• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/usr/bin/env perl
2#***************************************************************************
3#                                  _   _ ____  _
4#  Project                     ___| | | |  _ \| |
5#                             / __| | | | |_) | |
6#                            | (__| |_| |  _ <| |___
7#                             \___|\___/|_| \_\_____|
8#
9# Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
10#
11# This software is licensed as described in the file COPYING, which
12# you should have received as part of this distribution. The terms
13# are also available at https://curl.se/docs/copyright.html.
14#
15# You may opt to use, copy, modify, merge, publish, distribute and/or sell
16# copies of the Software, and permit persons to whom the Software is
17# furnished to do so, under the terms of the COPYING file.
18#
19# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
20# KIND, either express or implied.
21#
22#***************************************************************************
23
24# Starts sshd for use in the SCP and SFTP curl test harness tests.
25# Also creates the ssh configuration files needed for these tests.
26
27use strict;
28use warnings;
29use Cwd;
30use Cwd 'abs_path';
31use Digest::MD5;
32use Digest::MD5 'md5_hex';
33use MIME::Base64;
34
35#***************************************************************************
36# Variables and subs imported from sshhelp module
37#
38use sshhelp qw(
39    $sshdexe
40    $sshexe
41    $sftpsrvexe
42    $sftpexe
43    $sshkeygenexe
44    $sshdconfig
45    $sshconfig
46    $sftpconfig
47    $knownhosts
48    $sshdlog
49    $sshlog
50    $sftplog
51    $sftpcmds
52    $hstprvkeyf
53    $hstpubkeyf
54    $hstpubmd5f
55    $cliprvkeyf
56    $clipubkeyf
57    display_sshdconfig
58    display_sshconfig
59    display_sftpconfig
60    display_sshdlog
61    display_sshlog
62    display_sftplog
63    dump_array
64    find_sshd
65    find_ssh
66    find_sftpsrv
67    find_sftp
68    find_sshkeygen
69    logmsg
70    sshversioninfo
71    );
72
73#***************************************************************************
74# Subs imported from serverhelp module
75#
76use serverhelp qw(
77    server_pidfilename
78    server_logfilename
79    );
80
81use pathhelp;
82
83#***************************************************************************
84
85my $verbose = 0;              # set to 1 for debugging
86my $debugprotocol = 0;        # set to 1 for protocol debugging
87my $port = 8999;              # our default SCP/SFTP server port
88my $listenaddr = '127.0.0.1'; # default address on which to listen
89my $ipvnum = 4;               # default IP version of listener address
90my $idnum = 1;                # default ssh daemon instance number
91my $proto = 'ssh';            # protocol the ssh daemon speaks
92my $path = getcwd();          # current working directory
93my $logdir = $path .'/log';   # directory for log files
94my $username = $ENV{USER};    # default user
95my $pidfile;                  # ssh daemon pid file
96my $identity = 'curl_client_key'; # default identity file
97
98my $error;
99my @cfgarr;
100
101
102#***************************************************************************
103# Parse command line options
104#
105while(@ARGV) {
106    if($ARGV[0] eq '--verbose') {
107        $verbose = 1;
108    }
109    elsif($ARGV[0] eq '--debugprotocol') {
110        $verbose = 1;
111        $debugprotocol = 1;
112    }
113    elsif($ARGV[0] eq '--user') {
114        if($ARGV[1]) {
115            $username = $ARGV[1];
116            shift @ARGV;
117        }
118    }
119    elsif($ARGV[0] eq '--id') {
120        if($ARGV[1]) {
121            if($ARGV[1] =~ /^(\d+)$/) {
122                $idnum = $1 if($1 > 0);
123                shift @ARGV;
124            }
125        }
126    }
127    elsif($ARGV[0] eq '--ipv4') {
128        $ipvnum = 4;
129        $listenaddr = '127.0.0.1' if($listenaddr eq '::1');
130    }
131    elsif($ARGV[0] eq '--ipv6') {
132        $ipvnum = 6;
133        $listenaddr = '::1' if($listenaddr eq '127.0.0.1');
134    }
135    elsif($ARGV[0] eq '--addr') {
136        if($ARGV[1]) {
137            my $tmpstr = $ARGV[1];
138            if($tmpstr =~ /^(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)$/) {
139                $listenaddr = "$1.$2.$3.$4" if($ipvnum == 4);
140                shift @ARGV;
141            }
142            elsif($ipvnum == 6) {
143                $listenaddr = $tmpstr;
144                $listenaddr =~ s/^\[(.*)\]$/$1/;
145                shift @ARGV;
146            }
147        }
148    }
149    elsif($ARGV[0] eq '--pidfile') {
150        if($ARGV[1]) {
151            $pidfile = "$path/". $ARGV[1];
152            shift @ARGV;
153        }
154    }
155    elsif($ARGV[0] eq '--sshport') {
156        if($ARGV[1]) {
157            if($ARGV[1] =~ /^(\d+)$/) {
158                $port = $1;
159                shift @ARGV;
160            }
161        }
162    }
163    else {
164        print STDERR "\nWarning: sshserver.pl unknown parameter: $ARGV[0]\n";
165    }
166    shift @ARGV;
167}
168
169
170#***************************************************************************
171# Default ssh daemon pid file name
172#
173if(!$pidfile) {
174    $pidfile = "$path/". server_pidfilename($proto, $ipvnum, $idnum);
175}
176
177
178#***************************************************************************
179# ssh and sftp server log file names
180#
181$sshdlog = server_logfilename($logdir, 'ssh', $ipvnum, $idnum);
182$sftplog = server_logfilename($logdir, 'sftp', $ipvnum, $idnum);
