4f52dfbb8d
This completely removes client-side support for the SSH 1 protocol, which was already disabled in 12 but is still enabled in 11. For that reason, we will not be able to merge 7.6p1 or newer back to 11.
120 lines
2.7 KiB
Bash
120 lines
2.7 KiB
Bash
# $OpenBSD: ssh-com.sh,v 1.10 2017/05/08 01:52:49 djm Exp $
|
|
# Placed in the Public Domain.
|
|
|
|
tid="connect to ssh.com server"
|
|
|
|
#TEST_COMBASE=/path/to/ssh/com/binaries
|
|
if [ "X${TEST_COMBASE}" = "X" ]; then
|
|
fatal '$TEST_COMBASE is not set'
|
|
fi
|
|
|
|
VERSIONS="
|
|
2.0.12
|
|
2.0.13
|
|
2.1.0
|
|
2.2.0
|
|
2.3.0
|
|
2.4.0
|
|
3.0.0
|
|
3.1.0
|
|
3.2.0
|
|
3.2.2
|
|
3.2.3
|
|
3.2.5
|
|
3.2.9
|
|
3.2.9.1
|
|
3.3.0"
|
|
# 2.0.10 does not support UserConfigDirectory
|
|
# 2.3.1 requires a config in $HOME/.ssh2
|
|
|
|
SRC=`dirname ${SCRIPT}`
|
|
|
|
# ssh.com
|
|
cat << EOF > $OBJ/sshd2_config
|
|
#*:
|
|
# Port and ListenAddress are not used.
|
|
QuietMode yes
|
|
Port 4343
|
|
ListenAddress 127.0.0.1
|
|
UserConfigDirectory ${OBJ}/%U
|
|
Ciphers AnyCipher
|
|
PubKeyAuthentication yes
|
|
#AllowedAuthentications publickey
|
|
AuthorizationFile authorization
|
|
HostKeyFile ${SRC}/dsa_ssh2.prv
|
|
PublicHostKeyFile ${SRC}/dsa_ssh2.pub
|
|
RandomSeedFile ${OBJ}/random_seed
|
|
MaxConnections 0
|
|
PermitRootLogin yes
|
|
VerboseMode no
|
|
CheckMail no
|
|
Ssh1Compatibility no
|
|
EOF
|
|
|
|
# create client config
|
|
sed "s/HostKeyAlias.*/HostKeyAlias ssh2-localhost-with-alias/" \
|
|
< $OBJ/ssh_config > $OBJ/ssh_config_com
|
|
|
|
# we need a DSA key for
|
|
rm -f ${OBJ}/dsa ${OBJ}/dsa.pub
|
|
${SSHKEYGEN} -q -N '' -t dsa -f ${OBJ}/dsa
|
|
|
|
# setup userdir, try rsa first
|
|
mkdir -p ${OBJ}/${USER}
|
|
cp /dev/null ${OBJ}/${USER}/authorization
|
|
for t in rsa dsa; do
|
|
${SSHKEYGEN} -e -f ${OBJ}/$t.pub > ${OBJ}/${USER}/$t.com
|
|
echo Key $t.com >> ${OBJ}/${USER}/authorization
|
|
echo IdentityFile ${OBJ}/$t >> ${OBJ}/ssh_config_com
|
|
done
|
|
|
|
# convert and append DSA hostkey
|
|
(
|
|
printf 'ssh2-localhost-with-alias,127.0.0.1,::1 '
|
|
${SSHKEYGEN} -if ${SRC}/dsa_ssh2.pub
|
|
) >> $OBJ/known_hosts
|
|
|
|
# go for it
|
|
for v in ${VERSIONS}; do
|
|
sshd2=${TEST_COMBASE}/${v}/sshd2
|
|
if [ ! -x ${sshd2} ]; then
|
|
continue
|
|
fi
|
|
trace "sshd2 ${v}"
|
|
PROXY="proxycommand ${sshd2} -qif ${OBJ}/sshd2_config 2> /dev/null"
|
|
${SSH} -qF ${OBJ}/ssh_config_com -o "${PROXY}" dummy exit 0
|
|
if [ $? -ne 0 ]; then
|
|
fail "ssh connect to sshd2 ${v} failed"
|
|
fi
|
|
|
|
ciphers="3des-cbc"
|
|
macs="hmac-md5"
|
|
case $v in
|
|
2.4.*)
|
|
ciphers="$ciphers cast128-cbc"
|
|
macs="$macs hmac-sha1 hmac-sha1-96 hmac-md5-96"
|
|
;;
|
|
3.*)
|
|
ciphers="$ciphers aes128-cbc cast128-cbc"
|
|
macs="$macs hmac-sha1 hmac-sha1-96 hmac-md5-96"
|
|
;;
|
|
esac
|
|
#ciphers="3des-cbc"
|
|
for m in $macs; do
|
|
for c in $ciphers; do
|
|
trace "sshd2 ${v} cipher $c mac $m"
|
|
verbose "test ${tid}: sshd2 ${v} cipher $c mac $m"
|
|
${SSH} -c $c -m $m -qF ${OBJ}/ssh_config_com -o "${PROXY}" dummy exit 0
|
|
if [ $? -ne 0 ]; then
|
|
fail "ssh connect to sshd2 ${v} with $c/$m failed"
|
|
fi
|
|
done
|
|
done
|
|
done
|
|
|
|
rm -rf ${OBJ}/${USER}
|
|
for i in sshd_config_proxy ssh_config_proxy random_seed \
|
|
sshd2_config dsa.pub dsa ssh_config_com; do
|
|
rm -f ${OBJ}/$i
|
|
done
|