1294464Sdes# $OpenBSD: keytype.sh,v 1.4 2015/07/10 06:23:25 markus Exp $ 2218767Sdes# Placed in the Public Domain. 3218767Sdes 4218767Sdestid="login with different key types" 5218767Sdes 6239844SdesTIME=`which time 2>/dev/null` 7218767Sdesif test ! -x "$TIME"; then 8218767Sdes TIME="" 9218767Sdesfi 10218767Sdes 11218767Sdescp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 12218767Sdescp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak 13218767Sdes 14261320Sdes# Traditional and builtin key types. 15261320Sdesktypes="dsa-1024 rsa-2048 rsa-3072 ed25519-512" 16261320Sdes# Types not present in all OpenSSL versions. 17261320Sdesfor i in `$SSH -Q key`; do 18261320Sdes case "$i" in 19261320Sdes ecdsa-sha2-nistp256) ktypes="$ktypes ecdsa-256" ;; 20261320Sdes ecdsa-sha2-nistp384) ktypes="$ktypes ecdsa-384" ;; 21261320Sdes ecdsa-sha2-nistp521) ktypes="$ktypes ecdsa-521" ;; 22261320Sdes esac 23261320Sdesdone 24218767Sdes 25218767Sdesfor kt in $ktypes; do 26218767Sdes rm -f $OBJ/key.$kt 27218767Sdes bits=`echo ${kt} | awk -F- '{print $2}'` 28218767Sdes type=`echo ${kt} | awk -F- '{print $1}'` 29218767Sdes printf "keygen $type, $bits bits:\t" 30218767Sdes ${TIME} ${SSHKEYGEN} -b $bits -q -N '' -t $type -f $OBJ/key.$kt ||\ 31218767Sdes fail "ssh-keygen for type $type, $bits bits failed" 32218767Sdesdone 33218767Sdes 34218767Sdestries="1 2 3" 35218767Sdesfor ut in $ktypes; do 36218767Sdes htypes=$ut 37218767Sdes #htypes=$ktypes 38218767Sdes for ht in $htypes; do 39294464Sdes case $ht in 40294464Sdes dsa-1024) t=ssh-dss;; 41294464Sdes ecdsa-256) t=ecdsa-sha2-nistp256;; 42294464Sdes ecdsa-384) t=ecdsa-sha2-nistp384;; 43294464Sdes ecdsa-521) t=ecdsa-sha2-nistp521;; 44294464Sdes ed25519-512) t=ssh-ed25519;; 45294464Sdes rsa-*) t=ssh-rsa;; 46294464Sdes esac 47218767Sdes trace "ssh connect, userkey $ut, hostkey $ht" 48218767Sdes ( 49218767Sdes grep -v HostKey $OBJ/sshd_proxy_bak 50218767Sdes echo HostKey $OBJ/key.$ht 51294464Sdes echo PubkeyAcceptedKeyTypes $t 52294464Sdes echo HostKeyAlgorithms $t 53218767Sdes ) > $OBJ/sshd_proxy 54218767Sdes ( 55218767Sdes grep -v IdentityFile $OBJ/ssh_proxy_bak 56218767Sdes echo IdentityFile $OBJ/key.$ut 57294464Sdes echo PubkeyAcceptedKeyTypes $t 58294464Sdes echo HostKeyAlgorithms $t 59218767Sdes ) > $OBJ/ssh_proxy 60218767Sdes ( 61255670Sdes printf 'localhost-with-alias,127.0.0.1,::1 ' 62218767Sdes cat $OBJ/key.$ht.pub 63218767Sdes ) > $OBJ/known_hosts 64218767Sdes cat $OBJ/key.$ut.pub > $OBJ/authorized_keys_$USER 65218767Sdes for i in $tries; do 66218767Sdes printf "userkey $ut, hostkey ${ht}:\t" 67218767Sdes ${TIME} ${SSH} -F $OBJ/ssh_proxy 999.999.999.999 true 68218767Sdes if [ $? -ne 0 ]; then 69218767Sdes fail "ssh userkey $ut, hostkey $ht failed" 70218767Sdes fi 71218767Sdes done 72218767Sdes done 73218767Sdesdone 74