diff options
author | Colin Watson <cjwatson@debian.org> | 2011-09-06 14:56:29 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2011-09-06 14:56:29 +0100 |
commit | 978e62d6f14c60747bddef2cc72d66a9c8b83b54 (patch) | |
tree | 89400a44e42d84937deba7864e4964d6c7734da5 /regress | |
parent | 87c685b8c6a49814fd782288097b3093f975aa72 (diff) | |
parent | 3a7e89697ca363de0f64e0d5704c57219294e41c (diff) |
* New upstream release (http://www.openssh.org/txt/release-5.9).
- Introduce sandboxing of the pre-auth privsep child using an optional
sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
mandatory restrictions on the syscalls the privsep child can perform.
- Add new SHA256-based HMAC transport integrity modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
- The pre-authentication sshd(8) privilege separation slave process now
logs via a socket shared with the master process, avoiding the need to
maintain /dev/log inside the chroot (closes: #75043, #429243,
#599240).
- ssh(1) now warns when a server refuses X11 forwarding (closes:
#504757).
- sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
separated by whitespace (closes: #76312). The authorized_keys2
fallback is deprecated but documented (closes: #560156).
- ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
ToS/DSCP (closes: #498297).
- ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add
- < /path/to/key" (closes: #229124).
- Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
- Say "required" rather than "recommended" in unprotected-private-key
warning (LP: #663455).
Diffstat (limited to 'regress')
-rw-r--r-- | regress/README.regress | 6 | ||||
-rw-r--r-- | regress/cert-hostkey.sh | 2 | ||||
-rw-r--r-- | regress/cert-userkey.sh | 4 | ||||
-rw-r--r-- | regress/cfgmatch.sh | 66 | ||||
-rw-r--r-- | regress/cipher-speed.sh | 10 | ||||
-rw-r--r-- | regress/connect-privsep.sh | 14 | ||||
-rw-r--r-- | regress/dynamic-forward.sh | 23 | ||||
-rw-r--r-- | regress/test-exec.sh | 5 | ||||
-rw-r--r-- | regress/try-ciphers.sh | 4 |
9 files changed, 83 insertions, 51 deletions
diff --git a/regress/README.regress b/regress/README.regress index da9bb6a99..82e4cc751 100644 --- a/regress/README.regress +++ b/regress/README.regress | |||
@@ -93,10 +93,6 @@ Failed tests can be difficult to diagnose. Suggestions: | |||
93 | 93 | ||
94 | Known Issues. | 94 | Known Issues. |
95 | 95 | ||
96 | - If your build requires ssh-rand-helper regress tests will fail | ||
97 | unless ssh-rand-helper is in pre-installed (the path to | ||
98 | ssh-rand-helper is hard coded). | ||
99 | |||
100 | - Similarly, if you do not have "scp" in your system's $PATH then the | 96 | - Similarly, if you do not have "scp" in your system's $PATH then the |
101 | multiplex scp tests will fail (since the system's shell startup scripts | 97 | multiplex scp tests will fail (since the system's shell startup scripts |
102 | will determine where the shell started by sshd will look for scp). | 98 | will determine where the shell started by sshd will look for scp). |
@@ -105,4 +101,4 @@ Known Issues. | |||
105 | test to fail. The old behaviour can be restored by setting (and | 101 | test to fail. The old behaviour can be restored by setting (and |
106 | exporting) _POSIX2_VERSION=199209 before running the tests. | 102 | exporting) _POSIX2_VERSION=199209 before running the tests. |
107 | 103 | ||
108 | $Id: README.regress,v 1.11 2010/08/16 21:04:29 djm Exp $ | 104 | $Id: README.regress,v 1.12 2011/05/05 03:48:42 djm Exp $ |
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 3b147b9f7..6216abd87 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cert-hostkey.sh,v 1.5 2010/08/31 12:24:09 djm Exp $ | 1 | # $OpenBSD: cert-hostkey.sh,v 1.6 2011/05/20 02:43:36 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="certified host keys" | 4 | tid="certified host keys" |