183
184
185#***************************************************************************
186# Logging level for ssh server and client
187#
188my $loglevel = $debugprotocol?'DEBUG3':'DEBUG2';
189
190
191#***************************************************************************
192# Validate username
193#
194if(!$username) {
195    $error = 'Will not run ssh server without a user name';
196}
197elsif($username eq 'root') {
198    $error = 'Will not run ssh server as root to mitigate security risks';
199}
200if($error) {
201    logmsg $error;
202    exit 1;
203}
204
205
206#***************************************************************************
207# Find out ssh daemon canonical file name
208#
209my $sshd = find_sshd();
210if(!$sshd) {
211    logmsg "cannot find $sshdexe";
212    exit 1;
213}
214
215
216#***************************************************************************
217# Find out ssh daemon version info
218#
219my ($sshdid, $sshdvernum, $sshdverstr, $sshderror) = sshversioninfo($sshd);
220if(!$sshdid) {
221    # Not an OpenSSH or SunSSH ssh daemon
222    logmsg $sshderror if($verbose);
223    logmsg 'SCP and SFTP tests require OpenSSH 2.9.9 or later';
224    exit 1;
225}
226logmsg "ssh server found $sshd is $sshdverstr" if($verbose);
227
228
229#***************************************************************************
230#  ssh daemon command line options we might use and version support
231#
232#  -e:  log stderr           : OpenSSH 2.9.0 and later
233#  -f:  sshd config file     : OpenSSH 1.2.1 and later
234#  -D:  no daemon forking    : OpenSSH 2.5.0 and later
235#  -o:  command-line option  : OpenSSH 3.1.0 and later
236#  -t:  test config file     : OpenSSH 2.9.9 and later
237#  -?:  sshd version info    : OpenSSH 1.2.1 and later
238#
239#  -e:  log stderr           : SunSSH 1.0.0 and later
240#  -f:  sshd config file     : SunSSH 1.0.0 and later
241#  -D:  no daemon forking    : SunSSH 1.0.0 and later
242#  -o:  command-line option  : SunSSH 1.0.0 and later
243#  -t:  test config file     : SunSSH 1.0.0 and later
244#  -?:  sshd version info    : SunSSH 1.0.0 and later
245
246
247#***************************************************************************
248# Verify minimum ssh daemon version
249#
250if((($sshdid =~ /OpenSSH/) && ($sshdvernum < 299)) ||
251   (($sshdid =~ /SunSSH/)  && ($sshdvernum < 100))) {
252    logmsg 'SCP and SFTP tests require OpenSSH 2.9.9 or later';
253    exit 1;
254}
255
256
257#***************************************************************************
258# Find out sftp server plugin canonical file name
259#
260my $sftpsrv = find_sftpsrv();
261if(!$sftpsrv) {
262    logmsg "cannot find $sftpsrvexe";
263    exit 1;
264}
265logmsg "sftp server plugin found $sftpsrv" if($verbose);
266
267
268#***************************************************************************
269# Find out sftp client canonical file name
270#
271my $sftp = find_sftp();
272if(!$sftp) {
273    logmsg "cannot find $sftpexe";
274    exit 1;
275}
276logmsg "sftp client found $sftp" if($verbose);
277
278
279#***************************************************************************
280# Find out ssh keygen canonical file name
281#
282my $sshkeygen = find_sshkeygen();
283if(!$sshkeygen) {
284    logmsg "cannot find $sshkeygenexe";
285    exit 1;
286}
287logmsg "ssh keygen found $sshkeygen" if($verbose);
288
289
290#***************************************************************************
291# Find out ssh client canonical file name
292#
293my $ssh = find_ssh();
294if(!$ssh) {
295    logmsg "cannot find $sshexe";
296    exit 1;
297}
298
299
300#***************************************************************************
301# Find out ssh client version info
302#
303my ($sshid, $sshvernum, $sshverstr, $ssherror) = sshversioninfo($ssh);
304if(!$sshid) {
305    # Not an OpenSSH or SunSSH ssh client
306    logmsg $ssherror if($verbose);
307    logmsg 'SCP and SFTP tests require OpenSSH 2.9.9 or later';
308    exit 1;
309}
310logmsg "ssh client found $ssh is $sshverstr" if($verbose);
311
312
313#***************************************************************************
314#  ssh client command line options we might use and version support
315#
316#  -D:  dynamic app port forwarding  : OpenSSH 2.9.9 and later
317#  -F:  ssh config file              : OpenSSH 2.9.9 and later
318#  -N:  no shell/command             : OpenSSH 2.1.0 and later
319#  -p:  connection port              : OpenSSH 1.2.1 and later
320#  -v:  verbose messages             : OpenSSH 1.2.1 and later
321# -vv:  increase verbosity           : OpenSSH 2.3.0 and later
322#  -V:  ssh version info             : OpenSSH 1.2.1 and later
323#
324#  -D:  dynamic app port forwarding  : SunSSH 1.0.0 and later
325#  -F:  ssh config file              : SunSSH 1.0.0 and later
326#  -N:  no shell/command             : SunSSH 1.0.0 and later
327#  -p:  connection port              : SunSSH 1.0.0 and later
328#  -v:  verbose messages             : SunSSH 1.0.0 and later
329# -vv:  increase verbosity           : SunSSH 1.0.0 and later
330#  -V:  ssh version info             : SunSSH 1.0.0 and later
331
332
333#***************************************************************************
334# Verify minimum ssh client version
335#
336if((($sshid =~ /OpenSSH/) && ($sshvernum < 299)) ||
337   (($sshid =~ /SunSSH/)  && ($sshvernum < 100))) {
338    logmsg 'SCP and SFTP tests require OpenSSH 2.9.9 or later';
339    exit 1;
340}
341
342
343#***************************************************************************
