diff options
Diffstat (limited to 'regress')
-rw-r--r-- | regress/agent-getpeereid.sh | 4 | ||||
-rw-r--r-- | regress/agent-pkcs11.sh | 4 | ||||
-rw-r--r-- | regress/agent-ptrace.sh | 2 | ||||
-rw-r--r-- | regress/agent-timeout.sh | 4 | ||||
-rw-r--r-- | regress/agent.sh | 10 | ||||
-rw-r--r-- | regress/cert-file.sh | 4 | ||||
-rw-r--r-- | regress/cert-hostkey.sh | 6 | ||||
-rw-r--r-- | regress/cert-userkey.sh | 10 | ||||
-rw-r--r-- | regress/hostkey-agent.sh | 8 | ||||
-rw-r--r-- | regress/hostkey-rotate.sh | 11 | ||||
-rw-r--r-- | regress/keygen-change.sh | 5 | ||||
-rw-r--r-- | regress/keyscan.sh | 4 | ||||
-rw-r--r-- | regress/keytype.sh | 51 | ||||
-rw-r--r-- | regress/krl.sh | 22 | ||||
-rw-r--r-- | regress/limit-keytype.sh | 17 | ||||
-rw-r--r-- | regress/principals-command.sh | 2 | ||||
-rw-r--r-- | regress/sshsig.sh | 4 | ||||
-rw-r--r-- | regress/test-exec.sh | 48 |
18 files changed, 142 insertions, 74 deletions
diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh index 769c29e8d..524340816 100644 --- a/regress/agent-getpeereid.sh +++ b/regress/agent-getpeereid.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: agent-getpeereid.sh,v 1.10 2018/02/09 03:40:22 dtucker Exp $ | 1 | # $OpenBSD: agent-getpeereid.sh,v 1.11 2019/11/26 23:43:10 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="disallow agent attach from other uid" | 4 | tid="disallow agent attach from other uid" |
@@ -26,7 +26,7 @@ case "x$SUDO" in | |||
26 | esac | 26 | esac |
27 | 27 | ||
28 | trace "start agent" | 28 | trace "start agent" |
29 | eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null | 29 | eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s -a ${ASOCK}` > /dev/null |
30 | r=$? | 30 | r=$? |
31 | if [ $r -ne 0 ]; then | 31 | if [ $r -ne 0 ]; then |
32 | fail "could not start ssh-agent: exit code $r" | 32 | fail "could not start ssh-agent: exit code $r" |
diff --git a/regress/agent-pkcs11.sh b/regress/agent-pkcs11.sh index 5205d9067..fbbaea518 100644 --- a/regress/agent-pkcs11.sh +++ b/regress/agent-pkcs11.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: agent-pkcs11.sh,v 1.6 2019/01/21 09:13:41 djm Exp $ | 1 | # $OpenBSD: agent-pkcs11.sh,v 1.7 2019/11/26 23:43:10 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="pkcs11 agent test" | 4 | tid="pkcs11 agent test" |
@@ -75,7 +75,7 @@ openssl pkcs8 -nocrypt -in $EC |\ | |||
75 | softhsm2-util --slot "$slot" --label 02 --id 02 --pin "$TEST_SSH_PIN" --import /dev/stdin | 75 | softhsm2-util --slot "$slot" --label 02 --id 02 --pin "$TEST_SSH_PIN" --import /dev/stdin |
76 | 76 | ||
77 | trace "start agent" | 77 | trace "start agent" |
78 | eval `${SSHAGENT} -s` > /dev/null | 78 | eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null |
79 | r=$? | 79 | r=$? |
80 | if [ $r -ne 0 ]; then | 80 | if [ $r -ne 0 ]; then |
81 | fail "could not start ssh-agent: exit code $r" | 81 | fail "could not start ssh-agent: exit code $r" |
diff --git a/regress/agent-ptrace.sh b/regress/agent-ptrace.sh index 2d795ee32..9cd68d7ec 100644 --- a/regress/agent-ptrace.sh +++ b/regress/agent-ptrace.sh | |||
@@ -41,7 +41,7 @@ else | |||
41 | fi | 41 | fi |
42 | 42 | ||
43 | trace "start agent" | 43 | trace "start agent" |
44 | eval `${SSHAGENT} -s` > /dev/null | 44 | eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null |
45 | r=$? | 45 | r=$? |
46 | if [ $r -ne 0 ]; then | 46 | if [ $r -ne 0 ]; then |
47 | fail "could not start ssh-agent: exit code $r" | 47 | fail "could not start ssh-agent: exit code $r" |
diff --git a/regress/agent-timeout.sh b/regress/agent-timeout.sh index 311c7bcba..6dec09285 100644 --- a/regress/agent-timeout.sh +++ b/regress/agent-timeout.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: agent-timeout.sh,v 1.5 2019/09/03 08:37:06 djm Exp $ | 1 | # $OpenBSD: agent-timeout.sh,v 1.6 2019/11/26 23:43:10 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="agent timeout test" | 4 | tid="agent timeout test" |
@@ -6,7 +6,7 @@ tid="agent timeout test" | |||
6 | SSHAGENT_TIMEOUT=10 | 6 | SSHAGENT_TIMEOUT=10 |
7 | 7 | ||
8 | trace "start agent" | 8 | trace "start agent" |
