1# $OpenBSD: keytype.sh,v 1.4 2015/07/10 06:23:25 markus Exp $ 2# Placed in the Public Domain. 3 4tid="login with different key types" 5 6TIME=`which time 2>/dev/null` 7if test ! -x "$TIME"; then 8 TIME="" 9fi 10 11cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 12cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak 13 14# Traditional and builtin key types. 15ktypes="dsa-1024 rsa-2048 rsa-3072 ed25519-512" 16# Types not present in all OpenSSL versions. 17for i in `$SSH -Q key`; do 18 case "$i" in 19 ecdsa-sha2-nistp256) ktypes="$ktypes ecdsa-256" ;; 20 ecdsa-sha2-nistp384) ktypes="$ktypes ecdsa-384" ;; 21 ecdsa-sha2-nistp521) ktypes="$ktypes ecdsa-521" ;; 22 esac 23done 24 25for kt in $ktypes; do 26 rm -f $OBJ/key.$kt 27 bits=`echo ${kt} | awk -F- '{print $2}'` 28 type=`echo ${kt} | awk -F- '{print $1}'` 29 printf "keygen $type, $bits bits:\t" 30 ${TIME} ${SSHKEYGEN} -b $bits -q -N '' -t $type -f $OBJ/key.$kt ||\ 31 fail "ssh-keygen for type $type, $bits bits failed" 32done 33 34tries="1 2 3" 35for ut in $ktypes; do 36 htypes=$ut 37 #htypes=$ktypes 38 for ht in $htypes; do 39 case $ht in 40 dsa-1024) t=ssh-dss;; 41 ecdsa-256) t=ecdsa-sha2-nistp256;; 42 ecdsa-384) t=ecdsa-sha2-nistp384;; 43 ecdsa-521) t=ecdsa-sha2-nistp521;; 44 ed25519-512) t=ssh-ed25519;; 45 rsa-*) t=ssh-rsa;; 46 esac 47 trace "ssh connect, userkey $ut, hostkey $ht" 48 ( 49 grep -v HostKey $OBJ/sshd_proxy_bak 50 echo HostKey $OBJ/key.$ht 51 echo PubkeyAcceptedKeyTypes $t 52 echo HostKeyAlgorithms $t 53 ) > $OBJ/sshd_proxy 54 ( 55 grep -v IdentityFile $OBJ/ssh_proxy_bak 56 echo IdentityFile $OBJ/key.$ut 57 echo PubkeyAcceptedKeyTypes $t 58 echo HostKeyAlgorithms $t 59 ) > $OBJ/ssh_proxy 60 ( 61 printf 'localhost-with-alias,127.0.0.1,::1 ' 62 cat $OBJ/key.$ht.pub 63 ) > $OBJ/known_hosts 64 cat $OBJ/key.$ut.pub > $OBJ/authorized_keys_$USER 65 for i in $tries; do 66 printf "userkey $ut, hostkey ${ht}:\t" 67 ${TIME} ${SSH} -F $OBJ/ssh_proxy 999.999.999.999 true 68 if [ $? -ne 0 ]; then 69 fail "ssh userkey $ut, hostkey $ht failed" 70 fi 71 done 72 done 73done 74