2 #***************************************************************************
4 # Project ___| | | | _ \| |
6 # | (__| |_| | _ <| |___
7 # \___|\___/|_| \_\_____|
9 # Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
11 # This software is licensed as described in the file COPYING, which
12 # you should have received as part of this distribution. The terms
13 # are also available at http://curl.haxx.se/docs/copyright.html.
15 # You may opt to use, copy, modify, merge, publish, distribute and/or sell
16 # copies of the Software, and permit persons to whom the Software is
17 # furnished to do so, under the terms of the COPYING file.
19 # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
20 # KIND, either express or implied.
23 #***************************************************************************
25 # Starts sshd for use in the SCP, SFTP and SOCKS curl test harness tests.
26 # Also creates the ssh configuration files needed for these tests.
34 # -p SCP/SFTP server port
35 # -s SOCKS4/5 server port
41 #***************************************************************************
42 # Variables and subs imported from sshhelp module
71 #***************************************************************************
73 my $verbose = 1; # set to 1 for debugging
74 my $debugprotocol = 0; # set to 1 for protocol debugging
75 my $port = 8999; # our default SCP/SFTP server port
76 my $socksport = $port + 1; # our default SOCKS4/5 server port
77 my $listenaddr = '127.0.0.1'; # default address on which to listen
78 my $path = getcwd(); # current working directory
79 my $username = $ENV{USER}; # default user
85 #***************************************************************************
86 # Parse command line options
89 if($ARGV[0] eq '-v') {
92 elsif($ARGV[0] eq '-d') {
96 elsif($ARGV[0] eq '-u') {
100 elsif($ARGV[0] eq '-l') {
101 $listenaddr = $ARGV[1];
104 elsif($ARGV[0] eq '-p') {
105 if($ARGV[1] =~ /^(\d+)$/) {
110 elsif($ARGV[0] eq '-s') {
111 if($ARGV[1] =~ /^(\d+)$/) {
120 #***************************************************************************
121 # Logging level for ssh server and client
123 my $loglevel = $debugprotocol?'DEBUG2':'INFO';
126 #***************************************************************************
130 $error = 'Will not run ssh server without a user name';
132 elsif($username eq 'root') {
133 $error = 'Will not run ssh server as root to mitigate security risks';
141 #***************************************************************************
142 # Find out ssh daemon canonical file name
144 my $sshd = find_sshd();
146 logmsg "cannot find $sshdexe";
151 #***************************************************************************
152 # Find out ssh daemon version info
154 my ($sshdid, $sshdvernum, $sshdverstr, $sshderror) = sshversioninfo($sshd);
156 # Not an OpenSSH or SunSSH ssh daemon
157 logmsg $sshderror if($verbose);
158 logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later';
161 logmsg "ssh server found $sshd is $sshdverstr" if($verbose);
164 #***************************************************************************
165 # ssh daemon command line options we might use and version support
167 # -e: log stderr : OpenSSH 2.9.0 and later
168 # -f: sshd config file : OpenSSH 1.2.1 and later
169 # -D: no daemon forking : OpenSSH 2.5.0 and later
170 # -o: command-line option : OpenSSH 3.1.0 and later
171 # -t: test config file : OpenSSH 2.9.9 and later
172 # -?: sshd version info : OpenSSH 1.2.1 and later
174 # -e: log stderr : SunSSH 1.0.0 and later
175 # -f: sshd config file : SunSSH 1.0.0 and later
176 # -D: no daemon forking : SunSSH 1.0.0 and later
177 # -o: command-line option : SunSSH 1.0.0 and later
178 # -t: test config file : SunSSH 1.0.0 and later
179 # -?: sshd version info : SunSSH 1.0.0 and later