9 | eval `${SSHAGENT} -s` > /dev/null | 9 | eval `${SSHAGENT} -s ${EXTRA_AGENT_ARGS}` > /dev/null |
10 | r=$? | 10 | r=$? |
11 | if [ $r -ne 0 ]; then | 11 | if [ $r -ne 0 ]; then |
12 | fail "could not start ssh-agent: exit code $r" | 12 | fail "could not start ssh-agent: exit code $r" |
diff --git a/regress/agent.sh b/regress/agent.sh index 48fa12b0e..922d8436e 100644 --- a/regress/agent.sh +++ b/regress/agent.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: agent.sh,v 1.15 2019/07/23 07:39:43 dtucker Exp $ | 1 | # $OpenBSD: agent.sh,v 1.16 2019/11/26 23:43:10 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="simple agent test" | 4 | tid="simple agent test" |
@@ -8,8 +8,8 @@ if [ $? -ne 2 ]; then | |||
8 | fail "ssh-add -l did not fail with exit code 2" | 8 | fail "ssh-add -l did not fail with exit code 2" |
9 | fi | 9 | fi |
10 | 10 | ||
11 | trace "start agent" | 11 | trace "start agent, args ${EXTRA_AGENT_ARGS} -s" |
12 | eval `${SSHAGENT} -s` > /dev/null | 12 | eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null |
13 | r=$? | 13 | r=$? |
14 | if [ $r -ne 0 ]; then | 14 | if [ $r -ne 0 ]; then |
15 | fatal "could not start ssh-agent: exit code $r" | 15 | fatal "could not start ssh-agent: exit code $r" |
@@ -39,9 +39,9 @@ for t in ${SSH_KEYTYPES}; do | |||
39 | # add to authorized keys | 39 | # add to authorized keys |
40 | cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER | 40 | cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER |
41 | # add privat key to agent | 41 | # add privat key to agent |
42 | ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1 | 42 | ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1 |
43 | if [ $? -ne 0 ]; then | 43 | if [ $? -ne 0 ]; then |
44 | fail "ssh-add did succeed exit code 0" | 44 | fail "ssh-add failed exit code $?" |
45 | fi | 45 | fi |
46 | # Remove private key to ensure that we aren't accidentally using it. | 46 | # Remove private key to ensure that we aren't accidentally using it. |
47 | rm -f $OBJ/$t-agent | 47 | rm -f $OBJ/$t-agent |
diff --git a/regress/cert-file.sh b/regress/cert-file.sh index 1157a3582..94e672a99 100644 --- a/regress/cert-file.sh +++ b/regress/cert-file.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cert-file.sh,v 1.7 2018/04/10 00:14:10 djm Exp $ | 1 | # $OpenBSD: cert-file.sh,v 1.8 2019/11/26 23:43:10 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="ssh with certificates" | 4 | tid="ssh with certificates" |
@@ -120,7 +120,7 @@ if [ $? -ne 2 ]; then | |||
120 | fi | 120 | fi |
121 | 121 | ||
122 | trace "start agent" | 122 | trace "start agent" |
123 | eval `${SSHAGENT} -s` > /dev/null | 123 | eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null |
124 | r=$? | 124 | r=$? |
125 | if [ $r -ne 0 ]; then | 125 | if [ $r -ne 0 ]; then |
126 | fatal "could not start ssh-agent: exit code $r" | 126 | fatal "could not start ssh-agent: exit code $r" |
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 82195b11b..dc40b782a 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cert-hostkey.sh,v 1.19 2019/11/01 01:55:41 djm Exp $ | 1 | # $OpenBSD: cert-hostkey.sh,v 1.20 2019/11/26 23:43:10 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="certified host keys" | 4 | tid="certified host keys" |
@@ -9,7 +9,7 @@ rm -f $OBJ/cert_host_key* $OBJ/host_krl_* | |||
9 | # Allow all hostkey/pubkey types, prefer certs for the client | 9 | # Allow all hostkey/pubkey types, prefer certs for the client |
10 | rsa=0 | 10 | rsa=0 |
11 | types="" | 11 | types="" |
12 | for i in `$SSH -Q key | grep -v ^sk-`; do | 12 | for i in `$SSH -Q key | filter_sk`; do |
13 | if [ -z "$types" ]; then | 13 | if [ -z "$types" ]; then |
14 | types="$i" | 14 | types="$i" |
15 | continue | 15 | continue |
@@ -70,7 +70,7 @@ touch $OBJ/host_revoked_plain | |||
70 | touch $OBJ/host_revoked_cert | 70 | touch $OBJ/host_revoked_cert |
71 | cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca | 71 | cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca |
72 | 72 | ||
73 | PLAIN_TYPES=`$SSH -Q key-plain | grep -v ^sk- | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'` | 73 | PLAIN_TYPES=`$SSH -Q key-plain | filter_sk | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'` |
