blob: 8f16aa01bc524f82971551b6677d0127908b59ac (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
# $OpenBSD: keytype.sh,v 1.6 2017/10/30 22:01:52 djm Exp $
# Placed in the Public Domain.
tid="login with different key types"
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
# Traditional and builtin key types.
ktypes="dsa-1024 rsa-2048 rsa-3072 ed25519-512"
# Types not present in all OpenSSL versions.
for i in `$SSH -Q key`; do
case "$i" in
ecdsa-sha2-nistp256) ktypes="$ktypes ecdsa-256" ;;
ecdsa-sha2-nistp384) ktypes="$ktypes ecdsa-384" ;;
ecdsa-sha2-nistp521) ktypes="$ktypes ecdsa-521" ;;
esac
done
for kt in $ktypes; do
rm -f $OBJ/key.$kt
bits=`echo ${kt} | awk -F- '{print $2}'`
type=`echo ${kt} | awk -F- '{print $1}'`
verbose "keygen $type, $bits bits"
${SSHKEYGEN} -b $bits -q -N '' -t $type -f $OBJ/key.$kt ||\
fail "ssh-keygen for type $type, $bits bits failed"
done
tries="1 2 3"
for ut in $ktypes; do
htypes=$ut
#htypes=$ktypes
for ht in $htypes; do
case $ht in
dsa-1024) t=ssh-dss;;
ecdsa-256) t=ecdsa-sha2-nistp256;;
ecdsa-384) t=ecdsa-sha2-nistp384;;
ecdsa-521) t=ecdsa-sha2-nistp521;;
ed25519-512) t=ssh-ed25519;;
rsa-*) t=ssh-rsa;;
esac
trace "ssh connect, userkey $ut, hostkey $ht"
(
grep -v HostKey $OBJ/sshd_proxy_bak
echo HostKey $OBJ/key.$ht
echo PubkeyAcceptedKeyTypes $t
echo HostKeyAlgorithms $t
) > $OBJ/sshd_proxy
(
grep -v IdentityFile $OBJ/ssh_proxy_bak
echo IdentityFile $OBJ/key.$ut
echo PubkeyAcceptedKeyTypes $t
echo HostKeyAlgorithms $t
) > $OBJ/ssh_proxy
(
printf 'localhost-with-alias,127.0.0.1,::1 '
cat $OBJ/key.$ht.pub
) > $OBJ/known_hosts
cat $OBJ/key.$ut.pub > $OBJ/authorized_keys_$USER
for i in $tries; do
verbose "userkey $ut, hostkey ${ht}"
${SSH} -F $OBJ/ssh_proxy 999.999.999.999 true
if [ $? -ne 0 ]; then
fail "ssh userkey $ut, hostkey $ht failed"
fi
done
done
done
|