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index fcca3708b..6700db274 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cert-userkey.sh,v 1.7 2010/08/31 12:24:09 djm Exp $ | 1 | # $OpenBSD: cert-userkey.sh,v 1.8 2011/05/17 07:13:31 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="certified user keys" | 4 | tid="certified user keys" |
@@ -27,7 +27,7 @@ for ktype in rsa dsa $ecdsa ; do | |||
27 | -n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype} || | 27 | -n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype} || |
28 | fail "couldn't sign cert_user_key_${ktype}" | 28 | fail "couldn't sign cert_user_key_${ktype}" |
29 | # v00 ecdsa certs do not exist | 29 | # v00 ecdsa certs do not exist |
30 | test "{ktype}" = "ecdsa" && continue | 30 | test "${ktype}" = "ecdsa" && continue |
31 | cp $OBJ/cert_user_key_${ktype} $OBJ/cert_user_key_${ktype}_v00 | 31 | cp $OBJ/cert_user_key_${ktype} $OBJ/cert_user_key_${ktype}_v00 |
32 | cp $OBJ/cert_user_key_${ktype}.pub $OBJ/cert_user_key_${ktype}_v00.pub | 32 | cp $OBJ/cert_user_key_${ktype}.pub $OBJ/cert_user_key_${ktype}_v00.pub |
33 | ${SSHKEYGEN} -q -t v00 -s $OBJ/user_ca_key -I \ | 33 | ${SSHKEYGEN} -q -t v00 -s $OBJ/user_ca_key -I \ |
diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh index 96badd51b..0603fab64 100644 --- a/regress/cfgmatch.sh +++ b/regress/cfgmatch.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cfgmatch.sh,v 1.4 2006/12/13 08:36:36 dtucker Exp $ | 1 | # $OpenBSD: cfgmatch.sh,v 1.6 2011/06/03 05:35:10 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="sshd_config match" | 4 | tid="sshd_config match" |
@@ -7,6 +7,28 @@ pidfile=$OBJ/remote_pid | |||
7 | fwdport=3301 | 7 | fwdport=3301 |
8 | fwd="-L $fwdport:127.0.0.1:$PORT" | 8 | fwd="-L $fwdport:127.0.0.1:$PORT" |
9 | 9 | ||
10 | echo "ExitOnForwardFailure=yes" >> $OBJ/ssh_config | ||
11 | echo "ExitOnForwardFailure=yes" >> $OBJ/ssh_proxy | ||
12 | |||
13 | start_client() | ||
14 | { | ||
15 | rm -f $pidfile | ||
16 | ${SSH} -q -$p $fwd "$@" somehost \ | ||
17 | exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' \ | ||
18 | >>$TEST_SSH_LOGFILE 2>&1 & | ||
19 | client_pid=$! | ||
20 | # Wait for remote end | ||
21 | n=0 | ||
22 | while test ! -f $pidfile ; do | ||
23 | sleep 1 | ||
24 | n=`expr $n + 1` | ||
25 | if test $n -gt 60; then | ||
26 | kill $client_pid | ||
27 | fatal "timeout waiting for background ssh" | ||
28 | fi | ||
29 | done | ||
30 | } | ||
31 | |||
10 | stop_client() | 32 | stop_client() |
11 | { | 33 | { |
12 | pid=`cat $pidfile` | 34 | pid=`cat $pidfile` |
@@ -14,11 +36,15 @@ stop_client() | |||
14 | kill $pid | 36 | kill $pid |
15 | sleep 1 | 37 | sleep 1 |
16 | fi | 38 | fi |
39 | wait | ||
17 | } | 40 | } |
18 | 41 | ||
19 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak | 42 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak |
20 | 43 | grep -v AuthorizedKeysFile $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy | |
44 | echo "AuthorizedKeysFile /dev/null" >>$OBJ/sshd_proxy | ||
21 | echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_config | 45 | echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_config |
46 | echo "Match user $USER" >>$OBJ/sshd_proxy | ||
47 | echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy | ||
22 | echo "Match Address 127.0.0.1" >>$OBJ/sshd_config | 48 | echo "Match Address 127.0.0.1" >>$OBJ/sshd_config |
23 | echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_config | 49 | echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_config |
24 | 50 | ||
@@ -32,12 +58,8 @@ start_sshd | |||
32 | 58 | ||
33 | # Test Match + PermitOpen in sshd_config. This should be permitted | 59 | # Test Match + PermitOpen in sshd_config. This should be permitted |
34 | for p in 1 2; do | 60 | for p in 1 2; do |
35 | rm -f $pidfile | ||
