Fix up whitespace left by previous change removing privsep. No other
changes.

Remove (almost all) references to privsep. This removes several do..while
loops but does not change the indentation of the now-shallower loops,
which will be done in a separate whitespace-only commit to keep changes
of style and substance separate.

s/PubkeyAcceptedKeyTypes/PubkeyAcceptedAlgorithms/

what bozo decided to use 2020 as a future date in a regress test?

it's no longer possible to disable privilege separation in sshd, so
don't double the tests' work by trying both off/on

test FIDO2/U2F key types; ok markus@

skip security-key key types for tests until we have a dummy
U2F middleware to use.

Make certificate tests work with the supported key algorithms. Allows
tests to pass when built without OpenSSL.

UsePrivilegeSeparation no is deprecated, test "yes" and "sandbox".
rCVS: ----------------------------------------------------------------------

explicitly specify RSA/SHA-2 keytype here too

eliminate explicit specification of protocol in tests and loops over
protocol. We only support SSHv2 now.

test new behaviour of cert force-command restriction vs. authorized_key/
principals

Use a subshell for constructing key types to work around different sed
behaviours for -portable.

unit and regress tests for SHA256/512; ok markus

Adapt tests, now that DSA if off by default; use PubkeyAcceptedKeyTypes
and PubkeyAcceptedKeyTypes to test DSA.

legacy v00 certificates are gone; adapt and don't try to test them;
"sure" markus@ dtucker@

test ed25519 support; from djm@

replace 'echo -n' with 'printf' since it's more portable

Tests for Key Revocation Lists (KRLs)

include a serial number when generating certs

fatal() if asked to generate a legacy ECDSA cert (these don't exist)
and fix the regress test that was trying to generate them :)

tests for ECDSA certificates

regress tests for key options in AuthorizedPrincipals

regress tests for AuthorizedPrincipalsFile and "principals=" key option.
feedback and ok markus@

regression tests for v01 certificate format
includes interop tests for v00 certs

additional regression tests for revoked keys and TrustedUserCAKeys

add an extra test to ensure that authentication with the wrong
certificate fails as it should (and it does)

regression tests for certified keys

s/PubkeyAcceptedKeyTypes/PubkeyAcceptedAlgorithms/

what bozo decided to use 2020 as a future date in a regress test?

it's no longer possible to disable privilege separation in sshd, so
don't double the tests' work by trying both off/on

test FIDO2/U2F key types; ok markus@

skip security-key key types for tests until we have a dummy
U2F middleware to use.

Make certificate tests work with the supported key algorithms. Allows
tests to pass when built without OpenSSL.

UsePrivilegeSeparation no is deprecated, test "yes" and "sandbox".
rCVS: ----------------------------------------------------------------------

explicitly specify RSA/SHA-2 keytype here too

eliminate explicit specification of protocol in tests and loops over
protocol. We only support SSHv2 now.

test new behaviour of cert force-command restriction vs. authorized_key/
principals

Use a subshell for constructing key types to work around different sed
behaviours for -portable.

unit and regress tests for SHA256/512; ok markus

Adapt tests, now that DSA if off by default; use PubkeyAcceptedKeyTypes
and PubkeyAcceptedKeyTypes to test DSA.

legacy v00 certificates are gone; adapt and don't try to test them;
"sure" markus@ dtucker@

test ed25519 support; from djm@

replace 'echo -n' with 'printf' since it's more portable

Tests for Key Revocation Lists (KRLs)

include a serial number when generating certs

fatal() if asked to generate a legacy ECDSA cert (these don't exist)
and fix the regress test that was trying to generate them :)

tests for ECDSA certificates

regress tests for key options in AuthorizedPrincipals

regress tests for AuthorizedPrincipalsFile and "principals=" key option.
feedback and ok markus@

regression tests for v01 certificate format
includes interop tests for v00 certs

additional regression tests for revoked keys and TrustedUserCAKeys

add an extra test to ensure that authentication with the wrong
certificate fails as it should (and it does)

regression tests for certified keys

what bozo decided to use 2020 as a future date in a regress test?

it's no longer possible to disable privilege separation in sshd, so
don't double the tests' work by trying both off/on

test FIDO2/U2F key types; ok markus@

skip security-key key types for tests until we have a dummy
U2F middleware to use.