344#  ssh keygen command line options we actually use and version support
345#
346#  -C:  identity comment : OpenSSH 1.2.1 and later
347#  -f:  key filename     : OpenSSH 1.2.1 and later
348#  -N:  new passphrase   : OpenSSH 1.2.1 and later
349#  -q:  quiet keygen     : OpenSSH 1.2.1 and later
350#  -t:  key type         : OpenSSH 2.5.0 and later
351#
352#  -C:  identity comment : SunSSH 1.0.0 and later
353#  -f:  key filename     : SunSSH 1.0.0 and later
354#  -N:  new passphrase   : SunSSH 1.0.0 and later
355#  -q:  quiet keygen     : SunSSH 1.0.0 and later
356#  -t:  key type         : SunSSH 1.0.0 and later
357
358
359#***************************************************************************
360# Generate host and client key files for curl's tests
361#
362if((! -e $hstprvkeyf) || (! -s $hstprvkeyf) ||
363   (! -e $hstpubkeyf) || (! -s $hstpubkeyf) ||
364   (! -e $hstpubmd5f) || (! -s $hstpubmd5f) ||
365   (! -e $cliprvkeyf) || (! -s $cliprvkeyf) ||
366   (! -e $clipubkeyf) || (! -s $clipubkeyf)) {
367    # Make sure all files are gone so ssh-keygen doesn't complain
368    unlink($hstprvkeyf, $hstpubkeyf, $hstpubmd5f, $cliprvkeyf, $clipubkeyf);
369    logmsg 'generating host keys...' if($verbose);
370    if(system "\"$sshkeygen\" -q -t rsa -f $hstprvkeyf -C 'curl test server' -N ''") {
371        logmsg 'Could not generate host key';
372        exit 1;
373    }
374    logmsg 'generating client keys...' if($verbose);
375    if(system "\"$sshkeygen\" -q -t rsa -f $cliprvkeyf -C 'curl test client' -N ''") {
376        logmsg 'Could not generate client key';
377        exit 1;
378    }
379    # Make sure that permissions are restricted so openssh doesn't complain
380    system "chmod 600 $hstprvkeyf";
381    system "chmod 600 $cliprvkeyf";
382    # Save md5 hash of public host key
383    open(RSAKEYFILE, "<$hstpubkeyf");
384    my @rsahostkey = do { local $/ = ' '; <RSAKEYFILE> };
385    close(RSAKEYFILE);
386    if(!$rsahostkey[1]) {
387        logmsg 'Failed parsing base64 encoded RSA host key';
388        exit 1;
389    }
390    open(PUBMD5FILE, ">$hstpubmd5f");
391    print PUBMD5FILE md5_hex(decode_base64($rsahostkey[1]));
392    close(PUBMD5FILE);
393    if((! -e $hstpubmd5f) || (! -s $hstpubmd5f)) {
394        logmsg 'Failed writing md5 hash of RSA host key';
395        exit 1;
396    }
397}
398
399
400#***************************************************************************
401# Convert paths for curl's tests running on Windows with Cygwin/Msys OpenSSH
402#
403my $clipubkeyf_config = abs_path("$path/$clipubkeyf");
404my $hstprvkeyf_config = abs_path("$path/$hstprvkeyf");
405my $pidfile_config = $pidfile;
406my $sftpsrv_config = $sftpsrv;
407
408if (pathhelp::os_is_win()) {
409    # Ensure to use MinGW/Cygwin paths
410    $clipubkeyf_config = pathhelp::build_sys_abs_path($clipubkeyf_config);
411    $hstprvkeyf_config = pathhelp::build_sys_abs_path($hstprvkeyf_config);
412    $pidfile_config = pathhelp::build_sys_abs_path($pidfile_config);
413    $sftpsrv_config = "internal-sftp";
414}
415if ($sshdid =~ /OpenSSH-Windows/) {
416    # Ensure to use native Windows paths with OpenSSH for Windows
417    $clipubkeyf_config = pathhelp::sys_native_abs_path($clipubkeyf);
418    $hstprvkeyf_config = pathhelp::sys_native_abs_path($hstprvkeyf);
419    $pidfile_config = pathhelp::sys_native_abs_path($pidfile);
420    $sftpsrv_config = pathhelp::sys_native_abs_path($sftpsrv);
421
422    $sshdconfig = pathhelp::sys_native_abs_path($sshdconfig);
423    $sshconfig = pathhelp::sys_native_abs_path($sshconfig);
424    $sftpconfig = pathhelp::sys_native_abs_path($sftpconfig);
425}
426
427#***************************************************************************
428#  ssh daemon configuration file options we might use and version support
429#
430#  AFSTokenPassing                  : OpenSSH 1.2.1 and later [1]
431#  AcceptEnv                        : OpenSSH 3.9.0 and later
432#  AddressFamily                    : OpenSSH 4.0.0 and later
433#  AllowGroups                      : OpenSSH 1.2.1 and later
434#  AllowTcpForwarding               : OpenSSH 2.3.0 and later
435#  AllowUsers                       : OpenSSH 1.2.1 and later
436#  AuthorizedKeysFile               : OpenSSH 2.9.9 and later
437#  AuthorizedKeysFile2              : OpenSSH 2.9.9 and later
438#  Banner                           : OpenSSH 2.5.0 and later
439#  ChallengeResponseAuthentication  : OpenSSH 2.5.0 and later
440#  Ciphers                          : OpenSSH 2.1.0 and later [3]
441#  ClientAliveCountMax              : OpenSSH 2.9.0 and later
442#  ClientAliveInterval              : OpenSSH 2.9.0 and later
443#  Compression                      : OpenSSH 3.3.0 and later
444#  DenyGroups                       : OpenSSH 1.2.1 and later
445#  DenyUsers                        : OpenSSH 1.2.1 and later
446#  ForceCommand                     : OpenSSH 4.4.0 and later [3]
447#  GatewayPorts                     : OpenSSH 2.1.0 and later
448#  GSSAPIAuthentication             : OpenSSH 3.7.0 and later [1]
449#  GSSAPICleanupCredentials         : OpenSSH 3.8.0 and later [1]
450#  GSSAPIKeyExchange                :  SunSSH 1.0.0 and later [1]
451#  GSSAPIStoreDelegatedCredentials  :  SunSSH 1.0.0 and later [1]
452#  GSSCleanupCreds                  :  SunSSH 1.0.0 and later [1]
453#  GSSUseSessionCredCache           :  SunSSH 1.0.0 and later [1]
454#  HostbasedAuthentication          : OpenSSH 2.9.0 and later
455#  HostbasedUsesNameFromPacketOnly  : OpenSSH 2.9.0 and later
456#  HostKey                          : OpenSSH 1.2.1 and later
457#  IgnoreRhosts                     : OpenSSH 1.2.1 and later