36 | trace "match permitopen localhost proto $p" | 61 | trace "match permitopen localhost proto $p" |
37 | ${SSH} -$p $fwd -F $OBJ/ssh_config -f somehost \ | 62 | start_client -F $OBJ/ssh_config |
38 | exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\ | ||
39 | fail "match permitopen proto $p sshd failed" | ||
40 | sleep 1; | ||
41 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ | 63 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ |
42 | fail "match permitopen permit proto $p" | 64 | fail "match permitopen permit proto $p" |
43 | stop_client | 65 | stop_client |
@@ -45,12 +67,8 @@ done | |||
45 | 67 | ||
46 | # Same but from different source. This should not be permitted | 68 | # Same but from different source. This should not be permitted |
47 | for p in 1 2; do | 69 | for p in 1 2; do |
48 | rm -f $pidfile | ||
49 | trace "match permitopen proxy proto $p" | 70 | trace "match permitopen proxy proto $p" |
50 | ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \ | 71 | start_client -F $OBJ/ssh_proxy |
51 | exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\ | ||
52 | fail "match permitopen proxy proto $p sshd failed" | ||
53 | sleep 1; | ||
54 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ | 72 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ |
55 | fail "match permitopen deny proto $p" | 73 | fail "match permitopen deny proto $p" |
56 | stop_client | 74 | stop_client |
@@ -62,12 +80,8 @@ cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER | |||
62 | echon 'permitopen="127.0.0.1:'$PORT'" ' >>$OBJ/authorized_keys_$USER | 80 | echon 'permitopen="127.0.0.1:'$PORT'" ' >>$OBJ/authorized_keys_$USER |
63 | cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER | 81 | cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER |
64 | for p in 1 2; do | 82 | for p in 1 2; do |
65 | rm -f $pidfile | ||
66 | trace "match permitopen proxy w/key opts proto $p" | 83 | trace "match permitopen proxy w/key opts proto $p" |
67 | ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \ | 84 | start_client -F $OBJ/ssh_proxy |
68 | exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\ | ||
69 | fail "match permitopen w/key opt proto $p sshd failed" | ||
70 | sleep 1; | ||
71 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ | 85 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ |
72 | fail "match permitopen deny w/key opt proto $p" | 86 | fail "match permitopen deny w/key opt proto $p" |
73 | stop_client | 87 | stop_client |
@@ -76,12 +90,8 @@ done | |||
76 | # Test both sshd_config and key options permitting the same dst/port pair. | 90 | # Test both sshd_config and key options permitting the same dst/port pair. |
77 | # Should be permitted. | 91 | # Should be permitted. |
78 | for p in 1 2; do | 92 | for p in 1 2; do |
79 | rm -f $pidfile | ||
80 | trace "match permitopen localhost proto $p" | 93 | trace "match permitopen localhost proto $p" |
81 | ${SSH} -$p $fwd -F $OBJ/ssh_config -f somehost \ | 94 | start_client -F $OBJ/ssh_config |
82 | exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\ | ||
83 | fail "match permitopen proto $p sshd failed" | ||
84 | sleep 1; | ||
85 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ | 95 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ |
86 | fail "match permitopen permit proto $p" | 96 | fail "match permitopen permit proto $p" |
87 | stop_client | 97 | stop_client |
@@ -94,12 +104,8 @@ echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy | |||
94 | 104 | ||
95 | # Test that a Match overrides a PermitOpen in the global section | 105 | # Test that a Match overrides a PermitOpen in the global section |
96 | for p in 1 2; do | 106 | for p in 1 2; do |
97 | rm -f $pidfile | ||
98 | trace "match permitopen proxy w/key opts proto $p" | 107 | trace "match permitopen proxy w/key opts proto $p" |