Make certificate tests work with the supported key algorithms. Allows
tests to pass when built without OpenSSL.

UsePrivilegeSeparation no is deprecated, test "yes" and "sandbox".
rCVS: ----------------------------------------------------------------------

explicitly specify RSA/SHA-2 keytype here too

eliminate explicit specification of protocol in tests and loops over
protocol. We only support SSHv2 now.

test new behaviour of cert force-command restriction vs. authorized_key/
principals

Use a subshell for constructing key types to work around different sed
behaviours for -portable.

unit and regress tests for SHA256/512; ok markus

Adapt tests, now that DSA if off by default; use PubkeyAcceptedKeyTypes
and PubkeyAcceptedKeyTypes to test DSA.

legacy v00 certificates are gone; adapt and don't try to test them;
"sure" markus@ dtucker@

test ed25519 support; from djm@

replace 'echo -n' with 'printf' since it's more portable

Tests for Key Revocation Lists (KRLs)

include a serial number when generating certs

fatal() if asked to generate a legacy ECDSA cert (these don't exist)
and fix the regress test that was trying to generate them :)

tests for ECDSA certificates

regress tests for key options in AuthorizedPrincipals

regress tests for AuthorizedPrincipalsFile and "principals=" key option.
feedback and ok markus@

regression tests for v01 certificate format
includes interop tests for v00 certs

additional regression tests for revoked keys and TrustedUserCAKeys

add an extra test to ensure that authentication with the wrong
certificate fails as it should (and it does)

regression tests for certified keys

it's no longer possible to disable privilege separation in sshd, so
don't double the tests' work by trying both off/on

test FIDO2/U2F key types; ok markus@

skip security-key key types for tests until we have a dummy
U2F middleware to use.

Make certificate tests work with the supported key algorithms. Allows
tests to pass when built without OpenSSL.

UsePrivilegeSeparation no is deprecated, test "yes" and "sandbox".
rCVS: ----------------------------------------------------------------------

explicitly specify RSA/SHA-2 keytype here too

eliminate explicit specification of protocol in tests and loops over
protocol. We only support SSHv2 now.

test new behaviour of cert force-command restriction vs. authorized_key/
principals

Use a subshell for constructing key types to work around different sed
behaviours for -portable.

unit and regress tests for SHA256/512; ok markus

Adapt tests, now that DSA if off by default; use PubkeyAcceptedKeyTypes
and PubkeyAcceptedKeyTypes to test DSA.

legacy v00 certificates are gone; adapt and don't try to test them;
"sure" markus@ dtucker@

test ed25519 support; from djm@

replace 'echo -n' with 'printf' since it's more portable

Tests for Key Revocation Lists (KRLs)

include a serial number when generating certs

fatal() if asked to generate a legacy ECDSA cert (these don't exist)
and fix the regress test that was trying to generate them :)

tests for ECDSA certificates

regress tests for key options in AuthorizedPrincipals

regress tests for AuthorizedPrincipalsFile and "principals=" key option.
feedback and ok markus@

regression tests for v01 certificate format
includes interop tests for v00 certs

additional regression tests for revoked keys and TrustedUserCAKeys

add an extra test to ensure that authentication with the wrong
certificate fails as it should (and it does)

regression tests for certified keys

test FIDO2/U2F key types; ok markus@

skip security-key key types for tests until we have a dummy
U2F middleware to use.

Make certificate tests work with the supported key algorithms. Allows
tests to pass when built without OpenSSL.

UsePrivilegeSeparation no is deprecated, test "yes" and "sandbox".
rCVS: ----------------------------------------------------------------------

explicitly specify RSA/SHA-2 keytype here too

eliminate explicit specification of protocol in tests and loops over
protocol. We only support SSHv2 now.

test new behaviour of cert force-command restriction vs. authorized_key/
principals

Use a subshell for constructing key types to work around different sed
behaviours for -portable.

unit and regress tests for SHA256/512; ok markus

Adapt tests, now that DSA if off by default; use PubkeyAcceptedKeyTypes
and PubkeyAcceptedKeyTypes to test DSA.

legacy v00 certificates are gone; adapt and don't try to test them;
"sure" markus@ dtucker@

test ed25519 support; from djm@

replace 'echo -n' with 'printf' since it's more portable

Tests for Key Revocation Lists (KRLs)

include a serial number when generating certs

fatal() if asked to generate a legacy ECDSA cert (these don't exist)
and fix the regress test that was trying to generate them :)

tests for ECDSA certificates

regress tests for key options in AuthorizedPrincipals

regress tests for AuthorizedPrincipalsFile and "principals=" key option.
feedback and ok markus@

regression tests for v01 certificate format
includes interop tests for v00 certs

additional regression tests for revoked keys and TrustedUserCAKeys

add an extra test to ensure that authentication with the wrong
certificate fails as it should (and it does)

regression tests for certified keys

skip security-key key types for tests until we have a dummy
U2F middleware to use.

Make certificate tests work with the supported key algorithms. Allows
tests to pass when built without OpenSSL.

UsePrivilegeSeparation no is deprecated, test "yes" and "sandbox".
rCVS: ----------------------------------------------------------------------

explicitly specify RSA/SHA-2 keytype here too

eliminate explicit specification of protocol in tests and loops over
protocol. We only support SSHv2 now.

test new behaviour of cert force-command restriction vs. authorized_key/
principals

Use a subshell for constructing key types to work around different sed
behaviours for -portable.

unit and regress tests for SHA256/512; ok markus

Adapt tests, now that DSA if off by default; use PubkeyAcceptedKeyTypes
and PubkeyAcceptedKeyTypes to test DSA.

legacy v00 certificates are gone; adapt and don't try to test them;
"sure" markus@ dtucker@

test ed25519 support; from djm@

replace 'echo -n' with 'printf' since it's more portable

Tests for Key Revocation Lists (KRLs)

include a serial number when generating certs

fatal() if asked to generate a legacy ECDSA cert (these don't exist)
and fix the regress test that was trying to generate them :)

tests for ECDSA certificates

regress tests for key options in AuthorizedPrincipals

regress tests for AuthorizedPrincipalsFile and "principals=" key option.
feedback and ok markus@

regression tests for v01 certificate format
includes interop tests for v00 certs

additional regression tests for revoked keys and TrustedUserCAKeys

add an extra test to ensure that authentication with the wrong
certificate fails as it should (and it does)

regression tests for certified keys

Make certificate tests work with the supported key algorithms. Allows
tests to pass when built without OpenSSL.

UsePrivilegeSeparation no is deprecated, test "yes" and "sandbox".
rCVS: ----------------------------------------------------------------------

explicitly specify RSA/SHA-2 keytype here too

eliminate explicit specification of protocol in tests and loops over
protocol. We only support SSHv2 now.

test new behaviour of cert force-command restriction vs. authorized_key/
principals

Use a subshell for constructing key types to work around different sed
behaviours for -portable.

unit and regress tests for SHA256/512; ok markus

Adapt tests, now that DSA if off by default; use PubkeyAcceptedKeyTypes
and PubkeyAcceptedKeyTypes to test DSA.

legacy v00 certificates are gone; adapt and don't try to test them;
"sure" markus@ dtucker@

test ed25519 support; from djm@

replace 'echo -n' with 'printf' since it's more portable

Tests for Key Revocation Lists (KRLs)

include a serial number when generating certs

fatal() if asked to generate a legacy ECDSA cert (these don't exist)
and fix the regress test that was trying to generate them :)

tests for ECDSA certificates

regress tests for key options in AuthorizedPrincipals

regress tests for AuthorizedPrincipalsFile and "principals=" key option.
feedback and ok markus@

regression tests for v01 certificate format
includes interop tests for v00 certs

additional regression tests for revoked keys and TrustedUserCAKeys

add an extra test to ensure that authentication with the wrong
certificate fails as it should (and it does)

regression tests for certified keys

UsePrivilegeSeparation no is deprecated, test "yes" and "sandbox".
rCVS: ----------------------------------------------------------------------

explicitly specify RSA/SHA-2 keytype here too

eliminate explicit specification of protocol in tests and loops over
protocol. We only support SSHv2 now.

