Damien Miller | f54542a | 2013-12-07 16:32:44 +1100 | [diff] [blame] | 1 | # $OpenBSD: keytype.sh,v 1.3 2013/12/06 13:52:46 markus Exp $ |
Darren Tucker | b69e033 | 2010-11-05 18:19:15 +1100 | [diff] [blame] | 2 | # Placed in the Public Domain. |
| 3 | |
| 4 | tid="login with different key types" |
| 5 | |
Tim Rice | a3f297d | 2012-02-14 23:01:42 -0800 | [diff] [blame] | 6 | TIME=`which time 2>/dev/null` |
Tim Rice | e426f5e | 2010-11-08 09:15:14 -0800 | [diff] [blame] | 7 | if test ! -x "$TIME"; then |
| 8 | TIME="" |
| 9 | fi |
| 10 | |
Darren Tucker | b69e033 | 2010-11-05 18:19:15 +1100 | [diff] [blame] | 11 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak |
| 12 | cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak |
| 13 | |
Darren Tucker | 77244af | 2013-12-21 17:02:39 +1100 | [diff] [blame] | 14 | # Traditional and builtin key types. |
Damien Miller | f54542a | 2013-12-07 16:32:44 +1100 | [diff] [blame] | 15 | ktypes="dsa-1024 rsa-2048 rsa-3072 ed25519-512" |
Darren Tucker | 77244af | 2013-12-21 17:02:39 +1100 | [diff] [blame] | 16 | # Types not present in all OpenSSL versions. |
Darren Tucker | b6a75b0 | 2013-11-10 20:25:22 +1100 | [diff] [blame] | 17 | for i in `$SSH -Q key`; do |
| 18 | case "$i" in |
Darren Tucker | 77244af | 2013-12-21 17:02:39 +1100 | [diff] [blame] | 19 | ecdsa-sha2-nistp256) ktypes="$ktypes ecdsa-256" ;; |
| 20 | ecdsa-sha2-nistp384) ktypes="$ktypes ecdsa-384" ;; |
| 21 | ecdsa-sha2-nistp521) ktypes="$ktypes ecdsa-521" ;; |
Darren Tucker | b6a75b0 | 2013-11-10 20:25:22 +1100 | [diff] [blame] | 22 | esac |
| 23 | done |
Darren Tucker | b69e033 | 2010-11-05 18:19:15 +1100 | [diff] [blame] | 24 | |
| 25 | for kt in $ktypes; do |
| 26 | rm -f $OBJ/key.$kt |
Tim Rice | c10aeaa | 2010-11-07 13:03:11 -0800 | [diff] [blame] | 27 | bits=`echo ${kt} | awk -F- '{print $2}'` |
| 28 | type=`echo ${kt} | awk -F- '{print $1}'` |
Darren Tucker | b69e033 | 2010-11-05 18:19:15 +1100 | [diff] [blame] | 29 | printf "keygen $type, $bits bits:\t" |
| 30 | ${TIME} ${SSHKEYGEN} -b $bits -q -N '' -t $type -f $OBJ/key.$kt ||\ |
| 31 | fail "ssh-keygen for type $type, $bits bits failed" |
| 32 | done |
| 33 | |
| 34 | tries="1 2 3" |
| 35 | for ut in $ktypes; do |
| 36 | htypes=$ut |
| 37 | #htypes=$ktypes |
| 38 | for ht in $htypes; do |
| 39 | trace "ssh connect, userkey $ut, hostkey $ht" |
| 40 | ( |
| 41 | grep -v HostKey $OBJ/sshd_proxy_bak |
| 42 | echo HostKey $OBJ/key.$ht |
| 43 | ) > $OBJ/sshd_proxy |
| 44 | ( |
| 45 | grep -v IdentityFile $OBJ/ssh_proxy_bak |
| 46 | echo IdentityFile $OBJ/key.$ut |
| 47 | ) > $OBJ/ssh_proxy |
| 48 | ( |
Darren Tucker | 56347ef | 2013-05-17 13:28:36 +1000 | [diff] [blame] | 49 | printf 'localhost-with-alias,127.0.0.1,::1 ' |
Darren Tucker | b69e033 | 2010-11-05 18:19:15 +1100 | [diff] [blame] | 50 | cat $OBJ/key.$ht.pub |
| 51 | ) > $OBJ/known_hosts |
| 52 | cat $OBJ/key.$ut.pub > $OBJ/authorized_keys_$USER |
| 53 | for i in $tries; do |
| 54 | printf "userkey $ut, hostkey ${ht}:\t" |
| 55 | ${TIME} ${SSH} -F $OBJ/ssh_proxy 999.999.999.999 true |
| 56 | if [ $? -ne 0 ]; then |
| 57 | fail "ssh userkey $ut, hostkey $ht failed" |
| 58 | fi |
| 59 | done |
| 60 | done |
| 61 | done |