99 | ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \ | 108 | start_client -F $OBJ/ssh_proxy |
100 | exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\ | ||
101 | fail "match override permitopen proto $p sshd failed" | ||
102 | sleep 1; | ||
103 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ | 109 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ |
104 | fail "match override permitopen proto $p" | 110 | fail "match override permitopen proto $p" |
105 | stop_client | 111 | stop_client |
@@ -113,12 +119,8 @@ echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy | |||
113 | # Test that a rule that doesn't match doesn't override, plus test a | 119 | # Test that a rule that doesn't match doesn't override, plus test a |
114 | # PermitOpen entry that's not at the start of the list | 120 | # PermitOpen entry that's not at the start of the list |
115 | for p in 1 2; do | 121 | for p in 1 2; do |
116 | rm -f $pidfile | ||
117 | trace "nomatch permitopen proxy w/key opts proto $p" | 122 | trace "nomatch permitopen proxy w/key opts proto $p" |
118 | ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \ | 123 | start_client -F $OBJ/ssh_proxy |
119 | exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\ | ||
120 | fail "nomatch override permitopen proto $p sshd failed" | ||
121 | sleep 1; | ||
122 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ | 124 | ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ |
123 | fail "nomatch override permitopen proto $p" | 125 | fail "nomatch override permitopen proto $p" |
124 | stop_client | 126 | stop_client |
diff --git a/regress/cipher-speed.sh b/regress/cipher-speed.sh index 85de6d585..257afd179 100644 --- a/regress/cipher-speed.sh +++ b/regress/cipher-speed.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cipher-speed.sh,v 1.3 2007/06/07 19:41:46 pvalchev Exp $ | 1 | # $OpenBSD: cipher-speed.sh,v 1.4 2011/08/02 01:23:41 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="cipher speed" | 4 | tid="cipher speed" |
@@ -12,9 +12,13 @@ tries="1 2" | |||
12 | DATA=/bin/ls | 12 | DATA=/bin/ls |
13 | DATA=/bsd | 13 | DATA=/bsd |
14 | 14 | ||
15 | macs="hmac-sha1 hmac-md5 umac-64@openssh.com hmac-sha1-96 hmac-md5-96" | ||
16 | ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc | 15 | ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc |
17 | arcfour128 arcfour256 arcfour aes192-cbc aes256-cbc aes128-ctr" | 16 | arcfour128 arcfour256 arcfour |
17 | aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se | ||
18 | aes128-ctr aes192-ctr aes256-ctr" | ||
19 | macs="hmac-sha1 hmac-md5 umac-64@openssh.com hmac-sha1-96 hmac-md5-96" | ||
20 | config_defined HAVE_EVP_SHA256 && | ||
21 | macs="$macs hmac-sha2-256 hmac-sha2-256-96 hmac-sha2-512 hmac-sha2-512-96" | ||
18 | 22 | ||
19 | for c in $ciphers; do for m in $macs; do | 23 | for c in $ciphers; do for m in $macs; do |
20 | trace "proto 2 cipher $c mac $m" | 24 | trace "proto 2 cipher $c mac $m" |
diff --git a/regress/connect-privsep.sh b/regress/connect-privsep.sh index d23cadba5..11fb9aef9 100644 --- a/regress/connect-privsep.sh +++ b/regress/connect-privsep.sh | |||
@@ -1,8 +1,9 @@ | |||
1 | # $OpenBSD: connect-privsep.sh,v 1.1 2002/03/21 21:45:07 markus Exp $ | 1 | # $OpenBSD: connect-privsep.sh,v 1.2 2011/06/30 22:44:43 markus Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="proxy connect with privsep" | 4 | tid="proxy connect with privsep" |
5 | 5 | ||
6 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig | ||
6 | echo 'UsePrivilegeSeparation yes' >> $OBJ/sshd_proxy | 7 | echo 'UsePrivilegeSeparation yes' >> $OBJ/sshd_proxy |
7 | 8 | ||
8 | for p in 1 2; do | 9 | for p in 1 2; do |
@@ -11,3 +12,14 @@ for p in 1 2; do | |||
11 | fail "ssh privsep+proxyconnect protocol $p failed" | 12 | fail "ssh privsep+proxyconnect protocol $p failed" |
