-# $OpenBSD: cert-hostkey.sh,v 1.21 2019/12/11 18:47:14 djm Exp $
+# $OpenBSD: cert-hostkey.sh,v 1.22 2019/12/16 02:39:05 djm Exp $
# Placed in the Public Domain.
tid="certified host keys"
# Allow all hostkey/pubkey types, prefer certs for the client
rsa=0
types=""
-for i in `$SSH -Q key | filter_sk`; do
+for i in `$SSH -Q key | maybe_filter_sk`; do
if [ -z "$types" ]; then
types="$i"
continue
touch $OBJ/host_revoked_cert
cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca
-PLAIN_TYPES=`$SSH -Q key-plain | filter_sk | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'`
+PLAIN_TYPES=`echo "$SSH_KEYTYPES" | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'`
if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then
PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512"
-# $OpenBSD: hostkey-agent.sh,v 1.10 2019/12/11 18:47:14 djm Exp $
+# $OpenBSD: hostkey-agent.sh,v 1.11 2019/12/16 02:39:05 djm Exp $
# Placed in the Public Domain.
tid="hostkey agent"
echo "HostKeyAgent $SSH_AUTH_SOCK" >> $OBJ/sshd_proxy.orig
trace "load hostkeys"
-for k in `${SSH} -Q key-plain | filter_sk` ; do
+for k in $SSH_KEYTYPES ; do
${SSHKEYGEN} -qt $k -f $OBJ/agent-key.$k -N '' || fatal "ssh-keygen $k"
(
printf 'localhost-with-alias,127.0.0.1,::1 '
unset SSH_AUTH_SOCK
for ps in yes; do
- for k in `${SSH} -Q key-plain | filter_sk` ; do
+ for k in $SSH_KEYTYPES ; do
verbose "key type $k privsep=$ps"
cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
echo "UsePrivilegeSeparation $ps" >> $OBJ/sshd_proxy
-# $OpenBSD: keygen-change.sh,v 1.8 2019/11/26 23:43:10 djm Exp $
+# $OpenBSD: keygen-change.sh,v 1.9 2019/12/16 02:39:05 djm Exp $
# Placed in the Public Domain.
tid="change passphrase for key"
S1="secret1"
S2="2secret"
-KEYTYPES=`${SSH} -Q key-plain | maybe_filter_sk`
-
-for t in $KEYTYPES; do
+for t in $SSH_KEYTYPES; do
trace "generating $t key"
rm -f $OBJ/$t-key
${SSHKEYGEN} -q -N ${S1} -t $t -f $OBJ/$t-key
-# $OpenBSD: keyscan.sh,v 1.11 2019/11/26 23:43:10 djm Exp $
+# $OpenBSD: keyscan.sh,v 1.12 2019/12/16 02:39:05 djm Exp $
# Placed in the Public Domain.
tid="keyscan"
-KEYTYPES=`${SSH} -Q key-plain | filter_sk`
-for i in $KEYTYPES; do
+for i in $SSH_KEYTYPES; do
if [ -z "$algs" ]; then
algs="$i"
else
start_sshd
-for t in $KEYTYPES; do
+for t in $SSH_KEYTYPES; do
trace "keyscan type $t"
${SSHKEYSCAN} -t $t -p $PORT 127.0.0.1 127.0.0.1 127.0.0.1 \
> /dev/null 2>&1
-# $OpenBSD: keytype.sh,v 1.9 2019/11/26 23:43:10 djm Exp $
+# $OpenBSD: keytype.sh,v 1.10 2019/12/16 02:39:05 djm Exp $
# Placed in the Public Domain.
tid="login with different key types"
tries="1 2 3"
for ut in $ktypes; do
user_type=`kname_to_ktype "$ut"`
- # SK keys are not supported for hostkeys.
- case "$ut" in
- *sk) htypes=ed25519-512;;
- *) htypes="$ut";;
- esac
+ htypes="$ut"
#htypes=$ktypes
for ht in $htypes; do
host_type=`kname_to_ktype "$ht"`
-# $OpenBSD: krl.sh,v 1.10 2019/11/26 23:43:10 djm Exp $
+# $OpenBSD: krl.sh,v 1.11 2019/12/16 02:39:05 djm Exp $
# Placed in the Public Domain.
tid="key revocation lists"
# w/out OpenSSL. Populate ktype[2-4] with the other types if supported.
ktype1=ed25519; ktype2=ed25519; ktype3=ed25519;
ktype4=ed25519; ktype5=ed25519; ktype6=ed25519;
-for t in `${SSH} -Q key-plain | maybe_filter_sk`; do
+for t in $SSH_KEYTYPES; do
case "$t" in
ecdsa*) ktype2=ecdsa ;;
ssh-rsa) ktype3=rsa ;;
-# $OpenBSD: limit-keytype.sh,v 1.8 2019/11/26 23:43:10 djm Exp $
+# $OpenBSD: limit-keytype.sh,v 1.9 2019/12/16 02:39:05 djm Exp $
# Placed in the Public Domain.
tid="restrict pubkey type"
ktype1=ed25519; ktype2=ed25519; ktype3=ed25519;
ktype4=ed25519; ktype5=ed25519; ktype6=ed25519;
-for t in `${SSH} -Q key-plain | maybe_filter_sk`; do
+for t in $SSH_KEYTYPES ; do
case "$t" in
ssh-rsa) ktype2=rsa ;;
ecdsa*) ktype3=ecdsa ;; # unused
-# $OpenBSD: principals-command.sh,v 1.10 2019/12/11 18:47:14 djm Exp $
+# $OpenBSD: principals-command.sh,v 1.11 2019/12/16 02:39:05 djm Exp $
# Placed in the Public Domain.
tid="authorized principals command"
exit 0
fi
-case "`${SSH} -Q key-plain`" in
+case "$SSH_KEYTYPES" in
*ssh-rsa*) userkeytype=rsa ;;
*) userkeytype=ed25519 ;;
esac
-# $OpenBSD: test-exec.sh,v 1.68 2019/11/26 23:43:10 djm Exp $
+# $OpenBSD: test-exec.sh,v 1.69 2019/12/16 02:39:05 djm Exp $
# Placed in the Public Domain.
#SUDO=sudo
if ! test -z "$SSH_SK_PROVIDER"; then
EXTRA_AGENT_ARGS='-P/*' # XXX want realpath(1)...
echo "SecurityKeyProvider $SSH_SK_PROVIDER" >> $OBJ/ssh_config
+ echo "SecurityKeyProvider $SSH_SK_PROVIDER" >> $OBJ/sshd_config
+ echo "SecurityKeyProvider $SSH_SK_PROVIDER" >> $OBJ/sshd_proxy
fi
export EXTRA_AGENT_ARGS
-filter_sk() {
- grep -v ^sk
-}
-
maybe_filter_sk() {
if test -z "$SSH_SK_PROVIDER" ; then
- filter_sk
+ grep -v ^sk
else
cat
fi
}
SSH_KEYTYPES=`$SSH -Q key-plain | maybe_filter_sk`
-SSH_HOSTKEY_TYPES=`$SSH -Q key-plain | filter_sk`
+SSH_HOSTKEY_TYPES=`$SSH -Q key-plain | maybe_filter_sk`
for t in ${SSH_KEYTYPES}; do
# generate user key
projects / thirdparty / openssh-portable.git / commitdiff