74 | 74 | ||
75 | if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then | 75 | if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then |
76 | PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512" | 76 | PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512" |
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 51ac8dcb9..d6e293d57 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cert-userkey.sh,v 1.22 2019/11/01 01:55:41 djm Exp $ | 1 | # $OpenBSD: cert-userkey.sh,v 1.23 2019/11/26 23:43:10 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="certified user keys" | 4 | tid="certified user keys" |
@@ -7,7 +7,7 @@ rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/cert_user_key* | |||
7 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak | 7 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak |
8 | cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak | 8 | cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak |
9 | 9 | ||
10 | PLAIN_TYPES=`$SSH -Q key-plain | grep -v ^sk- | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'` | 10 | PLAIN_TYPES=`$SSH -Q key-plain | maybe_filter_sk | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'` |
11 | EXTRA_TYPES="" | 11 | EXTRA_TYPES="" |
12 | rsa="" | 12 | rsa="" |
13 | 13 | ||
@@ -17,8 +17,10 @@ if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then | |||
17 | fi | 17 | fi |
18 | 18 | ||
19 | kname() { | 19 | kname() { |
20 | case $ktype in | 20 | case $1 in |
21 | rsa-sha2-*) n="$ktype" ;; | 21 | rsa-sha2-*) n="$1" ;; |
22 | sk-ecdsa-*) n="sk-ecdsa" ;; | ||
23 | sk-ssh-ed25519*) n="sk-ssh-ed25519" ;; | ||
22 | # subshell because some seds will add a newline | 24 | # subshell because some seds will add a newline |
23 | *) n=$(echo $1 | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/') ;; | 25 | *) n=$(echo $1 | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/') ;; |
24 | esac | 26 | esac |
diff --git a/regress/hostkey-agent.sh b/regress/hostkey-agent.sh index c581c7bfd..af2ed7806 100644 --- a/regress/hostkey-agent.sh +++ b/regress/hostkey-agent.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: hostkey-agent.sh,v 1.8 2019/11/01 01:55:41 djm Exp $ | 1 | # $OpenBSD: hostkey-agent.sh,v 1.9 2019/11/26 23:43:10 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="hostkey agent" | 4 | tid="hostkey agent" |
@@ -6,7 +6,7 @@ tid="hostkey agent" | |||
6 | rm -f $OBJ/agent-key.* $OBJ/ssh_proxy.orig $OBJ/known_hosts.orig | 6 | rm -f $OBJ/agent-key.* $OBJ/ssh_proxy.orig $OBJ/known_hosts.orig |
7 | 7 | ||
8 | trace "start agent" | 8 | trace "start agent" |
9 | eval `${SSHAGENT} -s` > /dev/null | 9 | eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null |
10 | r=$? | 10 | r=$? |
11 | [ $r -ne 0 ] && fatal "could not start ssh-agent: exit code $r" | 11 | [ $r -ne 0 ] && fatal "could not start ssh-agent: exit code $r" |
12 | 12 | ||
@@ -14,7 +14,7 @@ grep -vi 'hostkey' $OBJ/sshd_proxy > $OBJ/sshd_proxy.orig | |||
14 | echo "HostKeyAgent $SSH_AUTH_SOCK" >> $OBJ/sshd_proxy.orig | 14 | echo "HostKeyAgent $SSH_AUTH_SOCK" >> $OBJ/sshd_proxy.orig |
15 | 15 | ||
16 | trace "load hostkeys" | 16 | trace "load hostkeys" |
17 | for k in `${SSH} -Q key-plain | grep -v ^sk-` ; do | 17 | for k in `${SSH} -Q key-plain | filter_sk` ; do |
18 | ${SSHKEYGEN} -qt $k -f $OBJ/agent-key.$k -N '' || fatal "ssh-keygen $k" | 18 | ${SSHKEYGEN} -qt $k -f $OBJ/agent-key.$k -N '' || fatal "ssh-keygen $k" |
19 | ( | 19 | ( |
20 | printf 'localhost-with-alias,127.0.0.1,::1 ' | 20 | printf 'localhost-with-alias,127.0.0.1,::1 ' |
@@ -31,7 +31,7 @@ cp $OBJ/known_hosts.orig $OBJ/known_hosts | |||
31 | unset SSH_AUTH_SOCK | 31 | unset SSH_AUTH_SOCK |
32 | 32 | ||
33 | for ps in no yes; do | 33 | for ps in no yes; do |
34 | for k in `${SSH} -Q key-plain | grep -v ^sk-` ; do | 34 | for k in `${SSH} -Q key-plain | filter_sk` ; do |
35 | verbose "key type $k privsep=$ps" | 35 | verbose "key type $k privsep=$ps" |
36 | cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy | 36 | cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy |
37 | echo "UsePrivilegeSeparation $ps" >> $OBJ/sshd_proxy | 37 | echo "UsePrivilegeSeparation $ps" >> $OBJ/sshd_proxy |
diff --git a/regress/hostkey-rotate.sh b/regress/hostkey-rotate.sh index 707e32908..c3e100c3e 100644 --- a/regress/hostkey-rotate.sh +++ b/regress/hostkey-rotate.sh | |||
@@ -1,11 +1,8 @@ | |||
1 | # $OpenBSD: hostkey-rotate.sh,v 1.7 2019/11/01 01:55:41 djm Exp $ | 1 | # $OpenBSD: hostkey-rotate.sh,v 1.8 2019/11/26 23:43:10 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="hostkey rotate" | 4 | tid="hostkey rotate" |
5 | 5 | ||
6 | # Need full names here since they are used in HostKeyAlgorithms | ||
7 | HOSTKEY_TYPES="`${SSH} -Q key-plain | grep -v ^sk-`" | ||
8 | |||
9 | rm -f $OBJ/hkr.* $OBJ/ssh_proxy.orig | 6 | rm -f $OBJ/hkr.* $OBJ/ssh_proxy.orig |
10 | 7 | ||
11 | grep -vi 'hostkey' $OBJ/sshd_proxy > $OBJ/sshd_proxy.orig | 8 | grep -vi 'hostkey' $OBJ/sshd_proxy > $OBJ/sshd_proxy.orig |
@@ -20,7 +17,7 @@ secondary="$primary" | |||
20 | trace "prepare hostkeys" | 17 | trace "prepare hostkeys" |
21 | nkeys=0 | 18 | nkeys=0 |
22 | all_algs="" | 19 | all_algs="" |
23 | for k in $HOSTKEY_TYPES; do | 20 | for k in $SSH_HOSTKEY_TYPES; do |
24 | ${SSHKEYGEN} -qt $k -f $OBJ/hkr.$k -N '' || fatal "ssh-keygen $k" | 21 | ${SSHKEYGEN} -qt $k -f $OBJ/hkr.$k -N '' || fatal "ssh-keygen $k" |
25 | echo "Hostkey $OBJ/hkr.${k}" >> $OBJ/sshd_proxy.orig | 22 | echo "Hostkey $OBJ/hkr.${k}" >> $OBJ/sshd_proxy.orig |
26 | nkeys=`expr $nkeys + 1` | 23 | nkeys=`expr $nkeys + 1` |
@@ -67,12 +64,12 @@ verbose "learn additional hostkeys" | |||
67 | dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=$all_algs | 64 | dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=$all_algs |
68 | # Check that other keys learned | 65 | # Check that other keys learned |
69 | expect_nkeys $nkeys "learn hostkeys" | 66 | expect_nkeys $nkeys "learn hostkeys" |
70 | for k in $HOSTKEY_TYPES; do | 67 | for k in $SSH_HOSTKEY_TYPES; do |
71 | check_key_present $k || fail "didn't learn keytype $k" | 68 | check_key_present $k || fail "didn't learn keytype $k" |
72 | done | 69 | done |
73 | 70 | ||
74 | # Check each key type | 71 | # Check each key type |
75 | for k in $HOSTKEY_TYPES; do | 72 | for k in $SSH_HOSTKEY_TYPES; do |
76 | verbose "learn additional hostkeys, type=$k" | 73 | verbose "learn additional hostkeys, type=$k" |
77 | dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=$k,$all_algs | 74 | dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=$k,$all_algs |
78 | expect_nkeys $nkeys "learn hostkeys $k" | 75 | expect_nkeys $nkeys "learn hostkeys $k" |
diff --git a/regress/keygen-change.sh b/regress/keygen-change.sh index c62f2c17c..dd1bfda80 100644 --- a/regress/keygen-change.sh +++ b/regress/keygen-change.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: keygen-change.sh,v 1.7 2019/11/01 01:55:41 djm Exp $ | 1 | # $OpenBSD: keygen-change.sh,v 1.8 2019/11/26 23:43:10 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="change passphrase for key" | 4 | tid="change passphrase for key" |
@@ -6,10 +6,9 @@ tid="change passphrase for key" | |||
6 | S1="secret1" | 6 | S1="secret1" |
7 | S2="2secret" | 7 | S2="2secret" |
8 | 8 | ||
9 | KEYTYPES=`${SSH} -Q key-plain | grep -v ^sk-` | 9 | KEYTYPES=`${SSH} -Q key-plain | maybe_filter_sk` |
10 | 10 | ||
11 | for t in $KEYTYPES; do | 11 | for t in $KEYTYPES; do |
12 | # generate user key for agent | ||
13 | trace "generating $t key" | 12 | trace "generating $t key" |
14 | rm -f $OBJ/$t-key | 13 | rm -f $OBJ/$t-key |
15 | ${SSHKEYGEN} -q -N ${S1} -t $t -f $OBJ/$t-key | 14 | ${SSHKEYGEN} -q -N ${S1} -t $t -f $OBJ/$t-key |
diff --git a/regress/keyscan.sh b/regress/keyscan.sh index 4e16ecd87..0ce0c7410 100644 --- a/regress/keyscan.sh +++ b/regress/keyscan.sh | |||
@@ -1,9 +1,9 @@ | |||
1 | # $OpenBSD: keyscan.sh,v 1.10 2019/11/01 01:55:41 djm Exp $ | 1 | # $OpenBSD: keyscan.sh,v 1.11 2019/11/26 23:43:10 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="keyscan" | 4 | tid="keyscan" |
5 | 5 | ||
6 | KEYTYPES=`${SSH} -Q key-plain | grep -v ^sk-` | 6 | KEYTYPES=`${SSH} -Q key-plain | filter_sk` |
