From: Maxime Rey <maximejeanrey@xxxxxxxxx> This tests the hostkey-prove mechanism in sshd when provided with multiple host keys managed by the agent --- regress/hostkey-agent.sh | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/regress/hostkey-agent.sh b/regress/hostkey-agent.sh index 222d424bd..3fa80655e 100644 --- a/regress/hostkey-agent.sh +++ b/regress/hostkey-agent.sh @@ -82,6 +82,37 @@ for k in $SSH_CERTTYPES ; do fi done +# Run sshd with multiple keys handeled by agent + +cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy + +mv $OBJ/ssh_proxy $OBJ/ssh_proxy.orig +grep -vi 'globalknownhostsfile' $OBJ/ssh_proxy.orig > $OBJ/ssh_proxy +echo "UpdateHostkeys=yes" >> $OBJ/ssh_proxy +echo "GlobalKnownHostsFile=none" >> $OBJ/ssh_proxy + +read -p "Doing the multiple keys (y/n)? " answer +for k in $SSH_KEYTYPES ; do + verbose "Addkey type $k" + echo "Hostkey $OBJ/agent-key.${k}" >> $OBJ/sshd_proxy + + ( printf 'localhost-with-alias ' ; + cat $OBJ/agent-key.$k.pub) > $OBJ/known_hosts +done + +opts="-oStrictHostKeyChecking=yes -F $OBJ/ssh_proxy" +SSH_CONNECTION=`${SSH} $opts host 'echo $SSH_CONNECTION'` + +if [ $? -ne 0 ]; then + fail "Hostkeys-prove error. Unable to proceed" +fi +if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then + fail "bad SSH_CONNECTION key type $k" +fi + + +read -p "End (y/n)? " answer + trace "kill agent" ${SSHAGENT} -k > /dev/null -- 2.47.0 _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev