From 25505898530a333011f4fd5cbc841ad6b26c089c Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 16:40:04 +0200
Subject: Adding upstream version 1:9.2p1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 regress/hostbased.sh | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 regress/hostbased.sh

(limited to 'regress/hostbased.sh')

diff --git a/regress/hostbased.sh b/regress/hostbased.sh
new file mode 100644
index 0000000..eb9cf27
--- /dev/null
+++ b/regress/hostbased.sh
@@ -0,0 +1,66 @@
+#	$OpenBSD: hostbased.sh,v 1.4 2022/12/07 11:45:43 dtucker Exp $
+#	Placed in the Public Domain.
+
+# This test requires external setup and thus is skipped unless
+# TEST_SSH_HOSTBASED_AUTH and SUDO are set to "yes".
+# Since ssh-keysign has key paths hard coded, unlike the other tests it
+# needs to use the real host keys. It requires:
+# - ssh-keysign must be installed and setuid.
+# - "EnableSSHKeysign yes" must be in the system ssh_config.
+# - the system's own real FQDN the system-wide shosts.equiv.
+# - the system's real public key fingerprints must be in global ssh_known_hosts.
+#
+tid="hostbased"
+
+if [ -z "${TEST_SSH_HOSTBASED_AUTH}" ]; then
+	skip "TEST_SSH_HOSTBASED_AUTH not set."
+elif [ -z "${SUDO}" ]; then
+	skip "SUDO not set"
+fi
+
+# Enable all supported hostkey algos (but no others)
+hostkeyalgos=`${SSH} -Q HostKeyAlgorithms | tr '\n' , | sed 's/,$//'`
+
+cat >>$OBJ/sshd_proxy <<EOD
+HostbasedAuthentication yes
+HostbasedAcceptedAlgorithms $hostkeyalgos
+HostbasedUsesNameFromPacketOnly yes
+HostKeyAlgorithms $hostkeyalgos
+EOD
+
+cat >>$OBJ/ssh_proxy <<EOD
+HostbasedAuthentication yes
+HostKeyAlgorithms $hostkeyalgos
+HostbasedAcceptedAlgorithms $hostkeyalgos
+PreferredAuthentications hostbased
+EOD
+
+algos=""
+for key in `${SUDO} ${SSHD} -T | awk '$1=="hostkey"{print $2}'`; do
+	case "`$SSHKEYGEN -l -f ${key}.pub`" in
+	256*ECDSA*)	algos="$algos ecdsa-sha2-nistp256" ;;
+	384*ECDSA*)	algos="$algos ecdsa-sha2-nistp384" ;;
+	521*ECDSA*)	algos="$algos ecdsa-sha2-nistp521" ;;
+	*RSA*)		algos="$algos ssh-rsa rsa-sha2-256 rsa-sha2-512" ;;
+	*ED25519*)	algos="$algos ssh-ed25519" ;;
+	*DSA*)		algos="$algos ssh-dss" ;;
+	*) verbose "unknown host key type $key" ;;
+	esac
+done
+
+for algo in $algos; do
+	trace "hostbased algo $algo"
+	opts="-F $OBJ/ssh_proxy"
+	if [ "x$algo" != "xdefault" ]; then
+		opts="$opts -oHostbasedAcceptedAlgorithms=$algo"
+	fi
+	SSH_CONNECTION=`${SSH} $opts localhost 'echo $SSH_CONNECTION'`
+	if [ $? -ne 0 ]; then
+		fail "connect failed, hostbased algo $algo"
+	elif [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then
+		fail "hostbased algo $algo bad SSH_CONNECTION" \
+		    "$SSH_CONNECTION"
+	else
+		verbose "ok hostbased algo $algo"
+	fi
+done
-- 
cgit v1.2.3