2 #***************************************************************************
4 # Project ___| | | | _ \| |
6 # | (__| |_| | _ <| |___
7 # \___|\___/|_| \_\_____|
9 # Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
11 # This software is licensed as described in the file COPYING, which
12 # you should have received as part of this distribution. The terms
13 # are also available at http://curl.haxx.se/docs/copyright.html.
15 # You may opt to use, copy, modify, merge, publish, distribute and/or sell
16 # copies of the Software, and permit persons to whom the Software is
17 # furnished to do so, under the terms of the COPYING file.
19 # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
20 # KIND, either express or implied.
23 #***************************************************************************
25 # Starts sshd for use in the SCP, SFTP and SOCKS curl test harness tests.
26 # Also creates the ssh configuration files needed for these tests.
34 # -p SCP/SFTP server port
35 # -s SOCKS4/5 server port
41 #***************************************************************************
42 # Variables and subs imported from sshhelp module
72 #***************************************************************************
74 my $verbose = 0; # set to 1 for debugging
75 my $debugprotocol = 0; # set to 1 for protocol debugging
76 my $port = 8999; # our default SCP/SFTP server port
77 my $socksport = $port + 1; # our default SOCKS4/5 server port
78 my $listenaddr = '127.0.0.1'; # default address on which to listen
79 my $path = getcwd(); # current working directory
80 my $username = $ENV{USER}; # default user
86 #***************************************************************************
87 # Parse command line options
90 if($ARGV[0] eq '-v') {
93 elsif($ARGV[0] eq '-d') {
97 elsif($ARGV[0] eq '-u') {
101 elsif($ARGV[0] eq '-l') {
102 $listenaddr = $ARGV[1];
105 elsif($ARGV[0] eq '-p') {
106 if($ARGV[1] =~ /^(\d+)$/) {
111 elsif($ARGV[0] eq '-s') {
112 if($ARGV[1] =~ /^(\d+)$/) {
121 #***************************************************************************
122 # Logging level for ssh server and client
124 my $loglevel = $debugprotocol?'DEBUG3':'DEBUG2';
127 #***************************************************************************
131 $error = 'Will not run ssh server without a user name';
133 elsif($username eq 'root') {
134 $error = 'Will not run ssh server as root to mitigate security risks';
142 #***************************************************************************
143 # Find out ssh daemon canonical file name
145 my $sshd = find_sshd();
147 logmsg "cannot find $sshdexe";
152 #***************************************************************************
153 # Find out ssh daemon version info
155 my ($sshdid, $sshdvernum, $sshdverstr, $sshderror) = sshversioninfo($sshd);
157 # Not an OpenSSH or SunSSH ssh daemon
158 logmsg $sshderror if($verbose);
159 logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later';
162 logmsg "ssh server found $sshd is $sshdverstr" if($verbose);
165 #***************************************************************************
166 # ssh daemon command line options we might use and version support
168 # -e: log stderr : OpenSSH 2.9.0 and later
169 # -f: sshd config file : OpenSSH 1.2.1 and later
170 # -D: no daemon forking : OpenSSH 2.5.0 and later
171 # -o: command-line option : OpenSSH 3.1.0 and later