182 #***************************************************************************
183 # Verify minimum ssh daemon version
185 if((($sshdid =~ /OpenSSH/) && ($sshdvernum < 299)) ||
186 (($sshdid =~ /SunSSH/) && ($sshdvernum < 100))) {
187 logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later';
192 #***************************************************************************
193 # Find out sftp server plugin canonical file name
195 my $sftp = find_sftp();
197 logmsg "cannot find $sftpexe";
200 logmsg "sftp server plugin found $sftp" if($verbose);
203 #***************************************************************************
204 # Find out ssh keygen canonical file name
206 my $sshkeygen = find_sshkeygen();
208 logmsg "cannot find $sshkeygenexe";
211 logmsg "ssh keygen found $sshkeygen" if($verbose);
214 #***************************************************************************
215 # Find out ssh client canonical file name
217 my $ssh = find_ssh();
219 logmsg "cannot find $sshexe";
224 #***************************************************************************
225 # Find out ssh client version info
227 my ($sshid, $sshvernum, $sshverstr, $ssherror) = sshversioninfo($ssh);
229 # Not an OpenSSH or SunSSH ssh client
230 logmsg $ssherror if($verbose);
231 logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later';
234 logmsg "ssh client found $ssh is $sshverstr" if($verbose);
237 #***************************************************************************
238 # ssh client command line options we might use and version support
240 # -D: dynamic app port forwarding : OpenSSH 2.9.9 and later
241 # -F: ssh config file : OpenSSH 2.9.9 and later
242 # -N: no shell/command : OpenSSH 2.1.0 and later
243 # -p: connection port : OpenSSH 1.2.1 and later
244 # -v: verbose messages : OpenSSH 1.2.1 and later
245 # -vv: increase verbosity : OpenSSH 2.3.0 and later
246 # -V: ssh version info : OpenSSH 1.2.1 and later
248 # -D: dynamic app port forwarding : SunSSH 1.0.0 and later
249 # -F: ssh config file : SunSSH 1.0.0 and later
250 # -N: no shell/command : SunSSH 1.0.0 and later
251 # -p: connection port : SunSSH 1.0.0 and later
252 # -v: verbose messages : SunSSH 1.0.0 and later
253 # -vv: increase verbosity : SunSSH 1.0.0 and later
254 # -V: ssh version info : SunSSH 1.0.0 and later
257 #***************************************************************************
258 # Verify minimum ssh client version
260 if((($sshid =~ /OpenSSH/) && ($sshvernum < 299)) ||
261 (($sshid =~ /SunSSH/) && ($sshvernum < 100))) {
262 logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later';
267 #***************************************************************************
268 # ssh keygen command line options we actually use and version support
270 # -C: identity comment : OpenSSH 1.2.1 and later
271 # -f: key filename : OpenSSH 1.2.1 and later
272 # -N: new passphrase : OpenSSH 1.2.1 and later
273 # -q: quiet keygen : OpenSSH 1.2.1 and later
274 # -t: key type : OpenSSH 2.5.0 and later
276 # -C: identity comment : SunSSH 1.0.0 and later
277 # -f: key filename : SunSSH 1.0.0 and later
278 # -N: new passphrase : SunSSH 1.0.0 and later
279 # -q: quiet keygen : SunSSH 1.0.0 and later
280 # -t: key type : SunSSH 1.0.0 and later
283 #***************************************************************************
284 # Generate host and client key files for curl's tests
286 if((! -e $hstprvkeyf) || (! -e $hstpubkeyf) ||
287 (! -e $cliprvkeyf) || (! -e $clipubkeyf)) {
288 # Make sure all files are gone so ssh-keygen doesn't complain
289 unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf);
290 logmsg 'generating host keys...' if($verbose);
291 if(system "$sshkeygen -q -t dsa -f $hstprvkeyf -C 'curl test server' -N ''") {
292 logmsg 'Could not generate host key';
295 logmsg 'generating client keys...' if($verbose);
296 if(system "$sshkeygen -q -t dsa -f $cliprvkeyf -C 'curl test client' -N ''") {
297 logmsg 'Could not generate client key';
303 #***************************************************************************
304 # ssh daemon configuration file options we might use and version support
306 # AFSTokenPassing : OpenSSH 1.2.1 and later [1]
307 # AcceptEnv : OpenSSH 3.9.0 and later
308 # AddressFamily : OpenSSH 4.0.0 and later
309 # AllowGroups : OpenSSH 1.2.1 and later
310 # AllowTcpForwarding : OpenSSH 2.3.0 and later
311 # AllowUsers : OpenSSH 1.2.1 and later
312 # AuthorizedKeysFile : OpenSSH 2.9.9 and later
313 # Banner : OpenSSH 2.5.0 and later
314 # ChallengeResponseAuthentication : OpenSSH 2.5.0 and later
315 # Ciphers : OpenSSH 2.1.0 and later [3]
316 # ClientAliveCountMax : OpenSSH 2.9.0 and later
317 # ClientAliveInterval : OpenSSH 2.9.0 and later
318 # Compression : OpenSSH 3.3.0 and later
319 # DenyGroups : OpenSSH 1.2.1 and later
320 # DenyUsers : OpenSSH 1.2.1 and later
321 # ForceCommand : OpenSSH 4.4.0 and later [3]
322 # GatewayPorts : OpenSSH 2.1.0 and later
323 # GSSAPIAuthentication : OpenSSH 3.7.0 and later [1]
324 # GSSAPICleanupCredentials : OpenSSH 3.8.0 and later [1]
325 # HostbasedAuthentication : OpenSSH 2.9.0 and later
326 # HostbasedUsesNameFromPacketOnly : OpenSSH 2.9.0 and later
327 # HostKey : OpenSSH 1.2.1 and later
328 # IgnoreRhosts : OpenSSH 1.2.1 and later
329 # IgnoreUserKnownHosts : OpenSSH 1.2.1 and later
330 # KeepAlive : OpenSSH 1.2.1 and later
331 # KerberosAuthentication : OpenSSH 1.2.1 and later [1]
332 # KerberosGetAFSToken : OpenSSH 3.8.0 and later [1]
333 # KerberosOrLocalPasswd : OpenSSH 1.2.1 and later [1]
334 # KerberosTgtPassing : OpenSSH 1.2.1 and later [1]
335 # KerberosTicketCleanup : OpenSSH 1.2.1 and later [1]
336 # KeyRegenerationInterval : OpenSSH 1.2.1 and later
337 # ListenAddress : OpenSSH 1.2.1 and later
338 # LoginGraceTime : OpenSSH 1.2.1 and later
339 # LogLevel : OpenSSH 1.2.1 and later
340 # MACs : OpenSSH 2.5.0 and later [3]
341 # Match : OpenSSH 4.4.0 and later [3]
342 # MaxAuthTries : OpenSSH 3.9.0 and later
343 # MaxStartups : OpenSSH 2.2.0 and later
344 # PasswordAuthentication : OpenSSH 1.2.1 and later
345 # PermitEmptyPasswords : OpenSSH 1.2.1 and later
346 # PermitOpen : OpenSSH 4.4.0 and later [3]
347 # PermitRootLogin : OpenSSH 1.2.1 and later
348 # PermitTunnel : OpenSSH 4.3.0 and later
349 # PermitUserEnvironment : OpenSSH 3.5.0 and later
350 # PidFile : OpenSSH 2.1.0 and later
351 # Port : OpenSSH 1.2.1 and later
352 # PrintLastLog : OpenSSH 2.9.0 and later
353 # PrintMotd : OpenSSH 1.2.1 and later
354 # Protocol : OpenSSH 2.1.0 and later
355 # PubkeyAuthentication : OpenSSH 2.5.0 and later
356 # RhostsRSAAuthentication : OpenSSH 1.2.1 and later
357 # RSAAuthentication : OpenSSH 1.2.1 and later
358 # ServerKeyBits : OpenSSH 1.2.1 and later
359 # SkeyAuthentication : OpenSSH 1.2.1 and later [1]
360 # StrictModes : OpenSSH 1.2.1 and later
361 # Subsystem : OpenSSH 2.2.0 and later
362 # SyslogFacility : OpenSSH 1.2.1 and later
363 # TCPKeepAlive : OpenSSH 3.8.0 and later
364 # UseDNS : OpenSSH 3.7.0 and later
365 # UseLogin : OpenSSH 1.2.1 and later
366 # UsePAM : OpenSSH 3.7.0 and later [1][2]
367 # UsePrivilegeSeparation : OpenSSH 3.2.2 and later
368 # X11DisplayOffset : OpenSSH 1.2.1 and later [3]
369 # X11Forwarding : OpenSSH 1.2.1 and later
370 # X11UseLocalhost : OpenSSH 3.1.0 and later
371 # XAuthLocation : OpenSSH 2.1.1 and later [3]
373 # [1] Option only available if activated at compile time
374 # [2] Option specific for portable versions
375 # [3] Option not used in our ssh server config file
378 #***************************************************************************
379 # Initialize sshd config with options actually supported in OpenSSH 2.9.9