7 | for i in $KEYTYPES; do | 7 | for i in $KEYTYPES; do |
8 | if [ -z "$algs" ]; then | 8 | if [ -z "$algs" ]; then |
9 | algs="$i" | 9 | algs="$i" |
diff --git a/regress/keytype.sh b/regress/keytype.sh index 13095088e..91c5aca1b 100644 --- a/regress/keytype.sh +++ b/regress/keytype.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: keytype.sh,v 1.8 2019/07/23 13:49:14 dtucker Exp $ | 1 | # $OpenBSD: keytype.sh,v 1.9 2019/11/26 23:43:10 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="login with different key types" | 4 | tid="login with different key types" |
@@ -16,43 +16,60 @@ for i in ${SSH_KEYTYPES}; do | |||
16 | ecdsa-sha2-nistp256) ktypes="$ktypes ecdsa-256" ;; | 16 | ecdsa-sha2-nistp256) ktypes="$ktypes ecdsa-256" ;; |
17 | ecdsa-sha2-nistp384) ktypes="$ktypes ecdsa-384" ;; | 17 | ecdsa-sha2-nistp384) ktypes="$ktypes ecdsa-384" ;; |
18 | ecdsa-sha2-nistp521) ktypes="$ktypes ecdsa-521" ;; | 18 | ecdsa-sha2-nistp521) ktypes="$ktypes ecdsa-521" ;; |
19 | sk-ssh-ed25519*) ktypes="$ktypes ed25519-sk" ;; | ||
20 | sk-ecdsa-sha2-nistp256*) ktypes="$ktypes ecdsa-sk" ;; | ||
19 | esac | 21 | esac |
20 | done | 22 | done |
21 | 23 | ||
22 | for kt in $ktypes; do | 24 | for kt in $ktypes; do |
23 | rm -f $OBJ/key.$kt | 25 | rm -f $OBJ/key.$kt |
24 | bits=`echo ${kt} | awk -F- '{print $2}'` | 26 | xbits=`echo ${kt} | awk -F- '{print $2}'` |
25 | type=`echo ${kt} | awk -F- '{print $1}'` | 27 | xtype=`echo ${kt} | awk -F- '{print $1}'` |
28 | case "$kt" in | ||
29 | *sk) type="$kt"; bits="n/a"; bits_arg="";; | ||
30 | *) type=$xtype; bits=$xbits; bits_arg="-b $bits";; | ||
31 | esac | ||
26 | verbose "keygen $type, $bits bits" | 32 | verbose "keygen $type, $bits bits" |
27 | ${SSHKEYGEN} -b $bits -q -N '' -t $type -f $OBJ/key.$kt ||\ | 33 | ${SSHKEYGEN} $bits_arg -q -N '' -t $type -f $OBJ/key.$kt || \ |
28 | fail "ssh-keygen for type $type, $bits bits failed" | 34 | fail "ssh-keygen for type $type, $bits bits failed" |
29 | done | 35 | done |
30 | 36 | ||
37 | kname_to_ktype() { | ||
38 | case $1 in | ||
39 | dsa-1024) echo ssh-dss;; | ||
40 | ecdsa-256) echo ecdsa-sha2-nistp256;; | ||
41 | ecdsa-384) echo ecdsa-sha2-nistp384;; | ||
42 | ecdsa-521) echo ecdsa-sha2-nistp521;; | ||
43 | ed25519-512) echo ssh-ed25519;; | ||
44 | rsa-*) echo rsa-sha2-512,rsa-sha2-256,ssh-rsa;; | ||
45 | ed25519-sk) echo sk-ssh-ed25519@openssh.com;; | ||
46 | ecdsa-sk) echo sk-ecdsa-sha2-nistp256@openssh.com;; | ||
47 | esac | ||
48 | } | ||
49 | |||
31 | tries="1 2 3" | 50 | tries="1 2 3" |
32 | for ut in $ktypes; do | 51 | for ut in $ktypes; do |
33 | htypes=$ut | 52 | user_type=`kname_to_ktype "$ut"` |
53 | # SK keys are not supported for hostkeys. | ||
54 | case "$ut" in | ||
55 | *sk) htypes=ed25519-512;; | ||
56 | *) htypes="$ut";; | ||
57 | esac | ||
34 | #htypes=$ktypes | 58 | #htypes=$ktypes |
35 | for ht in $htypes; do | 59 | for ht in $htypes; do |
36 | case $ht in | 60 | host_type=`kname_to_ktype "$ht"` |
37 | dsa-1024) t=ssh-dss;; | ||
38 | ecdsa-256) t=ecdsa-sha2-nistp256;; | ||
39 | ecdsa-384) t=ecdsa-sha2-nistp384;; | ||
40 | ecdsa-521) t=ecdsa-sha2-nistp521;; | ||
41 | ed25519-512) t=ssh-ed25519;; | ||
42 | rsa-*) t=rsa-sha2-512,rsa-sha2-256,ssh-rsa;; | ||
43 | esac | ||
44 | trace "ssh connect, userkey $ut, hostkey $ht" | 61 | trace "ssh connect, userkey $ut, hostkey $ht" |
45 | ( | 62 | ( |
46 | grep -v HostKey $OBJ/sshd_proxy_bak | 63 | grep -v HostKey $OBJ/sshd_proxy_bak |
47 | echo HostKey $OBJ/key.$ht | 64 | echo HostKey $OBJ/key.$ht |
48 | echo PubkeyAcceptedKeyTypes $t | 65 | echo PubkeyAcceptedKeyTypes $user_type |
49 | echo HostKeyAlgorithms $t | 66 | echo HostKeyAlgorithms $host_type |
50 | ) > $OBJ/sshd_proxy | 67 | ) > $OBJ/sshd_proxy |
51 | ( | 68 | ( |
52 | grep -v IdentityFile $OBJ/ssh_proxy_bak | 69 | grep -v IdentityFile $OBJ/ssh_proxy_bak |
53 | echo IdentityFile $OBJ/key.$ut | 70 | echo IdentityFile $OBJ/key.$ut |
54 | echo PubkeyAcceptedKeyTypes $t | 71 | echo PubkeyAcceptedKeyTypes $user_type |
55 | echo HostKeyAlgorithms $t | 72 | echo HostKeyAlgorithms $host_type |