172 # -t: test config file : OpenSSH 2.9.9 and later
173 # -?: sshd version info : OpenSSH 1.2.1 and later
175 # -e: log stderr : SunSSH 1.0.0 and later
176 # -f: sshd config file : SunSSH 1.0.0 and later
177 # -D: no daemon forking : SunSSH 1.0.0 and later
178 # -o: command-line option : SunSSH 1.0.0 and later
179 # -t: test config file : SunSSH 1.0.0 and later
180 # -?: sshd version info : SunSSH 1.0.0 and later
183 #***************************************************************************
184 # Verify minimum ssh daemon version
186 if((($sshdid =~ /OpenSSH/) && ($sshdvernum < 299)) ||
187 (($sshdid =~ /SunSSH/) && ($sshdvernum < 100))) {
188 logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later';
193 #***************************************************************************
194 # Find out sftp server plugin canonical file name
196 my $sftp = find_sftp();
198 logmsg "cannot find $sftpexe";
201 logmsg "sftp server plugin found $sftp" if($verbose);
204 #***************************************************************************
205 # Find out ssh keygen canonical file name
207 my $sshkeygen = find_sshkeygen();
209 logmsg "cannot find $sshkeygenexe";
212 logmsg "ssh keygen found $sshkeygen" if($verbose);
215 #***************************************************************************
216 # Find out ssh client canonical file name
218 my $ssh = find_ssh();
220 logmsg "cannot find $sshexe";
225 #***************************************************************************
226 # Find out ssh client version info
228 my ($sshid, $sshvernum, $sshverstr, $ssherror) = sshversioninfo($ssh);
230 # Not an OpenSSH or SunSSH ssh client
231 logmsg $ssherror if($verbose);
232 logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later';
235 logmsg "ssh client found $ssh is $sshverstr" if($verbose);
238 #***************************************************************************
239 # ssh client command line options we might use and version support
241 # -D: dynamic app port forwarding : OpenSSH 2.9.9 and later
242 # -F: ssh config file : OpenSSH 2.9.9 and later
243 # -N: no shell/command : OpenSSH 2.1.0 and later
244 # -p: connection port : OpenSSH 1.2.1 and later
245 # -v: verbose messages : OpenSSH 1.2.1 and later
246 # -vv: increase verbosity : OpenSSH 2.3.0 and later
247 # -V: ssh version info : OpenSSH 1.2.1 and later
249 # -D: dynamic app port forwarding : SunSSH 1.0.0 and later
250 # -F: ssh config file : SunSSH 1.0.0 and later
251 # -N: no shell/command : SunSSH 1.0.0 and later
252 # -p: connection port : SunSSH 1.0.0 and later
253 # -v: verbose messages : SunSSH 1.0.0 and later
254 # -vv: increase verbosity : SunSSH 1.0.0 and later
255 # -V: ssh version info : SunSSH 1.0.0 and later
258 #***************************************************************************
259 # Verify minimum ssh client version
261 if((($sshid =~ /OpenSSH/) && ($sshvernum < 299)) ||
262 (($sshid =~ /SunSSH/) && ($sshvernum < 100))) {
263 logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later';
268 #***************************************************************************
269 # ssh keygen command line options we actually use and version support
271 # -C: identity comment : OpenSSH 1.2.1 and later
272 # -f: key filename : OpenSSH 1.2.1 and later
273 # -N: new passphrase : OpenSSH 1.2.1 and later
274 # -q: quiet keygen : OpenSSH 1.2.1 and later
275 # -t: key type : OpenSSH 2.5.0 and later
277 # -C: identity comment : SunSSH 1.0.0 and later
278 # -f: key filename : SunSSH 1.0.0 and later
279 # -N: new passphrase : SunSSH 1.0.0 and later
280 # -q: quiet keygen : SunSSH 1.0.0 and later
281 # -t: key type : SunSSH 1.0.0 and later
284 #***************************************************************************
285 # Generate host and client key files for curl's tests
287 if((! -e $hstprvkeyf) || (! -e $hstpubkeyf) ||
288 (! -e $cliprvkeyf) || (! -e $clipubkeyf)) {
289 # Make sure all files are gone so ssh-keygen doesn't complain
290 unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf);
291 logmsg 'generating host keys...' if($verbose);
292 if(system "$sshkeygen -q -t dsa -f $hstprvkeyf -C 'curl test server' -N ''") {
293 logmsg 'Could not generate host key';
296 logmsg 'generating client keys...' if($verbose);
297 if(system "$sshkeygen -q -t dsa -f $cliprvkeyf -C 'curl test client' -N ''") {
298 logmsg 'Could not generate client key';
304 #***************************************************************************
305 # ssh daemon configuration file options we might use and version support
307 # AFSTokenPassing : OpenSSH 1.2.1 and later [1]
308 # AcceptEnv : OpenSSH 3.9.0 and later
309 # AddressFamily : OpenSSH 4.0.0 and later
310 # AllowGroups : OpenSSH 1.2.1 and later
311 # AllowTcpForwarding : OpenSSH 2.3.0 and later
312 # AllowUsers : OpenSSH 1.2.1 and later
313 # AuthorizedKeysFile : OpenSSH 2.9.9 and later
314 # Banner : OpenSSH 2.5.0 and later
315 # ChallengeResponseAuthentication : OpenSSH 2.5.0 and later
316 # Ciphers : OpenSSH 2.1.0 and later [3]
317 # ClientAliveCountMax : OpenSSH 2.9.0 and later
318 # ClientAliveInterval : OpenSSH 2.9.0 and later
319 # Compression : OpenSSH 3.3.0 and later
320 # DenyGroups : OpenSSH 1.2.1 and later
321 # DenyUsers : OpenSSH 1.2.1 and later
322 # ForceCommand : OpenSSH 4.4.0 and later [3]
323 # GatewayPorts : OpenSSH 2.1.0 and later
324 # GSSAPIAuthentication : OpenSSH 3.7.0 and later [1]
325 # GSSAPICleanupCredentials : OpenSSH 3.8.0 and later [1]
326 # HostbasedAuthentication : OpenSSH 2.9.0 and later
327 # HostbasedUsesNameFromPacketOnly : OpenSSH 2.9.0 and later
328 # HostKey : OpenSSH 1.2.1 and later
329 # IgnoreRhosts : OpenSSH 1.2.1 and later
330 # IgnoreUserKnownHosts : OpenSSH 1.2.1 and later
331 # KeepAlive : OpenSSH 1.2.1 and later
332 # KerberosAuthentication : OpenSSH 1.2.1 and later [1]
333 # KerberosGetAFSToken : OpenSSH 3.8.0 and later [1]
334 # KerberosOrLocalPasswd : OpenSSH 1.2.1 and later [1]
335 # KerberosTgtPassing : OpenSSH 1.2.1 and later [1]
336 # KerberosTicketCleanup : OpenSSH 1.2.1 and later [1]
337 # KeyRegenerationInterval : OpenSSH 1.2.1 and later
338 # ListenAddress : OpenSSH 1.2.1 and later
339 # LoginGraceTime : OpenSSH 1.2.1 and later
340 # LogLevel : OpenSSH 1.2.1 and later
341 # MACs : OpenSSH 2.5.0 and later [3]
342 # Match : OpenSSH 4.4.0 and later [3]
343 # MaxAuthTries : OpenSSH 3.9.0 and later
344 # MaxStartups : OpenSSH 2.2.0 and later
345 # PAMAuthenticationViaKbdInt
346 # PasswordAuthentication : OpenSSH 1.2.1 and later
347 # PermitEmptyPasswords : OpenSSH 1.2.1 and later
348 # PermitOpen : OpenSSH 4.4.0 and later [3]
349 # PermitRootLogin : OpenSSH 1.2.1 and later
350 # PermitTunnel : OpenSSH 4.3.0 and later
351 # PermitUserEnvironment : OpenSSH 3.5.0 and later
352 # PidFile : OpenSSH 2.1.0 and later
353 # Port : OpenSSH 1.2.1 and later
354 # PrintLastLog : OpenSSH 2.9.0 and later
355 # PrintMotd : OpenSSH 1.2.1 and later
356 # Protocol : OpenSSH 2.1.0 and later
357 # PubkeyAuthentication : OpenSSH 2.5.0 and later
358 # RhostsRSAAuthentication : OpenSSH 1.2.1 and later
359 # RSAAuthentication : OpenSSH 1.2.1 and later
360 # ServerKeyBits : OpenSSH 1.2.1 and later
361 # SkeyAuthentication : OpenSSH 1.2.1 and later [1]
362 # StrictModes : OpenSSH 1.2.1 and later
363 # Subsystem : OpenSSH 2.2.0 and later
364 # SyslogFacility : OpenSSH 1.2.1 and later
365 # TCPKeepAlive : OpenSSH 3.8.0 and later
366 # UseDNS : OpenSSH 3.7.0 and later
367 # UseLogin : OpenSSH 1.2.1 and later
368 # UsePAM : OpenSSH 3.7.0 and later [1][2]
369 # UsePrivilegeSeparation : OpenSSH 3.2.2 and later
370 # X11DisplayOffset : OpenSSH 1.2.1 and later [3]
371 # X11Forwarding : OpenSSH 1.2.1 and later
372 # X11UseLocalhost : OpenSSH 3.1.0 and later
373 # XAuthLocation : OpenSSH 2.1.1 and later [3]
375 # [1] Option only available if activated at compile time
376 # [2] Option specific for portable versions
377 # [3] Option not used in our ssh server config file
380 #***************************************************************************
381 # Initialize sshd config with options actually supported in OpenSSH 2.9.9
383 logmsg 'generating ssh server config file...' if($verbose);
385 push @cfgarr, '# This is a generated file. Do not edit.';
386 push @cfgarr, "# $sshdverstr sshd configuration file for curl testing";
388 push @cfgarr, "DenyUsers !$username";
389 push @cfgarr, "AllowUsers $username";
390 push @cfgarr, 'DenyGroups';
391 push @cfgarr, 'AllowGroups';
393 push @cfgarr, "AuthorizedKeysFile $path/$clipubkeyf";
394 push @cfgarr, "HostKey $path/$hstprvkeyf";
395 push @cfgarr, "PidFile $path/.ssh.pid";
397 push @cfgarr, "Port $port";
398 push @cfgarr, "ListenAddress $listenaddr";
399 push @cfgarr, 'Protocol 2';
401 push @cfgarr, 'AllowTcpForwarding yes';
402 push @cfgarr, 'Banner none';
403 push @cfgarr, 'ChallengeResponseAuthentication no';
404 push @cfgarr, 'ClientAliveCountMax 3';
405 push @cfgarr, 'ClientAliveInterval 0';
406 push @cfgarr, 'GatewayPorts no';
407 push @cfgarr, 'HostbasedAuthentication no';
408 push @cfgarr, 'HostbasedUsesNameFromPacketOnly no';
409 push @cfgarr, 'IgnoreRhosts yes';
410 push @cfgarr, 'IgnoreUserKnownHosts yes';
411 push @cfgarr, 'KeyRegenerationInterval 0';
412 push @cfgarr, 'LoginGraceTime 30';
413 push @cfgarr, "LogLevel $loglevel";
414 push @cfgarr, 'MaxStartups 5';
415 push @cfgarr, 'PasswordAuthentication no';
416 push @cfgarr, 'PermitEmptyPasswords no';
417 push @cfgarr, 'PermitRootLogin no';
418 push @cfgarr, 'PrintLastLog no';
419 push @cfgarr, 'PrintMotd no';
420 push @cfgarr, 'PubkeyAuthentication yes';
421 push @cfgarr, 'RhostsRSAAuthentication no';
422 push @cfgarr, 'RSAAuthentication no';
423 push @cfgarr, 'ServerKeyBits 768';
424 push @cfgarr, 'StrictModes no';
425 push @cfgarr, "Subsystem sftp $sftp";
426 push @cfgarr, 'SyslogFacility AUTH';
427 push @cfgarr, 'UseLogin no';
428 push @cfgarr, 'X11Forwarding no';
432 #***************************************************************************
433 # Write out initial sshd configuration file for curl's tests
435 $error = dump_array($sshdconfig, @cfgarr);
442 #***************************************************************************
