blob: 4f0bbe638f63d0793ba4eaa7012f1153fee57cf8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
# $OpenBSD
# Placed in the Public Domain.
tid="penalties"
grep -vi PerSourcePenalties $OBJ/sshd_config > $OBJ/sshd_config.bak
cp $OBJ/authorized_keys_${USER} $OBJ/authorized_keys_${USER}.bak
conf() {
test -z "$PIDFILE" || stop_sshd
(cat $OBJ/sshd_config.bak ;
echo "PerSourcePenalties $@") > $OBJ/sshd_config
cp $OBJ/authorized_keys_${USER}.bak $OBJ/authorized_keys_${USER}
start_sshd
}
conf "noauth:10s authfail:10s max:20s min:1s"
verbose "test connect"
${SSH} -F $OBJ/ssh_config somehost true || fatal "basic connect failed"
verbose "penalty expiry"
# Incur a penalty
cat /dev/null > $OBJ/authorized_keys_${USER}
${SSH} -F $OBJ/ssh_config somehost true && fatal "authfail connect succeeded"
sleep 2
# Check denied
cp $OBJ/authorized_keys_${USER}.bak $OBJ/authorized_keys_${USER}
${SSH} -F $OBJ/ssh_config somehost true && fatal "authfail not rejected"
# Let it expire and try again.
sleep 11
${SSH} -F $OBJ/ssh_config somehost true || fail "authfail not expired"
|