458#  IgnoreUserKnownHosts             : OpenSSH 1.2.1 and later
459#  KbdInteractiveAuthentication     : OpenSSH 2.3.0 and later
460#  KeepAlive                        : OpenSSH 1.2.1 and later
461#  KerberosAuthentication           : OpenSSH 1.2.1 and later [1]
462#  KerberosGetAFSToken              : OpenSSH 3.8.0 and later [1]
463#  KerberosOrLocalPasswd            : OpenSSH 1.2.1 and later [1]
464#  KerberosTgtPassing               : OpenSSH 1.2.1 and later [1]
465#  KerberosTicketCleanup            : OpenSSH 1.2.1 and later [1]
466#  KeyRegenerationInterval          : OpenSSH 1.2.1 and later
467#  ListenAddress                    : OpenSSH 1.2.1 and later
468#  LoginGraceTime                   : OpenSSH 1.2.1 and later
469#  LogLevel                         : OpenSSH 1.2.1 and later
470#  LookupClientHostnames            :  SunSSH 1.0.0 and later
471#  MACs                             : OpenSSH 2.5.0 and later [3]
472#  Match                            : OpenSSH 4.4.0 and later [3]
473#  MaxAuthTries                     : OpenSSH 3.9.0 and later
474#  MaxStartups                      : OpenSSH 2.2.0 and later
475#  PAMAuthenticationViaKbdInt       : OpenSSH 2.9.0 and later [2]
476#  PasswordAuthentication           : OpenSSH 1.2.1 and later
477#  PermitEmptyPasswords             : OpenSSH 1.2.1 and later
478#  PermitOpen                       : OpenSSH 4.4.0 and later [3]
479#  PermitRootLogin                  : OpenSSH 1.2.1 and later
480#  PermitTunnel                     : OpenSSH 4.3.0 and later
481#  PermitUserEnvironment            : OpenSSH 3.5.0 and later
482#  PidFile                          : OpenSSH 2.1.0 and later
483#  Port                             : OpenSSH 1.2.1 and later
484#  PrintLastLog                     : OpenSSH 2.9.0 and later
485#  PrintMotd                        : OpenSSH 1.2.1 and later
486#  Protocol                         : OpenSSH 2.1.0 and later
487#  PubkeyAuthentication             : OpenSSH 2.5.0 and later
488#  RhostsAuthentication             : OpenSSH 1.2.1 and later
489#  RhostsRSAAuthentication          : OpenSSH 1.2.1 and later
490#  RSAAuthentication                : OpenSSH 1.2.1 and later
491#  ServerKeyBits                    : OpenSSH 1.2.1 and later
492#  SkeyAuthentication               : OpenSSH 1.2.1 and later [1]
493#  StrictModes                      : OpenSSH 1.2.1 and later
494#  Subsystem                        : OpenSSH 2.2.0 and later
495#  SyslogFacility                   : OpenSSH 1.2.1 and later
496#  TCPKeepAlive                     : OpenSSH 3.8.0 and later
497#  UseDNS                           : OpenSSH 3.7.0 and later
498#  UseLogin                         : OpenSSH 1.2.1 and later
499#  UsePAM                           : OpenSSH 3.7.0 and later [1][2]
500#  UsePrivilegeSeparation           : OpenSSH 3.2.2 and later
501#  VerifyReverseMapping             : OpenSSH 3.1.0 and later
502#  X11DisplayOffset                 : OpenSSH 1.2.1 and later [3]
503#  X11Forwarding                    : OpenSSH 1.2.1 and later
504#  X11UseLocalhost                  : OpenSSH 3.1.0 and later
505#  XAuthLocation                    : OpenSSH 2.1.1 and later [3]
506#
507#  [1] Option only available if activated at compile time
508#  [2] Option specific for portable versions
509#  [3] Option not used in our ssh server config file
510
511
512#***************************************************************************
513# Initialize sshd config with options actually supported in OpenSSH 2.9.9
514#
515logmsg 'generating ssh server config file...' if($verbose);
516@cfgarr = ();
517push @cfgarr, '# This is a generated file.  Do not edit.';
518push @cfgarr, "# $sshdverstr sshd configuration file for curl testing";
519push @cfgarr, '#';
520
521# AllowUsers and DenyUsers options should use lowercase on Windows
522# and do not support quotes around values for some unknown reason.
523if ($sshdid =~ /OpenSSH-Windows/) {
524    my $username_lc = lc $username;
525    if (exists $ENV{USERDOMAIN}) {
526        my $userdomain_lc = lc $ENV{USERDOMAIN};
527        $username_lc = "$userdomain_lc\\$username_lc";
528    }
529    $username_lc =~ s/ /\?/g; # replace space with ?
530    push @cfgarr, "DenyUsers !$username_lc";
531    push @cfgarr, "AllowUsers $username_lc";
532} else {
533    push @cfgarr, "DenyUsers !$username";
534    push @cfgarr, "AllowUsers $username";
535}
536
537push @cfgarr, 'DenyGroups';
538push @cfgarr, 'AllowGroups';
539push @cfgarr, '#';
540push @cfgarr, "AuthorizedKeysFile $clipubkeyf_config";
541push @cfgarr, "AuthorizedKeysFile2 $clipubkeyf_config";
542push @cfgarr, "HostKey $hstprvkeyf_config";
543if ($sshdid !~ /OpenSSH-Windows/) {
544    push @cfgarr, "PidFile $pidfile_config";
545}
546push @cfgarr, '#';
547push @cfgarr, "Port $port";
548push @cfgarr, "ListenAddress $listenaddr";
549push @cfgarr, 'Protocol 2';
550push @cfgarr, '#';
551push @cfgarr, 'AllowTcpForwarding yes';
552push @cfgarr, 'Banner none';
553push @cfgarr, 'ChallengeResponseAuthentication no';
554push @cfgarr, 'ClientAliveCountMax 3';
555push @cfgarr, 'ClientAliveInterval 0';
556push @cfgarr, 'GatewayPorts no';
557push @cfgarr, 'HostbasedAuthentication no';
558push @cfgarr, 'HostbasedUsesNameFromPacketOnly no';
559push @cfgarr, 'IgnoreRhosts yes';
560push @cfgarr, 'IgnoreUserKnownHosts yes';
561push @cfgarr, 'KeyRegenerationInterval 0';
562push @cfgarr, 'LoginGraceTime 30';
563push @cfgarr, "LogLevel $loglevel";
564push @cfgarr, 'MaxStartups 5';
565push @cfgarr, 'PasswordAuthentication no';
566push @cfgarr, 'PermitEmptyPasswords no';
567push @cfgarr, 'PermitRootLogin no';
568push @cfgarr, 'PrintLastLog no';
569push @cfgarr, 'PrintMotd no';
570push @cfgarr, 'PubkeyAuthentication yes';
571push @cfgarr, 'RhostsRSAAuthentication no';
572push @cfgarr, 'RSAAuthentication no';
573push @cfgarr, 'ServerKeyBits 768';
574push @cfgarr, 'StrictModes no';
575push @cfgarr, "Subsystem sftp \"$sftpsrv_config\"";
576push @cfgarr, 'SyslogFacility AUTH';
577push @cfgarr, 'UseLogin no';
578push @cfgarr, 'X11Forwarding no';
579push @cfgarr, '#';
580
581
582#***************************************************************************
583# Write out initial sshd configuration file for curl's tests
584#
585$error = dump_array($sshdconfig, @cfgarr);
586if($error) {
587    logmsg $error;
588    exit 1;
589}
590
591
592#***************************************************************************
593# Verifies at run time if sshd supports a given configuration file option
594#
595sub sshd_supports_opt {
596    my ($option, $value) = @_;
597    my $err;
598    #
599    if((($sshdid =~ /OpenSSH/) && ($sshdvernum >= 310)) ||
600        ($sshdid =~ /SunSSH/)) {
601        # ssh daemon supports command line options -t -f and -o
602        $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/,
603                    qx("$sshd" -t -f $sshdconfig -o "$option=$value" 2>&1);
604        return !$err;
605    }
606    if(($sshdid =~ /OpenSSH/) && ($sshdvernum >= 299)) {
607        # ssh daemon supports command line options -t and -f
608        $err = dump_array($sshdconfig, (@cfgarr, "$option $value"));
609        if($err) {
610            logmsg $err;
611            return 0;
612        }
613        $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/,
614                    qx("$sshd" -t -f $sshdconfig 2>&1);
615        unlink $sshdconfig;
616        return !$err;
617    }
618    return 0;
619}
620
621
622#***************************************************************************
623# Kerberos Authentication support may have not been built into sshd
624#
625if(sshd_supports_opt('KerberosAuthentication','no')) {
626    push @cfgarr, 'KerberosAuthentication no';
627}
628if(sshd_supports_opt('KerberosGetAFSToken','no')) {
629    push @cfgarr, 'KerberosGetAFSToken no';
630}
631if(sshd_supports_opt('KerberosOrLocalPasswd','no')) {
632    push @cfgarr, 'KerberosOrLocalPasswd no';
633}
634if(sshd_supports_opt('KerberosTgtPassing','no')) {
635    push @cfgarr, 'KerberosTgtPassing no';
636}
637if(sshd_supports_opt('KerberosTicketCleanup','yes')) {
638    push @cfgarr, 'KerberosTicketCleanup yes';
639}
640
641
642#***************************************************************************
643# Andrew File System support may have not been built into sshd
644#
645if(sshd_supports_opt('AFSTokenPassing','no')) {
646    push @cfgarr, 'AFSTokenPassing no';
647}
648
649
650#***************************************************************************
651# S/Key authentication support may have not been built into sshd
652#
653if(sshd_supports_opt('SkeyAuthentication','no')) {
654    push @cfgarr, 'SkeyAuthentication no';
655}
656
657
658#***************************************************************************
659# GSSAPI Authentication support may have not been built into sshd
660#
661my $sshd_builtwith_GSSAPI;
662if(sshd_supports_opt('GSSAPIAuthentication','no')) {
663    push @cfgarr, 'GSSAPIAuthentication no';
664    $sshd_builtwith_GSSAPI = 1;
665}
666if(sshd_supports_opt('GSSAPICleanupCredentials','yes')) {
667    push @cfgarr, 'GSSAPICleanupCredentials yes';
668}
669if(sshd_supports_opt('GSSAPIKeyExchange','no')) {
670    push @cfgarr, 'GSSAPIKeyExchange no';
671}
672if(sshd_supports_opt('GSSAPIStoreDelegatedCredentials','no')) {
673    push @cfgarr, 'GSSAPIStoreDelegatedCredentials no';
674}
675if(sshd_supports_opt('GSSCleanupCreds','yes')) {
676    push @cfgarr, 'GSSCleanupCreds yes';
677}
678if(sshd_supports_opt('GSSUseSessionCredCache','no')) {
679    push @cfgarr, 'GSSUseSessionCredCache no';
680}
681push @cfgarr, '#';
682
683
684#***************************************************************************
685# Options that might be supported or not in sshd OpenSSH 2.9.9 and later
686#
687if(sshd_supports_opt('AcceptEnv','')) {
688    push @cfgarr, 'AcceptEnv';
689}
690if(sshd_supports_opt('AddressFamily','any')) {
691    # Address family must be specified before ListenAddress
692    splice @cfgarr, 14, 0, 'AddressFamily any';
693}
694if(sshd_supports_opt('Compression','no')) {
695    push @cfgarr, 'Compression no';
696}
697if(sshd_supports_opt('KbdInteractiveAuthentication','no')) {
698    push @cfgarr, 'KbdInteractiveAuthentication no';
699}
700if(sshd_supports_opt('KeepAlive','no')) {
701    push @cfgarr, 'KeepAlive no';
702}
703if(sshd_supports_opt('LookupClientHostnames','no')) {
704    push @cfgarr, 'LookupClientHostnames no';
705}
706if(sshd_supports_opt('MaxAuthTries','10')) {
707    push @cfgarr, 'MaxAuthTries 10';
708}
709if(sshd_supports_opt('PAMAuthenticationViaKbdInt','no')) {
710    push @cfgarr, 'PAMAuthenticationViaKbdInt no';
711}
712if(sshd_supports_opt('PermitTunnel','no')) {
713    push @cfgarr, 'PermitTunnel no';
714}
715if(sshd_supports_opt('PermitUserEnvironment','no')) {
716    push @cfgarr, 'PermitUserEnvironment no';
717}
718if(sshd_supports_opt('RhostsAuthentication','no')) {
719    push @cfgarr, 'RhostsAuthentication no';
720}
721if(sshd_supports_opt('TCPKeepAlive','no')) {
722    push @cfgarr, 'TCPKeepAlive no';
723}
724if(sshd_supports_opt('UseDNS','no')) {
725    push @cfgarr, 'UseDNS no';
726}
727if(sshd_supports_opt('UsePAM','no')) {
728    push @cfgarr, 'UsePAM no';
729}
730
731if($sshdid =~ /OpenSSH/) {