56 | ) > $OBJ/ssh_proxy | 73 | ) > $OBJ/ssh_proxy |
57 | ( | 74 | ( |
58 | printf 'localhost-with-alias,127.0.0.1,::1 ' | 75 | printf 'localhost-with-alias,127.0.0.1,::1 ' |
diff --git a/regress/krl.sh b/regress/krl.sh index c9b2e67eb..1efd80bfe 100644 --- a/regress/krl.sh +++ b/regress/krl.sh | |||
@@ -1,16 +1,19 @@ | |||
1 | # $OpenBSD: krl.sh,v 1.9 2019/11/01 01:55:41 djm Exp $ | 1 | # $OpenBSD: krl.sh,v 1.10 2019/11/26 23:43:10 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="key revocation lists" | 4 | tid="key revocation lists" |
5 | 5 | ||
6 | # Use ed25519 by default since it's fast and it's supported when building | 6 | # Use ed25519 by default since it's fast and it's supported when building |
7 | # w/out OpenSSL. Populate ktype[2-4] with the other types if supported. | 7 | # w/out OpenSSL. Populate ktype[2-4] with the other types if supported. |
8 | ktype1=ed25519; ktype2=ed25519; ktype3=ed25519; ktype4=ed25519 | 8 | ktype1=ed25519; ktype2=ed25519; ktype3=ed25519; |
9 | for t in `${SSH} -Q key-plain | grep -v ^sk-`; do | 9 | ktype4=ed25519; ktype5=ed25519; ktype6=ed25519; |
10 | for t in `${SSH} -Q key-plain | maybe_filter_sk`; do | ||
10 | case "$t" in | 11 | case "$t" in |
11 | ecdsa*) ktype2=ecdsa ;; | 12 | ecdsa*) ktype2=ecdsa ;; |
12 | ssh-rsa) ktype3=rsa ;; | 13 | ssh-rsa) ktype3=rsa ;; |
13 | ssh-dss) ktype4=dsa ;; | 14 | ssh-dss) ktype4=dsa ;; |
15 | sk-ssh-ed25519@openssh.com) ktype5=ed25519-sk ;; | ||
16 | sk-ecdsa-sha2-nistp256@openssh.com) ktype6=ecdsa-sk ;; | ||
14 | esac | 17 | esac |
15 | done | 18 | done |
16 | 19 | ||
@@ -34,6 +37,7 @@ serial: 10 | |||
34 | serial: 15 | 37 | serial: 15 |
35 | serial: 30 | 38 | serial: 30 |
36 | serial: 50 | 39 | serial: 50 |
40 | serial: 90 | ||
37 | serial: 999 | 41 | serial: 999 |
38 | # The following sum to 500-799 | 42 | # The following sum to 500-799 |
39 | serial: 500 | 43 | serial: 500 |
@@ -51,7 +55,7 @@ EOF | |||
51 | 55 | ||
52 | # A specification that revokes some certificated by key ID. | 56 | # A specification that revokes some certificated by key ID. |
53 | touch $OBJ/revoked-keyid | 57 | touch $OBJ/revoked-keyid |
54 | for n in 1 2 3 4 10 15 30 50 `jot 500 300` 999 1000 1001 1002; do | 58 | for n in 1 2 3 4 10 15 30 50 90 `jot 500 300` 999 1000 1001 1002; do |
55 | test "x$n" = "x499" && continue | 59 | test "x$n" = "x499" && continue |
56 | # Fill in by-ID revocation spec. | 60 | # Fill in by-ID revocation spec. |
57 | echo "id: revoked $n" >> $OBJ/revoked-keyid | 61 | echo "id: revoked $n" >> $OBJ/revoked-keyid |
@@ -64,9 +68,11 @@ keygen() { | |||
64 | # supported. | 68 | # supported. |
65 | keytype=$ktype1 | 69 | keytype=$ktype1 |
66 | case $N in | 70 | case $N in |
67 | 2 | 10 | 510 | 1001) keytype=$ktype2 ;; | 71 | 2 | 10 | 510 | 1001) keytype=$ktype2 ;; |
68 | 4 | 30 | 520 | 1002) keytype=$ktype3 ;; | 72 | 4 | 30 | 520 | 1002) keytype=$ktype3 ;; |
69 | 8 | 50 | 530 | 1003) keytype=$ktype4 ;; | 73 | 8 | 50 | 530 | 1003) keytype=$ktype4 ;; |
74 | 16 | 70 | 540 | 1004) keytype=$ktype5 ;; | ||
75 | 32 | 90 | 550 | 1005) keytype=$ktype6 ;; | ||
70 | esac | 76 | esac |
71 | $SSHKEYGEN -t $keytype -f $f -C "" -N "" > /dev/null \ | 77 | $SSHKEYGEN -t $keytype -f $f -C "" -N "" > /dev/null \ |
72 | || fatal "$SSHKEYGEN failed" | 78 | || fatal "$SSHKEYGEN failed" |
@@ -78,7 +84,7 @@ keygen() { | |||
78 | 84 | ||
79 | # Generate some keys. | 85 | # Generate some keys. |
80 | verbose "$tid: generating test keys" | 86 | verbose "$tid: generating test keys" |
81 | REVOKED_SERIALS="1 4 10 50 500 510 520 799 999" | 87 | REVOKED_SERIALS="1 4 10 50 90 500 510 520 550 799 999" |
82 | for n in $REVOKED_SERIALS ; do | 88 | for n in $REVOKED_SERIALS ; do |
83 | f=`keygen $n` | 89 | f=`keygen $n` |
84 | RKEYS="$RKEYS ${f}.pub" | 90 | RKEYS="$RKEYS ${f}.pub" |
diff --git a/regress/limit-keytype.sh b/regress/limit-keytype.sh index 6eb255c24..abac05c0c 100644 --- a/regress/limit-keytype.sh +++ b/regress/limit-keytype.sh | |||
@@ -1,20 +1,25 @@ | |||
1 | # $OpenBSD: limit-keytype.sh,v 1.7 2019/11/01 01:55:41 djm Exp $ | 1 | # $OpenBSD: limit-keytype.sh,v 1.8 2019/11/26 23:43:10 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="restrict pubkey type" | 4 | tid="restrict pubkey type" |
