From: djm@openbsd.org Date: Sun, 16 Jun 2024 08:18:06 +0000 (+0000) Subject: upstream: penalty test is still a bit racy X-Git-Tag: V_9_8_P1~36 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=45562a95ea11d328c22d97bf39401cd29684fb1f;p=thirdparty%2Fopenssh-portable.git upstream: penalty test is still a bit racy OpenBSD-Regress-ID: 90c9ac224db454637baf1ebee5857e007321e824 --- diff --git a/regress/penalty.sh b/regress/penalty.sh index 9556b31f7..8b8353238 100644 --- a/regress/penalty.sh +++ b/regress/penalty.sh @@ -25,14 +25,17 @@ verbose "penalty for authentication failure" cat /dev/null > $OBJ/authorized_keys_${USER} ${SSH} -F $OBJ/ssh_config somehost true && fatal "noauth connect succeeded" cp $OBJ/authorized_keys_${USER}.bak $OBJ/authorized_keys_${USER} +sleep 2 # Should be below penalty threshold ${SSH} -F $OBJ/ssh_config somehost true || fatal "authfail not expired" +sleep 2 # Fail authentication again; penalty should activate cat /dev/null > $OBJ/authorized_keys_${USER} ${SSH} -F $OBJ/ssh_config somehost true && fatal "noauth connect succeeded" cp $OBJ/authorized_keys_${USER}.bak $OBJ/authorized_keys_${USER} +sleep 2 # These should be refused by the active penalty ${SSH} -F $OBJ/ssh_config somehost true && fail "authfail not rejected" @@ -42,6 +45,7 @@ conf "noauth:100s" ${SSH} -F $OBJ/ssh_config somehost true || fatal "basic connect failed" verbose "penalty for no authentication" ${SSHKEYSCAN} -t ssh-ed25519 -p $PORT 127.0.0.1 >/dev/null || fatal "keyscan failed" +sleep 2 # Repeat attempt should be penalised ${SSHKEYSCAN} -t ssh-ed25519 -p $PORT 127.0.0.1 >/dev/null 2>&1 && fail "keyscan not rejected"