diff options
Diffstat (limited to 'regress/limit-keytype.sh')
| -rw-r--r-- | regress/limit-keytype.sh | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/regress/limit-keytype.sh b/regress/limit-keytype.sh index 5c30af006..010a88cd7 100644 --- a/regress/limit-keytype.sh +++ b/regress/limit-keytype.sh | |||
| @@ -1,20 +1,25 @@ | |||
| 1 | # $OpenBSD: limit-keytype.sh,v 1.6 2019/07/26 04:22:21 dtucker Exp $ | 1 | # $OpenBSD: limit-keytype.sh,v 1.9 2019/12/16 02:39:05 djm Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="restrict pubkey type" | 4 | tid="restrict pubkey type" |
| 5 | 5 | ||
| 6 | # XXX sk-* keys aren't actually tested ATM. | ||
| 7 | |||
| 6 | rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/user_key* | 8 | rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/user_key* |
| 7 | rm -f $OBJ/authorized_principals_$USER $OBJ/cert_user_key* | 9 | rm -f $OBJ/authorized_principals_$USER $OBJ/cert_user_key* |
| 8 | 10 | ||
| 9 | mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig | 11 | mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig |
| 10 | mv $OBJ/ssh_proxy $OBJ/ssh_proxy.orig | 12 | mv $OBJ/ssh_proxy $OBJ/ssh_proxy.orig |
| 11 | 13 | ||
| 12 | ktype1=ed25519; ktype2=$ktype1; ktype3=$ktype1; ktype4=$ktype1 | 14 | ktype1=ed25519; ktype2=ed25519; ktype3=ed25519; |
| 13 | for t in `${SSH} -Q key-plain`; do | 15 | ktype4=ed25519; ktype5=ed25519; ktype6=ed25519; |
| 16 | for t in $SSH_KEYTYPES ; do | ||
| 14 | case "$t" in | 17 | case "$t" in |
| 15 | ssh-rsa) ktype2=rsa ;; | 18 | ssh-rsa) ktype2=rsa ;; |
| 16 | ecdsa*) ktype3=ecdsa ;; # unused | 19 | ecdsa*) ktype3=ecdsa ;; # unused |
| 17 | ssh-dss) ktype4=dsa ;; | 20 | ssh-dss) ktype4=dsa ;; |
| 21 | sk-ssh-ed25519@openssh.com) ktype5=ed25519-sk ;; | ||
| 22 | sk-ecdsa-sha2-nistp256@openssh.com) ktype6=ecdsa-sk ;; | ||
| 18 | esac | 23 | esac |
| 19 | done | 24 | done |
| 20 | 25 | ||
| @@ -31,6 +36,10 @@ ${SSHKEYGEN} -q -N '' -t $ktype2 -f $OBJ/user_key3 || \ | |||
| 31 | fatal "ssh-keygen failed" | 36 | fatal "ssh-keygen failed" |
| 32 | ${SSHKEYGEN} -q -N '' -t $ktype4 -f $OBJ/user_key4 || \ | 37 | ${SSHKEYGEN} -q -N '' -t $ktype4 -f $OBJ/user_key4 || \ |
| 33 | fatal "ssh-keygen failed" | 38 | fatal "ssh-keygen failed" |
| 39 | ${SSHKEYGEN} -q -N '' -t $ktype5 -f $OBJ/user_key5 || \ | ||
| 40 | fatal "ssh-keygen failed" | ||
| 41 | ${SSHKEYGEN} -q -N '' -t $ktype6 -f $OBJ/user_key6 || \ | ||
| 42 | fatal "ssh-keygen failed" | ||
| 34 | ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \ | 43 | ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \ |
| 35 | -z $$ -n ${USER},mekmitasdigoat $OBJ/user_key3 || | 44 | -z $$ -n ${USER},mekmitasdigoat $OBJ/user_key3 || |
| 36 | fatal "couldn't sign user_key1" | 45 | fatal "couldn't sign user_key1" |
| @@ -68,6 +77,8 @@ keytype() { | |||
| 68 | ed25519) printf "ssh-ed25519" ;; | 77 | ed25519) printf "ssh-ed25519" ;; |
| 69 | dsa) printf "ssh-dss" ;; | 78 | dsa) printf "ssh-dss" ;; |
| 70 | rsa) printf "rsa-sha2-256,rsa-sha2-512,ssh-rsa" ;; | 79 | rsa) printf "rsa-sha2-256,rsa-sha2-512,ssh-rsa" ;; |
| 80 | sk-ecdsa) printf "sk-ecdsa-*" ;; | ||
| 81 | sk-ssh-ed25519) printf "sk-ssh-ed25519-*" ;; | ||
| 71 | esac | 82 | esac |
| 72 | } | 83 | } |
| 73 | 84 | ||