upstream commit
eliminate explicit specification of protocol in tests and
loops over protocol. We only support SSHv2 now.
Upstream-Regress-ID: 0082838a9b8a382b7ee9cbf0c1b9db727784fadd
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
index 7005fd5..6a23fe3 100644
--- a/regress/cert-userkey.sh
+++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: cert-userkey.sh,v 1.17 2016/11/30 03:01:33 djm Exp $
+# $OpenBSD: cert-userkey.sh,v 1.18 2017/04/30 23:34:55 djm Exp $
# Placed in the Public Domain.
tid="certified user keys"
@@ -67,7 +67,7 @@
# Missing authorized_principals
verbose "$tid: ${_prefix} missing authorized_principals"
rm -f $OBJ/authorized_principals_$USER
- ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ ${SSH} -i $OBJ/cert_user_key_${ktype} \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -eq 0 ]; then
fail "ssh cert connect succeeded unexpectedly"
@@ -76,7 +76,7 @@
# Empty authorized_principals
verbose "$tid: ${_prefix} empty authorized_principals"
echo > $OBJ/authorized_principals_$USER
- ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ ${SSH} -i $OBJ/cert_user_key_${ktype} \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -eq 0 ]; then
fail "ssh cert connect succeeded unexpectedly"
@@ -85,7 +85,7 @@
# Wrong authorized_principals
verbose "$tid: ${_prefix} wrong authorized_principals"
echo gregorsamsa > $OBJ/authorized_principals_$USER
- ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ ${SSH} -i $OBJ/cert_user_key_${ktype} \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -eq 0 ]; then
fail "ssh cert connect succeeded unexpectedly"
@@ -94,7 +94,7 @@
# Correct authorized_principals
verbose "$tid: ${_prefix} correct authorized_principals"
echo mekmitasdigoat > $OBJ/authorized_principals_$USER
- ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ ${SSH} -i $OBJ/cert_user_key_${ktype} \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -ne 0 ]; then
fail "ssh cert connect failed"
@@ -103,7 +103,7 @@
# authorized_principals with bad key option
verbose "$tid: ${_prefix} authorized_principals bad key opt"
echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER
- ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ ${SSH} -i $OBJ/cert_user_key_${ktype} \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -eq 0 ]; then
fail "ssh cert connect succeeded unexpectedly"
@@ -113,7 +113,7 @@
verbose "$tid: ${_prefix} authorized_principals command=false"
echo 'command="false" mekmitasdigoat' > \
$OBJ/authorized_principals_$USER
- ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ ${SSH} -i $OBJ/cert_user_key_${ktype} \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -eq 0 ]; then
fail "ssh cert connect succeeded unexpectedly"
@@ -124,7 +124,7 @@
verbose "$tid: ${_prefix} authorized_principals command=true"
echo 'command="true" mekmitasdigoat' > \
$OBJ/authorized_principals_$USER
- ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ ${SSH} -i $OBJ/cert_user_key_${ktype} \
-F $OBJ/ssh_proxy somehost false >/dev/null 2>&1
if [ $? -ne 0 ]; then
fail "ssh cert connect failed"
@@ -148,7 +148,7 @@
printf 'cert-authority,principals="gregorsamsa" '
cat $OBJ/user_ca_key.pub
) > $OBJ/authorized_keys_$USER
- ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ ${SSH} -i $OBJ/cert_user_key_${ktype} \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -eq 0 ]; then
fail "ssh cert connect succeeded unexpectedly"
@@ -160,7 +160,7 @@
printf 'cert-authority,principals="mekmitasdigoat" '
cat $OBJ/user_ca_key.pub
) > $OBJ/authorized_keys_$USER
- ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ ${SSH} -i $OBJ/cert_user_key_${ktype} \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -ne 0 ]; then
fail "ssh cert connect failed"
@@ -198,7 +198,7 @@
echo "PubkeyAcceptedKeyTypes ${t}"
) > $OBJ/ssh_proxy
- ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ ${SSH} -i $OBJ/cert_user_key_${ktype} \
-F $OBJ/ssh_proxy somehost true
if [ $? -ne 0 ]; then
fail "ssh cert connect failed"
@@ -215,7 +215,7 @@
) > $OBJ/sshd_proxy
cp $OBJ/cert_user_key_${ktype}.pub \
$OBJ/cert_user_key_revoked
- ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ ${SSH} -i $OBJ/cert_user_key_${ktype} \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -eq 0 ]; then
fail "ssh cert connect succeeded unexpecedly"
@@ -224,14 +224,14 @@
rm $OBJ/cert_user_key_revoked
${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked \
$OBJ/cert_user_key_${ktype}.pub
- ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ ${SSH} -i $OBJ/cert_user_key_${ktype} \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -eq 0 ]; then
fail "ssh cert connect succeeded unexpecedly"
fi
verbose "$tid: ${_prefix} empty KRL"
${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked
- ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ ${SSH} -i $OBJ/cert_user_key_${ktype} \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -ne 0 ]; then
fail "ssh cert connect failed"
@@ -246,7 +246,7 @@
echo "PubkeyAcceptedKeyTypes ${t}"
echo "$extra_sshd"
) > $OBJ/sshd_proxy
- ${SSH} -2i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \
+ ${SSH} -i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \
somehost true >/dev/null 2>&1
if [ $? -eq 0 ]; then
fail "ssh cert connect succeeded unexpecedly"
@@ -260,7 +260,7 @@
echo "$extra_sshd"
) > $OBJ/sshd_proxy
verbose "$tid: ensure CA key does not authenticate user"
- ${SSH} -2i $OBJ/user_ca_key \
+ ${SSH} -i $OBJ/user_ca_key \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -eq 0 ]; then
fail "ssh cert connect with CA key succeeded unexpectedly"
@@ -307,7 +307,7 @@
$sign_opts $OBJ/cert_user_key_${ktype} ||
fail "couldn't sign cert_user_key_${ktype}"
- ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ ${SSH} -i $OBJ/cert_user_key_${ktype} \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
rc=$?
if [ "x$result" = "xsuccess" ] ; then
@@ -378,7 +378,7 @@
-n $USER $OBJ/cert_user_key_${ktype} ||
fatal "couldn't sign cert_user_key_${ktype}"
verbose "$tid: user ${ktype} connect wrong cert"
- ${SSH} -2i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \
+ ${SSH} -i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \
somehost true >/dev/null 2>&1
if [ $? -eq 0 ]; then
fail "ssh cert connect $ident succeeded unexpectedly"