381 logmsg 'generating ssh server config file...' if($verbose);
383 push @cfgarr, '# This is a generated file. Do not edit.';
384 push @cfgarr, "# $sshdverstr sshd configuration file for curl testing";
386 push @cfgarr, "DenyUsers !$username";
387 push @cfgarr, "AllowUsers $username";
388 push @cfgarr, 'DenyGroups';
389 push @cfgarr, 'AllowGroups';
391 push @cfgarr, "AuthorizedKeysFile $path/$clipubkeyf";
392 push @cfgarr, "HostKey $path/$hstprvkeyf";
393 push @cfgarr, "PidFile $path/.ssh.pid";
395 push @cfgarr, "Port $port";
396 push @cfgarr, "ListenAddress $listenaddr";
397 push @cfgarr, 'Protocol 2';
399 push @cfgarr, 'AllowTcpForwarding yes';
400 push @cfgarr, 'Banner none';
401 push @cfgarr, 'ChallengeResponseAuthentication no';
402 push @cfgarr, 'ClientAliveCountMax 3';
403 push @cfgarr, 'ClientAliveInterval 0';
404 push @cfgarr, 'GatewayPorts no';
405 push @cfgarr, 'HostbasedAuthentication no';
406 push @cfgarr, 'HostbasedUsesNameFromPacketOnly no';
407 push @cfgarr, 'IgnoreRhosts yes';
408 push @cfgarr, 'IgnoreUserKnownHosts yes';
409 push @cfgarr, 'KeyRegenerationInterval 0';
410 push @cfgarr, 'LoginGraceTime 30';
411 push @cfgarr, "LogLevel $loglevel";
412 push @cfgarr, 'MaxStartups 5';
413 push @cfgarr, 'PasswordAuthentication no';
414 push @cfgarr, 'PermitEmptyPasswords no';
415 push @cfgarr, 'PermitRootLogin no';
416 push @cfgarr, 'PrintLastLog no';
417 push @cfgarr, 'PrintMotd no';
418 push @cfgarr, 'PubkeyAuthentication yes';
419 push @cfgarr, 'RhostsRSAAuthentication no';
420 push @cfgarr, 'RSAAuthentication no';
421 push @cfgarr, 'ServerKeyBits 768';
422 push @cfgarr, 'StrictModes no';
423 push @cfgarr, "Subsystem sftp $sftp";
424 push @cfgarr, 'SyslogFacility AUTH';
425 push @cfgarr, 'UseLogin no';
426 push @cfgarr, 'X11Forwarding no';
430 #***************************************************************************
431 # Write out initial sshd configuration file for curl's tests
433 $error = dump_array($sshdconfig, @cfgarr);
440 #***************************************************************************
441 # Verifies at run time if sshd supports a given configuration file option
443 sub sshd_supports_opt {
444 my ($option, $value) = @_;
447 if((($sshdid =~ /OpenSSH/) && ($sshdvernum >= 310)) ||
448 ($sshdid =~ /SunSSH/)) {
449 # ssh daemon supports command line options -t -f and -o
450 $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/,
451 qx($sshd -t -f $sshdconfig -o $option=$value 2>&1);
454 if(($sshdid =~ /OpenSSH/) && ($sshdvernum >= 299)) {
455 # ssh daemon supports command line options -t and -f
456 $err = dump_array($sshdconfig, (@cfgarr, "$option $value"));
461 $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/,
462 qx($sshd -t -f $sshdconfig 2>&1);
470 #***************************************************************************
471 # Kerberos Authentication support may have not been built into sshd
473 if(sshd_supports_opt('KerberosAuthentication','no')) {
474 push @cfgarr, 'KerberosAuthentication no';
476 if(sshd_supports_opt('KerberosGetAFSToken','no')) {
477 push @cfgarr, 'KerberosGetAFSToken no';
479 if(sshd_supports_opt('KerberosOrLocalPasswd','no')) {
480 push @cfgarr, 'KerberosOrLocalPasswd no';
482 if(sshd_supports_opt('KerberosTgtPassing','no')) {
483 push @cfgarr, 'KerberosTgtPassing no';
485 if(sshd_supports_opt('KerberosTicketCleanup','yes')) {
486 push @cfgarr, 'KerberosTicketCleanup yes';
490 #***************************************************************************
491 # Andrew File System support may have not been built into sshd
493 if(sshd_supports_opt('AFSTokenPassing','no')) {
494 push @cfgarr, 'AFSTokenPassing no';
498 #***************************************************************************
499 # S/Key authentication support may have not been built into sshd