443 # Verifies at run time if sshd supports a given configuration file option
445 sub sshd_supports_opt {
446 my ($option, $value) = @_;
449 if((($sshdid =~ /OpenSSH/) && ($sshdvernum >= 310)) ||
450 ($sshdid =~ /SunSSH/)) {
451 # ssh daemon supports command line options -t -f and -o
452 $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/,
453 qx($sshd -t -f $sshdconfig -o $option=$value 2>&1);
456 if(($sshdid =~ /OpenSSH/) && ($sshdvernum >= 299)) {
457 # ssh daemon supports command line options -t and -f
458 $err = dump_array($sshdconfig, (@cfgarr, "$option $value"));
463 $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/,
464 qx($sshd -t -f $sshdconfig 2>&1);
472 #***************************************************************************
473 # Kerberos Authentication support may have not been built into sshd
475 if(sshd_supports_opt('KerberosAuthentication','no')) {
476 push @cfgarr, 'KerberosAuthentication no';
478 if(sshd_supports_opt('KerberosGetAFSToken','no')) {
479 push @cfgarr, 'KerberosGetAFSToken no';
481 if(sshd_supports_opt('KerberosOrLocalPasswd','no')) {
482 push @cfgarr, 'KerberosOrLocalPasswd no';
484 if(sshd_supports_opt('KerberosTgtPassing','no')) {
485 push @cfgarr, 'KerberosTgtPassing no';
487 if(sshd_supports_opt('KerberosTicketCleanup','yes')) {
488 push @cfgarr, 'KerberosTicketCleanup yes';
492 #***************************************************************************
493 # Andrew File System support may have not been built into sshd
495 if(sshd_supports_opt('AFSTokenPassing','no')) {
496 push @cfgarr, 'AFSTokenPassing no';
500 #***************************************************************************
501 # S/Key authentication support may have not been built into sshd
503 if(sshd_supports_opt('SkeyAuthentication','no')) {
504 push @cfgarr, 'SkeyAuthentication no';
508 #***************************************************************************
509 # GSSAPI Authentication support may have not been built into sshd
511 my $sshd_builtwith_GSSAPI;
512 if(sshd_supports_opt('GSSAPIAuthentication','no')) {
513 push @cfgarr, 'GSSAPIAuthentication no';
514 $sshd_builtwith_GSSAPI = 1;
516 if(sshd_supports_opt('GSSAPICleanupCredentials','yes')) {
517 push @cfgarr, 'GSSAPICleanupCredentials yes';
522 #***************************************************************************
523 # Options that might be supported or not in sshd OpenSSH 2.9.9 and later
525 if(sshd_supports_opt('AcceptEnv','')) {
526 push @cfgarr, 'AcceptEnv';
528 if(sshd_supports_opt('AddressFamily','any')) {
529 # Address family must be specified before ListenAddress
530 splice @cfgarr, 13, 0, 'AddressFamily any';
532 if(sshd_supports_opt('Compression','no')) {
533 push @cfgarr, 'Compression no';
535 if(sshd_supports_opt('KeepAlive','no')) {
536 push @cfgarr, 'KeepAlive no';
538 if(sshd_supports_opt('MaxAuthTries','10')) {
539 push @cfgarr, 'MaxAuthTries 10';
541 if(sshd_supports_opt('PAMAuthenticationViaKbdInt','no')) {
542 push @cfgarr, 'PAMAuthenticationViaKbdInt no';
544 if(sshd_supports_opt('PermitTunnel','no')) {
545 push @cfgarr, 'PermitTunnel no';
547 if(sshd_supports_opt('PermitUserEnvironment','no')) {
548 push @cfgarr, 'PermitUserEnvironment no';
550 if(sshd_supports_opt('TCPKeepAlive','no')) {
551 push @cfgarr, 'TCPKeepAlive no';
553 if(sshd_supports_opt('UseDNS','no')) {
554 push @cfgarr, 'UseDNS no';
556 if(sshd_supports_opt('UsePAM','no')) {