732    # http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6492415
733    if(sshd_supports_opt('UsePrivilegeSeparation','no')) {
734        push @cfgarr, 'UsePrivilegeSeparation no';
735    }
736}
737
738if(sshd_supports_opt('VerifyReverseMapping','no')) {
739    push @cfgarr, 'VerifyReverseMapping no';
740}
741if(sshd_supports_opt('X11UseLocalhost','yes')) {
742    push @cfgarr, 'X11UseLocalhost yes';
743}
744push @cfgarr, '#';
745
746
747#***************************************************************************
748# Write out resulting sshd configuration file for curl's tests
749#
750$error = dump_array($sshdconfig, @cfgarr);
751if($error) {
752    logmsg $error;
753    exit 1;
754}
755
756
757#***************************************************************************
758# Verify that sshd actually supports our generated configuration file
759#
760if(system "\"$sshd\" -t -f $sshdconfig > $sshdlog 2>&1") {
761    logmsg "sshd configuration file $sshdconfig failed verification";
762    display_sshdlog();
763    display_sshdconfig();
764    exit 1;
765}
766
767
768#***************************************************************************
769# Generate ssh client host key database file for curl's tests
770#
771if((! -e $knownhosts) || (! -s $knownhosts)) {
772    logmsg 'generating ssh client known hosts file...' if($verbose);
773    unlink($knownhosts);
774    if(open(RSAKEYFILE, "<$hstpubkeyf")) {
775        my @rsahostkey = do { local $/ = ' '; <RSAKEYFILE> };
776        if(close(RSAKEYFILE)) {
777            if(open(KNOWNHOSTS, ">$knownhosts")) {
778                print KNOWNHOSTS "$listenaddr ssh-rsa $rsahostkey[1]\n";
779                if(!close(KNOWNHOSTS)) {
780                    $error = "Error: cannot close file $knownhosts";
781                }
782            }
783            else {
784                $error = "Error: cannot write file $knownhosts";
785            }
786        }
787        else {
788            $error = "Error: cannot close file $hstpubkeyf";
789        }
790    }
791    else {
792        $error = "Error: cannot read file $hstpubkeyf";
793    }
794    if($error) {
795        logmsg $error;
796        exit 1;
797    }
798}
799
800
801#***************************************************************************
802# Convert paths for curl's tests running on Windows using Cygwin OpenSSH
803#
804my $identity_config = abs_path("$path/$identity");
805my $knownhosts_config = abs_path("$path/$knownhosts");
806
807if (pathhelp::os_is_win()) {
808    # Ensure to use MinGW/Cygwin paths
809    $identity_config = pathhelp::build_sys_abs_path($identity_config);
810    $knownhosts_config = pathhelp::build_sys_abs_path($knownhosts_config);
811}
812if ($sshdid =~ /OpenSSH-Windows/) {
813    # Ensure to use native Windows paths with OpenSSH for Windows
814    $identity_config = pathhelp::sys_native_abs_path($identity);
815    $knownhosts_config = pathhelp::sys_native_abs_path($knownhosts);
816}
817
818#***************************************************************************
819#  ssh client configuration file options we might use and version support
820#
821#  AddressFamily                     : OpenSSH 3.7.0 and later
822#  BatchMode                         : OpenSSH 1.2.1 and later
823#  BindAddress                       : OpenSSH 2.9.9 and later
824#  ChallengeResponseAuthentication   : OpenSSH 2.5.0 and later
825#  CheckHostIP                       : OpenSSH 1.2.1 and later
826#  Cipher                            : OpenSSH 1.2.1 and later [3]
827#  Ciphers                           : OpenSSH 2.1.0 and later [3]
828#  ClearAllForwardings               : OpenSSH 2.9.9 and later
829#  Compression                       : OpenSSH 1.2.1 and later
830#  CompressionLevel                  : OpenSSH 1.2.1 and later [3]
831#  ConnectionAttempts                : OpenSSH 1.2.1 and later
832#  ConnectTimeout                    : OpenSSH 3.7.0 and later
833#  ControlMaster                     : OpenSSH 3.9.0 and later
834#  ControlPath                       : OpenSSH 3.9.0 and later
835#  DisableBanner                     :  SunSSH 1.2.0 and later
836#  DynamicForward                    : OpenSSH 2.9.0 and later
837#  EnableSSHKeysign                  : OpenSSH 3.6.0 and later
838#  EscapeChar                        : OpenSSH 1.2.1 and later [3]
839#  ExitOnForwardFailure              : OpenSSH 4.4.0 and later
840#  ForwardAgent                      : OpenSSH 1.2.1 and later
841#  ForwardX11                        : OpenSSH 1.2.1 and later
842#  ForwardX11Trusted                 : OpenSSH 3.8.0 and later
843#  GatewayPorts                      : OpenSSH 1.2.1 and later
844#  GlobalKnownHostsFile              : OpenSSH 1.2.1 and later
845#  GSSAPIAuthentication              : OpenSSH 3.7.0 and later [1]
846#  GSSAPIDelegateCredentials         : OpenSSH 3.7.0 and later [1]
847#  HashKnownHosts                    : OpenSSH 4.0.0 and later
848#  Host                              : OpenSSH 1.2.1 and later
849#  HostbasedAuthentication           : OpenSSH 2.9.0 and later
850#  HostKeyAlgorithms                 : OpenSSH 2.9.0 and later [3]
851#  HostKeyAlias                      : OpenSSH 2.5.0 and later [3]
852#  HostName                          : OpenSSH 1.2.1 and later
853#  IdentitiesOnly                    : OpenSSH 3.9.0 and later
854#  IdentityFile                      : OpenSSH 1.2.1 and later
855#  IgnoreIfUnknown                   :  SunSSH 1.2.0 and later
856#  KeepAlive                         : OpenSSH 1.2.1 and later
857#  KbdInteractiveAuthentication      : OpenSSH 2.3.0 and later
