1295367Sdes# $OpenBSD: try-ciphers.sh,v 1.25 2015/03/24 20:22:17 markus Exp $ 298937Sdes# Placed in the Public Domain. 398937Sdes 498937Sdestid="try ciphers" 598937Sdes 6295367Sdescp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 7295367Sdes 8262566Sdesfor c in `${SSH} -Q cipher`; do 9248613Sdes n=0 10262566Sdes for m in `${SSH} -Q mac`; do 1198937Sdes trace "proto 2 cipher $c mac $m" 1298937Sdes verbose "test $tid: proto 2 cipher $c mac $m" 13295367Sdes cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 14295367Sdes echo "Ciphers=$c" >> $OBJ/sshd_proxy 15295367Sdes echo "MACs=$m" >> $OBJ/sshd_proxy 1698937Sdes ${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true 1798937Sdes if [ $? -ne 0 ]; then 1898937Sdes fail "ssh -2 failed with mac $m cipher $c" 1998937Sdes fi 20262566Sdes # No point trying all MACs for AEAD ciphers since they 21262566Sdes # are ignored. 22295367Sdes if ${SSH} -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then 23262566Sdes break 24262566Sdes fi 25248613Sdes n=`expr $n + 1` 2698937Sdes done 2798937Sdesdone 2898937Sdes 29295367Sdesif ssh_version 1; then 30295367Sdes ciphers="3des blowfish" 31295367Sdeselse 32295367Sdes ciphers="" 33295367Sdesfi 3498937Sdesfor c in $ciphers; do 3598937Sdes trace "proto 1 cipher $c" 3698937Sdes verbose "test $tid: proto 1 cipher $c" 3798937Sdes ${SSH} -F $OBJ/ssh_proxy -1 -c $c somehost true 3898937Sdes if [ $? -ne 0 ]; then 3998937Sdes fail "ssh -1 failed with cipher $c" 4098937Sdes fi 4198937Sdesdone 42128456Sdes 43