557 push @cfgarr, 'UsePAM no';
559 if(sshd_supports_opt('UsePrivilegeSeparation','no')) {
560 push @cfgarr, 'UsePrivilegeSeparation no';
562 if(sshd_supports_opt('X11UseLocalhost','yes')) {
563 push @cfgarr, 'X11UseLocalhost yes';
568 #***************************************************************************
569 # Write out resulting sshd configuration file for curl's tests
571 $error = dump_array($sshdconfig, @cfgarr);
578 #***************************************************************************
579 # Verify that sshd actually supports our generated configuration file
581 if(system "$sshd -t -f $sshdconfig > $sshdlog 2>&1") {
582 logmsg "sshd configuration file $sshdconfig failed verification";
584 display_sshdconfig();
589 #***************************************************************************
590 # Generate ssh client host key database file for curl's tests
592 if(! -e $knownhosts) {
593 logmsg 'generating ssh client known hosts file...' if($verbose);
594 if(open(DSAKEYFILE, "<$hstpubkeyf")) {
595 my @dsahostkey = do { local $/ = ' '; <DSAKEYFILE> };
596 if(close(DSAKEYFILE)) {
597 if(open(KNOWNHOSTS, ">$knownhosts")) {
598 print KNOWNHOSTS "$listenaddr ssh-dss $dsahostkey[1]\n";
599 if(!close(KNOWNHOSTS)) {
600 $error = "Error: cannot close file $knownhosts";
604 $error = "Error: cannot write file $knownhosts";
608 $error = "Error: cannot close file $hstpubkeyf";
612 $error = "Error: cannot read file $hstpubkeyf";
621 #***************************************************************************
622 # ssh client configuration file options we might use and version support
624 # AddressFamily : OpenSSH 3.7.0 and later
625 # BatchMode : OpenSSH 1.2.1 and later
626 # BindAddress : OpenSSH 2.9.9 and later
627 # ChallengeResponseAuthentication : OpenSSH 2.5.0 and later
628 # CheckHostIP : OpenSSH 1.2.1 and later
629 # Cipher : OpenSSH 1.2.1 and later [3]
630 # Ciphers : OpenSSH 2.1.0 and later [3]
631 # ClearAllForwardings : OpenSSH 2.9.9 and later
632 # Compression : OpenSSH 1.2.1 and later
633 # CompressionLevel : OpenSSH 1.2.1 and later [3]
634 # ConnectionAttempts : OpenSSH 1.2.1 and later
635 # ConnectTimeout : OpenSSH 3.7.0 and later
636 # ControlMaster : OpenSSH 3.9.0 and later
637 # ControlPath : OpenSSH 3.9.0 and later
638 # DynamicForward : OpenSSH 2.9.0 and later
639 # EnableSSHKeysign : OpenSSH 3.6.0 and later
640 # EscapeChar : OpenSSH 1.2.1 and later [3]
641 # ExitOnForwardFailure : OpenSSH 4.4.0 and later
642 # ForwardAgent : OpenSSH 1.2.1 and later
643 # ForwardX11 : OpenSSH 1.2.1 and later
644 # ForwardX11Trusted : OpenSSH 3.8.0 and later
645 # GatewayPorts : OpenSSH 1.2.1 and later
646 # GlobalKnownHostsFile : OpenSSH 1.2.1 and later
647 # GSSAPIAuthentication : OpenSSH 3.7.0 and later [1]
648 # GSSAPIDelegateCredentials : OpenSSH 3.7.0 and later [1]
649 # HashKnownHosts : OpenSSH 4.0.0 and later
650 # Host : OpenSSH 1.2.1 and later
651 # HostbasedAuthentication : OpenSSH 2.9.0 and later
652 # HostKeyAlgorithms : OpenSSH 2.9.0 and later [3]
653 # HostKeyAlias : OpenSSH 2.5.0 and later [3]
654 # HostName : OpenSSH 1.2.1 and later
655 # IdentitiesOnly : OpenSSH 3.9.0 and later
656 # IdentityFile : OpenSSH 1.2.1 and later
657 # KeepAlive : OpenSSH 1.2.1 and later
658 # KbdInteractiveAuthentication : OpenSSH 2.3.0 and later
659 # KbdInteractiveDevices : OpenSSH 2.3.0 and later [3]
660 # LocalCommand : OpenSSH 4.3.0 and later [3]