858#  KbdInteractiveDevices             : OpenSSH 2.3.0 and later [3]
859#  LocalCommand                      : OpenSSH 4.3.0 and later [3]
860#  LocalForward                      : OpenSSH 1.2.1 and later [3]
861#  LogLevel                          : OpenSSH 1.2.1 and later
862#  MACs                              : OpenSSH 2.5.0 and later [3]
863#  NoHostAuthenticationForLocalhost  : OpenSSH 3.0.0 and later
864#  NumberOfPasswordPrompts           : OpenSSH 1.2.1 and later
865#  PasswordAuthentication            : OpenSSH 1.2.1 and later
866#  PermitLocalCommand                : OpenSSH 4.3.0 and later
867#  Port                              : OpenSSH 1.2.1 and later
868#  PreferredAuthentications          : OpenSSH 2.5.2 and later
869#  Protocol                          : OpenSSH 2.1.0 and later
870#  ProxyCommand                      : OpenSSH 1.2.1 and later [3]
871#  PubkeyAuthentication              : OpenSSH 2.5.0 and later
872#  RekeyLimit                        : OpenSSH 3.7.0 and later
873#  RemoteForward                     : OpenSSH 1.2.1 and later [3]
874#  RhostsRSAAuthentication           : OpenSSH 1.2.1 and later
875#  RSAAuthentication                 : OpenSSH 1.2.1 and later
876#  SendEnv                           : OpenSSH 3.9.0 and later
877#  ServerAliveCountMax               : OpenSSH 3.8.0 and later
878#  ServerAliveInterval               : OpenSSH 3.8.0 and later
879#  SmartcardDevice                   : OpenSSH 2.9.9 and later [1][3]
880#  StrictHostKeyChecking             : OpenSSH 1.2.1 and later
881#  TCPKeepAlive                      : OpenSSH 3.8.0 and later
882#  Tunnel                            : OpenSSH 4.3.0 and later
883#  TunnelDevice                      : OpenSSH 4.3.0 and later [3]
884#  UsePAM                            : OpenSSH 3.7.0 and later [1][2][3]
885#  UsePrivilegedPort                 : OpenSSH 1.2.1 and later
886#  User                              : OpenSSH 1.2.1 and later
887#  UserKnownHostsFile                : OpenSSH 1.2.1 and later
888#  VerifyHostKeyDNS                  : OpenSSH 3.8.0 and later
889#  XAuthLocation                     : OpenSSH 2.1.1 and later [3]
890#
891#  [1] Option only available if activated at compile time
892#  [2] Option specific for portable versions
893#  [3] Option not used in our ssh client config file
894
895
896#***************************************************************************
897# Initialize ssh config with options actually supported in OpenSSH 2.9.9
898#
899logmsg 'generating ssh client config file...' if($verbose);
900@cfgarr = ();
901push @cfgarr, '# This is a generated file.  Do not edit.';
902push @cfgarr, "# $sshverstr ssh client configuration file for curl testing";
903push @cfgarr, '#';
904push @cfgarr, 'Host *';
905push @cfgarr, '#';
906push @cfgarr, "Port $port";
907push @cfgarr, "HostName $listenaddr";
908push @cfgarr, "User $username";
909push @cfgarr, 'Protocol 2';
910push @cfgarr, '#';
911
912# BindAddress option is not supported by OpenSSH for Windows
913if (!($sshdid =~ /OpenSSH-Windows/)) {
914    push @cfgarr, "BindAddress $listenaddr";
915}
916
917push @cfgarr, '#';
918push @cfgarr, "IdentityFile $identity_config";
919push @cfgarr, "UserKnownHostsFile $knownhosts_config";
920push @cfgarr, '#';
921push @cfgarr, 'BatchMode yes';
922push @cfgarr, 'ChallengeResponseAuthentication no';
923push @cfgarr, 'CheckHostIP no';
924push @cfgarr, 'ClearAllForwardings no';
925push @cfgarr, 'Compression no';
926push @cfgarr, 'ConnectionAttempts 3';
927push @cfgarr, 'ForwardAgent no';
928push @cfgarr, 'ForwardX11 no';
929push @cfgarr, 'GatewayPorts no';
930push @cfgarr, 'GlobalKnownHostsFile /dev/null';
931push @cfgarr, 'HostbasedAuthentication no';
932push @cfgarr, 'KbdInteractiveAuthentication no';
933push @cfgarr, "LogLevel $loglevel";
934push @cfgarr, 'NumberOfPasswordPrompts 0';
935push @cfgarr, 'PasswordAuthentication no';
936push @cfgarr, 'PreferredAuthentications publickey';
937push @cfgarr, 'PubkeyAuthentication yes';
938
939# RSA authentication options are not supported by OpenSSH for Windows
940if (!($sshdid =~ /OpenSSH-Windows/)) {
941    push @cfgarr, 'RhostsRSAAuthentication no';
942    push @cfgarr, 'RSAAuthentication no';
943}
944
945# Disabled StrictHostKeyChecking since it makes the tests fail on my
946# OpenSSH_6.0p1 on Debian Linux / Daniel
947push @cfgarr, 'StrictHostKeyChecking no';
948push @cfgarr, 'UsePrivilegedPort no';
949push @cfgarr, '#';
950
951
952#***************************************************************************
953# Options supported in ssh client newer than OpenSSH 2.9.9
954#
955
956if(($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) {
957    push @cfgarr, 'AddressFamily any';
958}
959
960if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) ||
961   (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
962    push @cfgarr, 'ConnectTimeout 30';
963}
964
965if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
966    push @cfgarr, 'ControlMaster no';
967}
968
969if(($sshid =~ /OpenSSH/) && ($sshvernum >= 420)) {
970    push @cfgarr, 'ControlPath none';
971}
972
973if(($sshid =~ /SunSSH/) && ($sshvernum >= 120)) {
974    push @cfgarr, 'DisableBanner yes';
975}
976
977if(($sshid =~ /OpenSSH/) && ($sshvernum >= 360)) {
978    push @cfgarr, 'EnableSSHKeysign no';
979}
980
981if(($sshid =~ /OpenSSH/) && ($sshvernum >= 440)) {
982    push @cfgarr, 'ExitOnForwardFailure yes';
983}
984
985if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) ||
986   (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
987    push @cfgarr, 'ForwardX11Trusted no';
988}
989
990if(($sshd_builtwith_GSSAPI) && ($sshdid eq $sshid) &&