test new behaviour of cert force-command restriction vs. authorized_key/
principals

Use a subshell for constructing key types to work around different sed
behaviours for -portable.

unit and regress tests for SHA256/512; ok markus

Adapt tests, now that DSA if off by default; use PubkeyAcceptedKeyTypes
and PubkeyAcceptedKeyTypes to test DSA.

legacy v00 certificates are gone; adapt and don't try to test them;
"sure" markus@ dtucker@

test ed25519 support; from djm@

replace 'echo -n' with 'printf' since it's more portable

Tests for Key Revocation Lists (KRLs)

include a serial number when generating certs

fatal() if asked to generate a legacy ECDSA cert (these don't exist)
and fix the regress test that was trying to generate them :)

tests for ECDSA certificates

regress tests for key options in AuthorizedPrincipals

regress tests for AuthorizedPrincipalsFile and "principals=" key option.
feedback and ok markus@

regression tests for v01 certificate format
includes interop tests for v00 certs

additional regression tests for revoked keys and TrustedUserCAKeys

add an extra test to ensure that authentication with the wrong
certificate fails as it should (and it does)

regression tests for certified keys

explicitly specify RSA/SHA-2 keytype here too

eliminate explicit specification of protocol in tests and loops over
protocol. We only support SSHv2 now.

test new behaviour of cert force-command restriction vs. authorized_key/
principals

Use a subshell for constructing key types to work around different sed
behaviours for -portable.

unit and regress tests for SHA256/512; ok markus

Adapt tests, now that DSA if off by default; use PubkeyAcceptedKeyTypes
and PubkeyAcceptedKeyTypes to test DSA.

legacy v00 certificates are gone; adapt and don't try to test them;
"sure" markus@ dtucker@

test ed25519 support; from djm@

replace 'echo -n' with 'printf' since it's more portable

Tests for Key Revocation Lists (KRLs)

include a serial number when generating certs

fatal() if asked to generate a legacy ECDSA cert (these don't exist)
and fix the regress test that was trying to generate them :)

tests for ECDSA certificates

regress tests for key options in AuthorizedPrincipals

regress tests for AuthorizedPrincipalsFile and "principals=" key option.
feedback and ok markus@

regression tests for v01 certificate format
includes interop tests for v00 certs

additional regression tests for revoked keys and TrustedUserCAKeys

add an extra test to ensure that authentication with the wrong
certificate fails as it should (and it does)

regression tests for certified keys

eliminate explicit specification of protocol in tests and loops over
protocol. We only support SSHv2 now.

test new behaviour of cert force-command restriction vs. authorized_key/
principals

Use a subshell for constructing key types to work around different sed
behaviours for -portable.

unit and regress tests for SHA256/512; ok markus

Adapt tests, now that DSA if off by default; use PubkeyAcceptedKeyTypes
and PubkeyAcceptedKeyTypes to test DSA.

legacy v00 certificates are gone; adapt and don't try to test them;
"sure" markus@ dtucker@

test ed25519 support; from djm@

replace 'echo -n' with 'printf' since it's more portable

Tests for Key Revocation Lists (KRLs)

include a serial number when generating certs

fatal() if asked to generate a legacy ECDSA cert (these don't exist)
and fix the regress test that was trying to generate them :)

tests for ECDSA certificates

regress tests for key options in AuthorizedPrincipals

regress tests for AuthorizedPrincipalsFile and "principals=" key option.
feedback and ok markus@

regression tests for v01 certificate format
includes interop tests for v00 certs

additional regression tests for revoked keys and TrustedUserCAKeys

add an extra test to ensure that authentication with the wrong
certificate fails as it should (and it does)

regression tests for certified keys