661 # LocalForward : OpenSSH 1.2.1 and later [3]
662 # LogLevel : OpenSSH 1.2.1 and later
663 # MACs : OpenSSH 2.5.0 and later [3]
664 # NoHostAuthenticationForLocalhost : OpenSSH 3.0.0 and later
665 # NumberOfPasswordPrompts : OpenSSH 1.2.1 and later
666 # PasswordAuthentication : OpenSSH 1.2.1 and later
667 # PermitLocalCommand : OpenSSH 4.3.0 and later
668 # Port : OpenSSH 1.2.1 and later
669 # PreferredAuthentications : OpenSSH 2.5.2 and later
670 # Protocol : OpenSSH 2.1.0 and later
671 # ProxyCommand : OpenSSH 1.2.1 and later [3]
672 # PubkeyAuthentication : OpenSSH 2.5.0 and later
673 # RekeyLimit : OpenSSH 3.7.0 and later
674 # RemoteForward : OpenSSH 1.2.1 and later [3]
675 # RhostsRSAAuthentication : OpenSSH 1.2.1 and later
676 # RSAAuthentication : OpenSSH 1.2.1 and later
677 # SendEnv : OpenSSH 3.9.0 and later
678 # ServerAliveCountMax : OpenSSH 3.8.0 and later
679 # ServerAliveInterval : OpenSSH 3.8.0 and later
680 # SmartcardDevice : OpenSSH 2.9.9 and later [1][3]
681 # StrictHostKeyChecking : OpenSSH 1.2.1 and later
682 # TCPKeepAlive : OpenSSH 3.8.0 and later
683 # Tunnel : OpenSSH 4.3.0 and later
684 # TunnelDevice : OpenSSH 4.3.0 and later [3]
685 # UsePAM : OpenSSH 3.7.0 and later [1][2][3]
686 # UsePrivilegedPort : OpenSSH 1.2.1 and later
687 # User : OpenSSH 1.2.1 and later
688 # UserKnownHostsFile : OpenSSH 1.2.1 and later
689 # VerifyHostKeyDNS : OpenSSH 3.8.0 and later
690 # XAuthLocation : OpenSSH 2.1.1 and later [3]
692 # [1] Option only available if activated at compile time
693 # [2] Option specific for portable versions
694 # [3] Option not used in our ssh client config file
697 #***************************************************************************
698 # Initialize ssh config with options actually supported in OpenSSH 2.9.9
700 logmsg 'generating ssh client config file...' if($verbose);
702 push @cfgarr, '# This is a generated file. Do not edit.';
703 push @cfgarr, "# $sshverstr ssh client configuration file for curl testing";
705 push @cfgarr, 'Host *';
707 push @cfgarr, "Port $port";
708 push @cfgarr, "HostName $listenaddr";
709 push @cfgarr, "User $username";
710 push @cfgarr, 'Protocol 2';
712 push @cfgarr, "BindAddress $listenaddr";
713 push @cfgarr, "DynamicForward $socksport";
715 push @cfgarr, "IdentityFile $path/curl_client_key";
716 push @cfgarr, "UserKnownHostsFile $path/$knownhosts";
718 push @cfgarr, 'BatchMode yes';
719 push @cfgarr, 'ChallengeResponseAuthentication no';
720 push @cfgarr, 'CheckHostIP no';
721 push @cfgarr, 'ClearAllForwardings no';
722 push @cfgarr, 'Compression no';
723 push @cfgarr, 'ConnectionAttempts 3';
724 push @cfgarr, 'ForwardAgent no';
725 push @cfgarr, 'ForwardX11 no';
726 push @cfgarr, 'GatewayPorts no';
727 push @cfgarr, 'GlobalKnownHostsFile /dev/null';
728 push @cfgarr, 'HostbasedAuthentication no';
729 push @cfgarr, 'KbdInteractiveAuthentication no';
730 push @cfgarr, "LogLevel $loglevel";
731 push @cfgarr, 'NumberOfPasswordPrompts 0';
732 push @cfgarr, 'PasswordAuthentication no';
733 push @cfgarr, 'PreferredAuthentications publickey';
734 push @cfgarr, 'PubkeyAuthentication yes';
735 push @cfgarr, 'RhostsRSAAuthentication no';
736 push @cfgarr, 'RSAAuthentication no';
737 push @cfgarr, 'StrictHostKeyChecking yes';
738 push @cfgarr, 'UsePrivilegedPort no';
742 #***************************************************************************