991   ($sshdvernum == $sshvernum)) {
992    push @cfgarr, 'GSSAPIAuthentication no';
993    push @cfgarr, 'GSSAPIDelegateCredentials no';
994    if($sshid =~ /SunSSH/) {
995        push @cfgarr, 'GSSAPIKeyExchange no';
996    }
997}
998
999if((($sshid =~ /OpenSSH/) && ($sshvernum >= 400)) ||
1000   (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
1001    push @cfgarr, 'HashKnownHosts no';
1002}
1003
1004if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
1005    push @cfgarr, 'IdentitiesOnly yes';
1006}
1007
1008if(($sshid =~ /SunSSH/) && ($sshvernum >= 120)) {
1009    push @cfgarr, 'IgnoreIfUnknown no';
1010}
1011
1012if((($sshid =~ /OpenSSH/) && ($sshvernum < 380)) ||
1013    ($sshid =~ /SunSSH/)) {
1014    push @cfgarr, 'KeepAlive no';
1015}
1016
1017if((($sshid =~ /OpenSSH/) && ($sshvernum >= 300)) ||
1018    ($sshid =~ /SunSSH/)) {
1019    push @cfgarr, 'NoHostAuthenticationForLocalhost no';
1020}
1021
1022if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) {
1023    push @cfgarr, 'PermitLocalCommand no';
1024}
1025
1026if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) ||
1027   (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
1028    push @cfgarr, 'RekeyLimit 1G';
1029}
1030
1031if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
1032    push @cfgarr, 'SendEnv';
1033}
1034
1035if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) ||
1036   (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
1037    push @cfgarr, 'ServerAliveCountMax 3';
1038    push @cfgarr, 'ServerAliveInterval 0';
1039}
1040
1041if(($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) {
1042    push @cfgarr, 'TCPKeepAlive no';
1043}
1044
1045if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) {
1046    push @cfgarr, 'Tunnel no';
1047}
1048
1049if(($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) {
1050    push @cfgarr, 'VerifyHostKeyDNS no';
1051}
1052
1053push @cfgarr, '#';
1054
1055
1056#***************************************************************************
1057# Write out resulting ssh client configuration file for curl's tests
1058#
1059$error = dump_array($sshconfig, @cfgarr);
1060if($error) {
1061    logmsg $error;
1062    exit 1;
1063}
1064
1065
1066#***************************************************************************
1067# Initialize client sftp config with options actually supported.
1068#
1069logmsg 'generating sftp client config file...' if($verbose);
1070splice @cfgarr, 1, 1, "# $sshverstr sftp client configuration file for curl testing";
1071#
1072for(my $i = scalar(@cfgarr) - 1; $i > 0; $i--) {
1073    if($cfgarr[$i] =~ /^DynamicForward/) {
1074        splice @cfgarr, $i, 1;
1075        next;
1076    }
1077    if($cfgarr[$i] =~ /^ClearAllForwardings/) {
1078        splice @cfgarr, $i, 1, "ClearAllForwardings yes";
1079        next;
1080    }
1081}
1082
1083
1084#***************************************************************************
1085# Write out resulting sftp client configuration file for curl's tests
1086#
1087$error = dump_array($sftpconfig, @cfgarr);
1088if($error) {
1089    logmsg $error;
1090    exit 1;
1091}
1092@cfgarr = ();
1093
1094
1095#***************************************************************************
1096# Generate client sftp commands batch file for sftp server verification
1097#
1098logmsg 'generating sftp client commands file...' if($verbose);
1099push @cfgarr, 'pwd';
1100push @cfgarr, 'quit';
1101$error = dump_array($sftpcmds, @cfgarr);
1102if($error) {
1103    logmsg $error;
1104    exit 1;
1105}
1106@cfgarr = ();
1107
1108#***************************************************************************
1109# Prepare command line of ssh server daemon
1110#
1111my $cmd = "\"$sshd\" -e -D -f $sshdconfig > $sshdlog 2>&1";
1112logmsg "SCP/SFTP server listening on port $port" if($verbose);
1113logmsg "RUN: $cmd" if($verbose);
1114
1115#***************************************************************************
1116# Start the ssh server daemon on Windows without forking it
1117#
1118if ($sshdid =~ /OpenSSH-Windows/) {
1119    # Fake pidfile for ssh server on Windows.
1120    if(open(OUT, ">$pidfile")) {
1121        print OUT $$ . "\n";
1122        close(OUT);
1123    }
1124
1125    # Put an "exec" in front of the command so that the child process
1126    # keeps this child's process ID by being tied to the spawned shell.
1127    exec("exec $cmd") || die "Can't exec() $cmd: $!";
1128    # exec() will create a new process, but ties the existence of the
1129    # new process to the parent waiting perl.exe and sh.exe processes.
1130
1131    # exec() should never return back here to this process. We protect
1132    # ourselves by calling die() just in case something goes really bad.
1133    die "error: exec() has returned";
1134}
1135
1136#***************************************************************************
1137# Start the ssh server daemon without forking it
1138#
1139my $rc = system($cmd);
1140if($rc == -1) {
1141    logmsg "\"$sshd\" failed with: $!";
1142}
1143elsif($rc & 127) {
1144    logmsg sprintf("\"$sshd\" died with signal %d, and %s coredump",
1145                   ($rc & 127), ($rc & 128)?'a':'no');
1146}
1147elsif($verbose && ($rc >> 8)) {
1148    logmsg sprintf("\"$sshd\" exited with %d", $rc >> 8);
1149}
1150
1151
1152#***************************************************************************
1153# Clean up once the server has stopped
1154#
1155unlink($hstprvkeyf, $hstpubkeyf, $hstpubmd5f,
1156       $cliprvkeyf, $clipubkeyf, $knownhosts,
1157       $sshdconfig, $sshconfig, $sftpconfig);
1158
1159exit 0;
1160