5 | 5 | ||
6 | # XXX sk-* keys aren't actually tested ATM. | ||
7 | |||
6 | rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/user_key* | 8 | rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/user_key* |
7 | rm -f $OBJ/authorized_principals_$USER $OBJ/cert_user_key* | 9 | rm -f $OBJ/authorized_principals_$USER $OBJ/cert_user_key* |
8 | 10 | ||
9 | mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig | 11 | mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig |
10 | mv $OBJ/ssh_proxy $OBJ/ssh_proxy.orig | 12 | mv $OBJ/ssh_proxy $OBJ/ssh_proxy.orig |
11 | 13 | ||
12 | ktype1=ed25519; ktype2=$ktype1; ktype3=$ktype1; ktype4=$ktype1 | 14 | ktype1=ed25519; ktype2=ed25519; ktype3=ed25519; |
13 | for t in `${SSH} -Q key-plain | grep -v ^sk-`; do | 15 | ktype4=ed25519; ktype5=ed25519; ktype6=ed25519; |
16 | for t in `${SSH} -Q key-plain | maybe_filter_sk`; do | ||
14 | case "$t" in | 17 | case "$t" in |
15 | ssh-rsa) ktype2=rsa ;; | 18 | ssh-rsa) ktype2=rsa ;; |
16 | ecdsa*) ktype3=ecdsa ;; # unused | 19 | ecdsa*) ktype3=ecdsa ;; # unused |
17 | ssh-dss) ktype4=dsa ;; | 20 | ssh-dss) ktype4=dsa ;; |
21 | sk-ssh-ed25519@openssh.com) ktype5=ed25519-sk ;; | ||
22 | sk-ecdsa-sha2-nistp256@openssh.com) ktype6=ecdsa-sk ;; | ||
18 | esac | 23 | esac |
19 | done | 24 | done |
20 | 25 | ||
@@ -31,6 +36,10 @@ ${SSHKEYGEN} -q -N '' -t $ktype2 -f $OBJ/user_key3 || \ | |||
31 | fatal "ssh-keygen failed" | 36 | fatal "ssh-keygen failed" |
32 | ${SSHKEYGEN} -q -N '' -t $ktype4 -f $OBJ/user_key4 || \ | 37 | ${SSHKEYGEN} -q -N '' -t $ktype4 -f $OBJ/user_key4 || \ |
33 | fatal "ssh-keygen failed" | 38 | fatal "ssh-keygen failed" |
39 | ${SSHKEYGEN} -q -N '' -t $ktype5 -f $OBJ/user_key5 || \ | ||
40 | fatal "ssh-keygen failed" | ||
41 | ${SSHKEYGEN} -q -N '' -t $ktype6 -f $OBJ/user_key6 || \ | ||
42 | fatal "ssh-keygen failed" | ||
34 | ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \ | 43 | ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \ |
35 | -z $$ -n ${USER},mekmitasdigoat $OBJ/user_key3 || | 44 | -z $$ -n ${USER},mekmitasdigoat $OBJ/user_key3 || |
36 | fatal "couldn't sign user_key1" | 45 | fatal "couldn't sign user_key1" |
@@ -68,6 +77,8 @@ keytype() { | |||
68 | ed25519) printf "ssh-ed25519" ;; | 77 | ed25519) printf "ssh-ed25519" ;; |
69 | dsa) printf "ssh-dss" ;; | 78 | dsa) printf "ssh-dss" ;; |
70 | rsa) printf "rsa-sha2-256,rsa-sha2-512,ssh-rsa" ;; | 79 | rsa) printf "rsa-sha2-256,rsa-sha2-512,ssh-rsa" ;; |
80 | sk-ecdsa) printf "sk-ecdsa-*" ;; | ||
81 | sk-ssh-ed25519) printf "sk-ssh-ed25519-*" ;; | ||
71 | esac | 82 | esac |
72 | } | 83 | } |
73 | 84 | ||
diff --git a/regress/principals-command.sh b/regress/principals-command.sh index 005c6b7d6..a91858cbb 100644 --- a/regress/principals-command.sh +++ b/regress/principals-command.sh | |||
@@ -12,7 +12,7 @@ if [ -z "$SUDO" -a ! -w /var/run ]; then | |||
12 | exit 0 | 12 | exit 0 |
13 | fi | 13 | fi |
14 | 14 | ||
15 | case "`${SSH} -Q key-plain | grep -v ^sk-`" in | 15 | case "`${SSH} -Q key-plain`" in |
16 | *ssh-rsa*) userkeytype=rsa ;; | 16 | *ssh-rsa*) userkeytype=rsa ;; |
17 | *) userkeytype=ed25519 ;; | 17 | *) userkeytype=ed25519 ;; |
18 | esac | 18 | esac |
diff --git a/regress/sshsig.sh b/regress/sshsig.sh index eb99486ae..da362c179 100644 --- a/regress/sshsig.sh +++ b/regress/sshsig.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: sshsig.sh,v 1.2 2019/10/04 03:39:19 djm Exp $ | 1 | # $OpenBSD: sshsig.sh,v 1.3 2019/11/26 23:43:10 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="sshsig" | 4 | tid="sshsig" |
@@ -23,7 +23,7 @@ CA_PRIV=$OBJ/sigca-key | |||
23 | CA_PUB=$OBJ/sigca-key.pub | 23 | CA_PUB=$OBJ/sigca-key.pub |
24 | 24 | ||
25 | trace "start agent" | 25 | trace "start agent" |
26 | eval `${SSHAGENT} -s` > /dev/null | 26 | eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null |
27 | r=$? | 27 | r=$? |
28 | if [ $r -ne 0 ]; then | 28 | if [ $r -ne 0 ]; then |
29 | fatal "could not start ssh-agent: exit code $r" | 29 | fatal "could not start ssh-agent: exit code $r" |
diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 3f1685bb0..4bf4059fc 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: test-exec.sh,v 1.67 2019/11/01 01:55:41 djm Exp $ | 1 | # $OpenBSD: test-exec.sh,v 1.68 2019/11/26 23:43:10 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | #SUDO=sudo | 4 | #SUDO=sudo |
@@ -128,6 +128,12 @@ if [ "x$TEST_SSH_CONCH" != "x" ]; then | |||
128 | *) CONCH=`which ${TEST_SSH_CONCH} 2>/dev/null` ;; | 128 | *) CONCH=`which ${TEST_SSH_CONCH} 2>/dev/null` ;; |
129 | esac | 129 | esac |
130 | fi | 130 | fi |
131 | if [ "x$TEST_SSH_PKCS11_HELPER" != "x" ]; then | ||
132 | SSH_PKCS11_HELPER="${TEST_SSH_PKCS11_HELPER}" | ||
133 | fi | ||
134 | if [ "x$TEST_SSH_SK_HELPER" != "x" ]; then | ||
135 | SSH_SK_HELPER="${TEST_SSH_SK_HELPER}" | ||
136 | fi | ||
131 | 137 | ||
132 | # Path to sshd must be absolute for rexec | 138 | # Path to sshd must be absolute for rexec |
133 | case "$SSHD" in | 139 | case "$SSHD" in |
@@ -252,6 +258,7 @@ increase_datafile_size() | |||
252 | 258 | ||
253 | # these should be used in tests | 259 | # these should be used in tests |
254 | export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP | 260 | export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP |
261 | export SSH_PKCS11_HELPER SSH_SK_HELPER | ||
255 | #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP | 262 | #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP |
256 | 263 | ||
257 | # Portable specific functions | 264 | # Portable specific functions |
@@ -475,8 +482,35 @@ fi | |||
475 | 482 | ||
476 | rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER | 483 | rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER |
477 | 484 | ||
478 | SSH_KEYTYPES=`$SSH -Q key-plain | grep -v ^sk` | 485 | SSH_SK_PROVIDER= |
486 | if [ -f "${SRC}/misc/sk-dummy/obj/sk-dummy.so" ] ; then | ||
487 | SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/obj/sk-dummy.so" | ||
488 | elif [ -f "${SRC}/misc/sk-dummy/sk-dummy.so" ] ; then | ||
489 | SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/sk-dummy.so" | ||
490 | fi | ||
491 | export SSH_SK_PROVIDER | ||
492 | |||
493 | if ! test -z "$SSH_SK_PROVIDER"; then | ||
494 | EXTRA_AGENT_ARGS='-P/*' # XXX want realpath(1)... | ||
495 | echo "SecurityKeyProvider $SSH_SK_PROVIDER" >> $OBJ/ssh_config | ||
496 | fi | ||
497 | export EXTRA_AGENT_ARGS | ||
498 | |||
499 | filter_sk() { | ||
500 | grep -v ^sk | ||
501 | } | ||
502 | |||
503 | maybe_filter_sk() { | ||
504 | if test -z "$SSH_SK_PROVIDER" ; then | ||
505 | filter_sk | ||
506 | else | ||
507 | cat | ||
508 | fi | ||
509 | } | ||
479 | 510 | ||
511 | SSH_KEYTYPES=`$SSH -Q key-plain | maybe_filter_sk` | ||
512 | SSH_HOSTKEY_TYPES=`$SSH -Q key-plain | filter_sk` | ||
513 | |||
480 | for t in ${SSH_KEYTYPES}; do | 514 | for t in ${SSH_KEYTYPES}; do |
481 | # generate user key | 515 | # generate user key |
482 | trace "generating key type $t" | 516 | trace "generating key type $t" |
@@ -486,16 +520,18 @@ for t in ${SSH_KEYTYPES}; do | |||
486 | fail "ssh-keygen for $t failed" | 520 | fail "ssh-keygen for $t failed" |
487 | fi | 521 | fi |
488 | 522 | ||
523 | # setup authorized keys | ||
524 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER | ||
525 | echo IdentityFile $OBJ/$t >> $OBJ/ssh_config | ||
526 | done | ||
527 | |||
528 | for t in ${SSH_HOSTKEY_TYPES}; do | ||
489 | # known hosts file for client | 529 | # known hosts file for client |
490 | ( | 530 | ( |
491 | printf 'localhost-with-alias,127.0.0.1,::1 ' | 531 | printf 'localhost-with-alias,127.0.0.1,::1 ' |
492 | cat $OBJ/$t.pub | 532 | cat $OBJ/$t.pub |
493 | ) >> $OBJ/known_hosts | 533 | ) >> $OBJ/known_hosts |
494 | 534 | ||
495 | # setup authorized keys | ||
496 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER | ||
497 | echo IdentityFile $OBJ/$t >> $OBJ/ssh_config | ||
498 | |||
499 | # use key as host key, too | 535 | # use key as host key, too |
500 | $SUDO cp $OBJ/$t $OBJ/host.$t | 536 | $SUDO cp $OBJ/$t $OBJ/host.$t |
501 | echo HostKey $OBJ/host.$t >> $OBJ/sshd_config | 537 | echo HostKey $OBJ/host.$t >> $OBJ/sshd_config |