +124,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
124	verbose "$tid: ${_prefix} authorized_principals command=true"	124	verbose "$tid: ${_prefix} authorized_principals command=true"
125	echo 'command="true" mekmitasdigoat' > \	125	echo 'command="true" mekmitasdigoat' > \
126	$OBJ/authorized_principals_$USER	126	$OBJ/authorized_principals_$USER
127	${SSH} -2i $OBJ/cert_user_key_${ktype} \	127	${SSH} -i $OBJ/cert_user_key_${ktype} \
128	-F $OBJ/ssh_proxy somehost false >/dev/null 2>&1	128	-F $OBJ/ssh_proxy somehost false >/dev/null 2>&1
129	if [ $? -ne 0 ]; then	129	if [ $? -ne 0 ]; then
130	fail "ssh cert connect failed"	130	fail "ssh cert connect failed"
@@ -148,7 +148,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
148	printf 'cert-authority,principals="gregorsamsa" '	148	printf 'cert-authority,principals="gregorsamsa" '
149	cat $OBJ/user_ca_key.pub	149	cat $OBJ/user_ca_key.pub
150	) > $OBJ/authorized_keys_$USER	150	) > $OBJ/authorized_keys_$USER
151	${SSH} -2i $OBJ/cert_user_key_${ktype} \	151	${SSH} -i $OBJ/cert_user_key_${ktype} \
152	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1	152	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
153	if [ $? -eq 0 ]; then	153	if [ $? -eq 0 ]; then
154	fail "ssh cert connect succeeded unexpectedly"	154	fail "ssh cert connect succeeded unexpectedly"
@@ -160,7 +160,7 @@ for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
160	printf 'cert-authority,principals="mekmitasdigoat" '	160	printf 'cert-authority,principals="mekmitasdigoat" '
161	cat $OBJ/user_ca_key.pub	161	cat $OBJ/user_ca_key.pub
162	) > $OBJ/authorized_keys_$USER	162	) > $OBJ/authorized_keys_$USER
163	${SSH} -2i $OBJ/cert_user_key_${ktype} \	163	${SSH} -i $OBJ/cert_user_key_${ktype} \
164	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1	164	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
165	if [ $? -ne 0 ]; then	165	if [ $? -ne 0 ]; then
166	fail "ssh cert connect failed"	166	fail "ssh cert connect failed"
@@ -198,7 +198,7 @@ basic_tests() {
198	echo "PubkeyAcceptedKeyTypes ${t}"	198	echo "PubkeyAcceptedKeyTypes ${t}"
199	) > $OBJ/ssh_proxy	199	) > $OBJ/ssh_proxy
200		200
201	${SSH} -2i $OBJ/cert_user_key_${ktype} \	201	${SSH} -i $OBJ/cert_user_key_${ktype} \
202	-F $OBJ/ssh_proxy somehost true	202	-F $OBJ/ssh_proxy somehost true
203	if [ $? -ne 0 ]; then	203	if [ $? -ne 0 ]; then
204	fail "ssh cert connect failed"	204	fail "ssh cert connect failed"
@@ -215,7 +215,7 @@ basic_tests() {
215	) > $OBJ/sshd_proxy	215	) > $OBJ/sshd_proxy
216	cp $OBJ/cert_user_key_${ktype}.pub \	216	cp $OBJ/cert_user_key_${ktype}.pub \
217	$OBJ/cert_user_key_revoked	217	$OBJ/cert_user_key_revoked
218	${SSH} -2i $OBJ/cert_user_key_${ktype} \	218	${SSH} -i $OBJ/cert_user_key_${ktype} \
219	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1	219	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
220	if [ $? -eq 0 ]; then	220	if [ $? -eq 0 ]; then
221	fail "ssh cert connect succeeded unexpecedly"	221	fail "ssh cert connect succeeded unexpecedly"
@@ -224,14 +224,14 @@ basic_tests() {
224	rm $OBJ/cert_user_key_revoked	224	rm $OBJ/cert_user_key_revoked
225	${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked \	225	${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked \
226	$OBJ/cert_user_key_${ktype}.pub	226	$OBJ/cert_user_key_${ktype}.pub