743 # Options supported in ssh client newer than OpenSSH 2.9.9
746 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) {
747 push @cfgarr, 'AddressFamily any';
750 if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) ||
751 (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
752 push @cfgarr, 'ConnectTimeout 30';
755 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
756 push @cfgarr, 'ControlMaster no';
759 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 420)) {
760 push @cfgarr, 'ControlPath none';
763 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 360)) {
764 push @cfgarr, 'EnableSSHKeysign no';
767 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 440)) {
768 push @cfgarr, 'ExitOnForwardFailure yes';
771 if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) ||
772 (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
773 push @cfgarr, 'ForwardX11Trusted no';
776 if(($sshd_builtwith_GSSAPI) && ($sshdid eq $sshid) &&
777 ($sshdvernum == $sshvernum)) {
778 push @cfgarr, 'GSSAPIAuthentication no';
779 push @cfgarr, 'GSSAPIDelegateCredentials no';
780 if($sshid =~ /SunSSH/) {
781 push @cfgarr, 'GSSAPIKeyExchange no';
785 if((($sshid =~ /OpenSSH/) && ($sshvernum >= 400)) ||
786 (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
787 push @cfgarr, 'HashKnownHosts no';
790 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
791 push @cfgarr, 'IdentitiesOnly yes';
794 if((($sshid =~ /OpenSSH/) && ($sshvernum < 380)) ||
795 ($sshid =~ /SunSSH/)) {
796 push @cfgarr, 'KeepAlive no';
799 if((($sshid =~ /OpenSSH/) && ($sshvernum >= 300)) ||
800 ($sshid =~ /SunSSH/)) {
801 push @cfgarr, 'NoHostAuthenticationForLocalhost no';
804 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) {
805 push @cfgarr, 'PermitLocalCommand no';
808 if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) ||
809 (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
810 push @cfgarr, 'RekeyLimit 1G';
813 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
814 push @cfgarr, 'SendEnv';
817 if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) ||
818 (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
819 push @cfgarr, 'ServerAliveCountMax 3';
820 push @cfgarr, 'ServerAliveInterval 0';
823 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) {
824 push @cfgarr, 'TCPKeepAlive no';
827 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) {
828 push @cfgarr, 'Tunnel no';
831 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) {
832 push @cfgarr, 'VerifyHostKeyDNS no';
838 #***************************************************************************
839 # Write out resulting ssh client configuration file for curl's tests
841 $error = dump_array($sshconfig, @cfgarr);
849 #***************************************************************************
850 # Start the ssh server daemon without forking it
852 my $rc = system "$sshd -e -D -f $sshdconfig > $sshdlog 2>&1";
854 logmsg "$sshd failed with: $!";
857 logmsg sprintf("$sshd died with signal %d, and %s coredump",
858 ($rc & 127), ($rc & 128)?'a':'no');
860 elsif($verbose && ($rc >> 8)) {
861 logmsg sprintf("$sshd exited with %d", $rc >> 8);
865 #***************************************************************************
866 # Clean up once the server has stopped
868 unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf, $knownhosts);
869 unlink($sshdconfig, $sshconfig);