12 | fi | 13 | fi |
13 | done | 14 | done |
15 | |||
16 | cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy | ||
17 | echo 'UsePrivilegeSeparation sandbox' >> $OBJ/sshd_proxy | ||
18 | |||
19 | for p in 1 2; do | ||
20 | ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true | ||
21 | if [ $? -ne 0 ]; then | ||
22 | # XXX replace this with fail once sandbox has stabilised | ||
23 | warn "ssh privsep/sandbox+proxyconnect protocol $p failed" | ||
24 | fi | ||
25 | done | ||
diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh index 4674a7baf..d1ab8059b 100644 --- a/regress/dynamic-forward.sh +++ b/regress/dynamic-forward.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: dynamic-forward.sh,v 1.4 2004/06/22 22:55:56 dtucker Exp $ | 1 | # $OpenBSD: dynamic-forward.sh,v 1.9 2011/06/03 00:29:52 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="dynamic forwarding" | 4 | tid="dynamic forwarding" |
@@ -20,9 +20,23 @@ trace "will use ProxyCommand $proxycmd" | |||
20 | start_sshd | 20 | start_sshd |
21 | 21 | ||
22 | for p in 1 2; do | 22 | for p in 1 2; do |
23 | n=0 | ||
24 | error="1" | ||
23 | trace "start dynamic forwarding, fork to background" | 25 | trace "start dynamic forwarding, fork to background" |
24 | ${SSH} -$p -F $OBJ/ssh_config -f -D $FWDPORT -q somehost \ | 26 | while [ "$error" -ne 0 -a "$n" -lt 3 ]; do |
25 | exec sh -c \'"echo \$\$ > $OBJ/remote_pid; exec sleep 444"\' | 27 | n=`expr $n + 1` |
28 | ${SSH} -$p -F $OBJ/ssh_config -f -D $FWDPORT -q \ | ||
29 | -oExitOnForwardFailure=yes somehost exec sh -c \ | ||
30 | \'"echo \$\$ > $OBJ/remote_pid; exec sleep 444"\' | ||
31 | error=$? | ||
32 | if [ "$error" -ne 0 ]; then | ||
33 | trace "forward failed proto $p attempt $n err $error" | ||
34 | sleep $n | ||
35 | fi | ||
36 | done | ||
37 | if [ "$error" -ne 0 ]; then | ||
38 | fatal "failed to start dynamic forwarding proto $p" | ||
39 | fi | ||
26 | 40 | ||
27 | for s in 4 5; do | 41 | for s in 4 5; do |
28 | for h in 127.0.0.1 localhost; do | 42 | for h in 127.0.0.1 localhost; do |
@@ -44,7 +58,4 @@ for p in 1 2; do | |||
44 | else | 58 | else |
45 | fail "no pid file: $OBJ/remote_pid" | 59 | fail "no pid file: $OBJ/remote_pid" |
46 | fi | 60 | fi |
47 | |||
48 | # Must allow time for connection tear-down | ||
49 | sleep 2 | ||
50 | done | 61 | done |
diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 5c56aefff..092cfed5b 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh | |||
@@ -204,6 +204,11 @@ verbose () | |||
204 | fi | 204 | fi |
205 | } | 205 | } |
206 | 206 | ||
207 | warn () | ||
208 | { | ||
209 | echo "WARNING: $@" >>$TEST_SSH_LOGFILE | ||
210 | echo "WARNING: $@" | ||
211 | } | ||
207 | 212 | ||
208 | fail () | 213 | fail () |
209 | { | 214 | { |
diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh index ef776d2ee..0918d2245 100644 --- a/regress/try-ciphers.sh +++ b/regress/try-ciphers.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: try-ciphers.sh,v 1.11 2007/06/07 19:41:46 pvalchev Exp $ | 1 | # $OpenBSD: try-ciphers.sh,v 1.12 2011/08/02 01:23:41 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="try ciphers" | 4 | tid="try ciphers" |
@@ -8,6 +8,8 @@ ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc | |||
8 | aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se | 8 | aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se |
9 | aes128-ctr aes192-ctr aes256-ctr" | 9 | aes128-ctr aes192-ctr aes256-ctr" |
10 | macs="hmac-sha1 hmac-md5 umac-64@openssh.com hmac-sha1-96 hmac-md5-96" | 10 | macs="hmac-sha1 hmac-md5 umac-64@openssh.com hmac-sha1-96 hmac-md5-96" |
11 | config_defined HAVE_EVP_SHA256 && | ||
12 | macs="$macs hmac-sha2-256 hmac-sha2-256-96 hmac-sha2-512 hmac-sha2-512-96" | ||
11 | 13 | ||
12 | for c in $ciphers; do | 14 | for c in $ciphers; do |
13 | for m in $macs; do | 15 | for m in $macs; do |