227	${SSH} -2i $OBJ/cert_user_key_${ktype} \	227	${SSH} -i $OBJ/cert_user_key_${ktype} \
228	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1	228	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
229	if [ $? -eq 0 ]; then	229	if [ $? -eq 0 ]; then
230	fail "ssh cert connect succeeded unexpecedly"	230	fail "ssh cert connect succeeded unexpecedly"
231	fi	231	fi
232	verbose "$tid: ${_prefix} empty KRL"	232	verbose "$tid: ${_prefix} empty KRL"
233	${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked	233	${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked
234	${SSH} -2i $OBJ/cert_user_key_${ktype} \	234	${SSH} -i $OBJ/cert_user_key_${ktype} \
235	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1	235	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
236	if [ $? -ne 0 ]; then	236	if [ $? -ne 0 ]; then
237	fail "ssh cert connect failed"	237	fail "ssh cert connect failed"
@@ -246,7 +246,7 @@ basic_tests() {
246	echo "PubkeyAcceptedKeyTypes ${t}"	246	echo "PubkeyAcceptedKeyTypes ${t}"
247	echo "$extra_sshd"	247	echo "$extra_sshd"
248	) > $OBJ/sshd_proxy	248	) > $OBJ/sshd_proxy
249	${SSH} -2i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \	249	${SSH} -i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \
250	somehost true >/dev/null 2>&1	250	somehost true >/dev/null 2>&1
251	if [ $? -eq 0 ]; then	251	if [ $? -eq 0 ]; then
252	fail "ssh cert connect succeeded unexpecedly"	252	fail "ssh cert connect succeeded unexpecedly"
@@ -260,7 +260,7 @@ basic_tests() {
260	echo "$extra_sshd"	260	echo "$extra_sshd"
261	) > $OBJ/sshd_proxy	261	) > $OBJ/sshd_proxy
262	verbose "$tid: ensure CA key does not authenticate user"	262	verbose "$tid: ensure CA key does not authenticate user"
263	${SSH} -2i $OBJ/user_ca_key \	263	${SSH} -i $OBJ/user_ca_key \
264	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1	264	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
265	if [ $? -eq 0 ]; then	265	if [ $? -eq 0 ]; then
266	fail "ssh cert connect with CA key succeeded unexpectedly"	266	fail "ssh cert connect with CA key succeeded unexpectedly"
@@ -307,7 +307,7 @@ test_one() {
307	$sign_opts $OBJ/cert_user_key_${ktype} \|\|	307	$sign_opts $OBJ/cert_user_key_${ktype} \|\|
308	fail "couldn't sign cert_user_key_${ktype}"	308	fail "couldn't sign cert_user_key_${ktype}"
309		309
310	${SSH} -2i $OBJ/cert_user_key_${ktype} \	310	${SSH} -i $OBJ/cert_user_key_${ktype} \
311	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1	311	-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
312	rc=$?	312	rc=$?
313	if [ "x$result" = "xsuccess" ] ; then	313	if [ "x$result" = "xsuccess" ] ; then
@@ -378,7 +378,7 @@ for ktype in $PLAIN_TYPES ; do
378	-n $USER $OBJ/cert_user_key_${ktype} \|\|	378	-n $USER $OBJ/cert_user_key_${ktype} \|\|
379	fatal "couldn't sign cert_user_key_${ktype}"	379	fatal "couldn't sign cert_user_key_${ktype}"
380	verbose "$tid: user ${ktype} connect wrong cert"	380	verbose "$tid: user ${ktype} connect wrong cert"
381	${SSH} -2i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \	381	${SSH} -i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \
382	somehost true >/dev/null 2>&1	382	somehost true >/dev/null 2>&1
383	if [ $? -eq 0 ]; then	383	if [ $? -eq 0 ]; then
384	fail "ssh cert connect $ident succeeded unexpectedly"	384	fail "ssh cert connect $ident succeeded unexpectedly"