Dag-Erling Smørgrav 4f52dfbb8d Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.
This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11.  For that
reason, we will not be able to merge 7.6p1 or newer back to 11.
2018-05-08 23:13:11 +00:00

120 lines
2.7 KiB
Bash

# $OpenBSD: ssh-com.sh,v 1.10 2017/05/08 01:52:49 djm Exp $
# Placed in the Public Domain.
tid="connect to ssh.com server"
#TEST_COMBASE=/path/to/ssh/com/binaries
if [ "X${TEST_COMBASE}" = "X" ]; then
fatal '$TEST_COMBASE is not set'
fi
VERSIONS="
2.0.12
2.0.13
2.1.0
2.2.0
2.3.0
2.4.0
3.0.0
3.1.0
3.2.0
3.2.2
3.2.3
3.2.5
3.2.9
3.2.9.1
3.3.0"
# 2.0.10 does not support UserConfigDirectory
# 2.3.1 requires a config in $HOME/.ssh2
SRC=`dirname ${SCRIPT}`
# ssh.com
cat << EOF > $OBJ/sshd2_config
#*:
# Port and ListenAddress are not used.
QuietMode yes
Port 4343
ListenAddress 127.0.0.1
UserConfigDirectory ${OBJ}/%U
Ciphers AnyCipher
PubKeyAuthentication yes
#AllowedAuthentications publickey
AuthorizationFile authorization
HostKeyFile ${SRC}/dsa_ssh2.prv
PublicHostKeyFile ${SRC}/dsa_ssh2.pub
RandomSeedFile ${OBJ}/random_seed
MaxConnections 0
PermitRootLogin yes
VerboseMode no
CheckMail no
Ssh1Compatibility no
EOF
# create client config
sed "s/HostKeyAlias.*/HostKeyAlias ssh2-localhost-with-alias/" \
< $OBJ/ssh_config > $OBJ/ssh_config_com
# we need a DSA key for
rm -f ${OBJ}/dsa ${OBJ}/dsa.pub
${SSHKEYGEN} -q -N '' -t dsa -f ${OBJ}/dsa
# setup userdir, try rsa first
mkdir -p ${OBJ}/${USER}
cp /dev/null ${OBJ}/${USER}/authorization
for t in rsa dsa; do
${SSHKEYGEN} -e -f ${OBJ}/$t.pub > ${OBJ}/${USER}/$t.com
echo Key $t.com >> ${OBJ}/${USER}/authorization
echo IdentityFile ${OBJ}/$t >> ${OBJ}/ssh_config_com
done
# convert and append DSA hostkey
(
printf 'ssh2-localhost-with-alias,127.0.0.1,::1 '
${SSHKEYGEN} -if ${SRC}/dsa_ssh2.pub
) >> $OBJ/known_hosts
# go for it
for v in ${VERSIONS}; do
sshd2=${TEST_COMBASE}/${v}/sshd2
if [ ! -x ${sshd2} ]; then
continue
fi
trace "sshd2 ${v}"
PROXY="proxycommand ${sshd2} -qif ${OBJ}/sshd2_config 2> /dev/null"
${SSH} -qF ${OBJ}/ssh_config_com -o "${PROXY}" dummy exit 0
if [ $? -ne 0 ]; then
fail "ssh connect to sshd2 ${v} failed"
fi
ciphers="3des-cbc"
macs="hmac-md5"
case $v in
2.4.*)
ciphers="$ciphers cast128-cbc"
macs="$macs hmac-sha1 hmac-sha1-96 hmac-md5-96"
;;
3.*)
ciphers="$ciphers aes128-cbc cast128-cbc"
macs="$macs hmac-sha1 hmac-sha1-96 hmac-md5-96"
;;
esac
#ciphers="3des-cbc"
for m in $macs; do
for c in $ciphers; do
trace "sshd2 ${v} cipher $c mac $m"
verbose "test ${tid}: sshd2 ${v} cipher $c mac $m"
${SSH} -c $c -m $m -qF ${OBJ}/ssh_config_com -o "${PROXY}" dummy exit 0
if [ $? -ne 0 ]; then
fail "ssh connect to sshd2 ${v} with $c/$m failed"
fi
done
done
done
rm -rf ${OBJ}/${USER}
for i in sshd_config_proxy ssh_config_proxy random_seed \
sshd2_config dsa.pub dsa ssh_config_com; do
rm -f ${OBJ}/$i
done