diff options
author | Colin Watson <cjwatson@debian.org> | 2011-09-06 14:56:29 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2011-09-06 14:56:29 +0100 |
commit | 978e62d6f14c60747bddef2cc72d66a9c8b83b54 (patch) | |
tree | 89400a44e42d84937deba7864e4964d6c7734da5 /regress/dynamic-forward.sh | |
parent | 87c685b8c6a49814fd782288097b3093f975aa72 (diff) | |
parent | 3a7e89697ca363de0f64e0d5704c57219294e41c (diff) |
* New upstream release (http://www.openssh.org/txt/release-5.9).
- Introduce sandboxing of the pre-auth privsep child using an optional
sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
mandatory restrictions on the syscalls the privsep child can perform.
- Add new SHA256-based HMAC transport integrity modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
- The pre-authentication sshd(8) privilege separation slave process now
logs via a socket shared with the master process, avoiding the need to
maintain /dev/log inside the chroot (closes: #75043, #429243,
#599240).
- ssh(1) now warns when a server refuses X11 forwarding (closes:
#504757).
- sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
separated by whitespace (closes: #76312). The authorized_keys2
fallback is deprecated but documented (closes: #560156).
- ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
ToS/DSCP (closes: #498297).
- ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add
- < /path/to/key" (closes: #229124).
- Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
- Say "required" rather than "recommended" in unprotected-private-key
warning (LP: #663455).
Diffstat (limited to 'regress/dynamic-forward.sh')
-rw-r--r-- | regress/dynamic-forward.sh | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh index 4674a7baf..d1ab8059b 100644 --- a/regress/dynamic-forward.sh +++ b/regress/dynamic-forward.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: dynamic-forward.sh,v 1.4 2004/06/22 22:55:56 dtucker Exp $ | 1 | # $OpenBSD: dynamic-forward.sh,v 1.9 2011/06/03 00:29:52 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="dynamic forwarding" | 4 | tid="dynamic forwarding" |
@@ -20,9 +20,23 @@ trace "will use ProxyCommand $proxycmd" | |||
20 | start_sshd | 20 | start_sshd |
21 | 21 | ||
22 | for p in 1 2; do | 22 | for p in 1 2; do |
23 | n=0 | ||
24 | error="1" | ||
23 | trace "start dynamic forwarding, fork to background" | 25 | trace "start dynamic forwarding, fork to background" |
24 | ${SSH} -$p -F $OBJ/ssh_config -f -D $FWDPORT -q somehost \ | 26 | while [ "$error" -ne 0 -a "$n" -lt 3 ]; do |
25 | exec sh -c \'"echo \$\$ > $OBJ/remote_pid; exec sleep 444"\' | 27 | n=`expr $n + 1` |
28 | ${SSH} -$p -F $OBJ/ssh_config -f -D $FWDPORT -q \ | ||
29 | -oExitOnForwardFailure=yes somehost exec sh -c \ | ||
30 | \'"echo \$\$ > $OBJ/remote_pid; exec sleep 444"\' | ||
31 | error=$? | ||
32 | if [ "$error" -ne 0 ]; then | ||
33 | trace "forward failed proto $p attempt $n err $error" | ||
34 | sleep $n | ||
35 | fi | ||
36 | done | ||
37 | if [ "$error" -ne 0 ]; then | ||
38 | fatal "failed to start dynamic forwarding proto $p" | ||
39 | fi | ||
26 | 40 | ||
27 | for s in 4 5; do | 41 | for s in 4 5; do |
28 | for h in 127.0.0.1 localhost; do | 42 | for h in 127.0.0.1 localhost; do |
@@ -44,7 +58,4 @@ for p in 1 2; do | |||
44 | else | 58 | else |
45 | fail "no pid file: $OBJ/remote_pid" | 59 | fail "no pid file: $OBJ/remote_pid" |
46 | fi | 60 | fi |
47 | |||
48 | # Must allow time for connection tear-down | ||
49 | sleep 2 | ||
50 | done | 61 | done |