501 if(sshd_supports_opt('SkeyAuthentication','no')) {
502 push @cfgarr, 'SkeyAuthentication no';
506 #***************************************************************************
507 # GSSAPI Authentication support may have not been built into sshd
509 if(sshd_supports_opt('GSSAPIAuthentication','no')) {
510 push @cfgarr, 'GSSAPIAuthentication no';
512 if(sshd_supports_opt('GSSAPICleanupCredentials','yes')) {
513 push @cfgarr, 'GSSAPICleanupCredentials yes';
518 #***************************************************************************
519 # Options that might be supported or not in sshd OpenSSH 2.9.9 and later
521 if(sshd_supports_opt('AcceptEnv','')) {
522 push @cfgarr, 'AcceptEnv';
524 if(sshd_supports_opt('AddressFamily','any')) {
525 # Address family must be specified before ListenAddress
526 splice @cfgarr, 13, 0, 'AddressFamily any';
528 if(sshd_supports_opt('Compression','no')) {
529 push @cfgarr, 'Compression no';
531 if(sshd_supports_opt('KeepAlive','no')) {
532 push @cfgarr, 'KeepAlive no';
534 if(sshd_supports_opt('MaxAuthTries','0')) {
535 push @cfgarr, 'MaxAuthTries 0';
537 if(sshd_supports_opt('PermitTunnel','no')) {
538 push @cfgarr, 'PermitTunnel no';
540 if(sshd_supports_opt('PermitUserEnvironment','no')) {
541 push @cfgarr, 'PermitUserEnvironment no';
543 if(sshd_supports_opt('TCPKeepAlive','no')) {
544 push @cfgarr, 'TCPKeepAlive no';
546 if(sshd_supports_opt('UseDNS','no')) {
547 push @cfgarr, 'UseDNS no';
549 if(sshd_supports_opt('UsePAM','no')) {
550 push @cfgarr, 'UsePAM no';
552 if(sshd_supports_opt('UsePrivilegeSeparation','no')) {
553 push @cfgarr, 'UsePrivilegeSeparation no';
555 if(sshd_supports_opt('X11UseLocalhost','yes')) {
556 push @cfgarr, 'X11UseLocalhost yes';
561 #***************************************************************************
562 # Write out resulting sshd configuration file for curl's tests
564 $error = dump_array($sshdconfig, @cfgarr);
571 #***************************************************************************
572 # Verify that sshd actually supports our generated configuration file
574 if(system "$sshd -t -f $sshdconfig > $sshdlog 2>&1") {
575 logmsg "sshd configuration file $sshdconfig failed verification";
577 display_sshdconfig();
582 #***************************************************************************
583 # Generate ssh client host key database file for curl's tests
585 if(! -e $knownhosts) {
586 logmsg 'generating ssh client known hosts file...' if($verbose);
587 if(open(DSAKEYFILE, "<$hstpubkeyf")) {
588 my @dsahostkey = do { local $/ = ' '; <DSAKEYFILE> };
589 if(close(DSAKEYFILE)) {
590 if(open(KNOWNHOSTS, ">$knownhosts")) {
591 print KNOWNHOSTS "$listenaddr ssh-dss $dsahostkey[1]\n";
592 if(!close(KNOWNHOSTS)) {
593 $error = "Error: cannot close file $knownhosts";
597 $error = "Error: cannot write file $knownhosts";
601 $error = "Error: cannot close file $hstpubkeyf";
605 $error = "Error: cannot read file $hstpubkeyf";
613 #***************************************************************************
614 # ssh client configuration file options we might use and version support
616 # AddressFamily : OpenSSH 3.7.0 and later
617 # BatchMode : OpenSSH 1.2.1 and later
618 # BindAddress : OpenSSH 2.9.9 and later
619 # ChallengeResponseAuthentication : OpenSSH 2.5.0 and later
620 # CheckHostIP : OpenSSH 1.2.1 and later
621 # Cipher : OpenSSH 1.2.1 and later [3]
622 # Ciphers : OpenSSH 2.1.0 and later [3]
623 # ClearAllForwardings : OpenSSH 2.9.9 and later
624 # Compression : OpenSSH 1.2.1 and later
625 # CompressionLevel : OpenSSH 1.2.1 and later [3]
626 # ConnectionAttempts : OpenSSH 1.2.1 and later
627 # ConnectTimeout : OpenSSH 3.7.0 and later
628 # ControlMaster : OpenSSH 3.9.0 and later
629 # ControlPath : OpenSSH 3.9.0 and later
630 # DynamicForward : OpenSSH 2.9.0 and later
631 # EnableSSHKeysign : OpenSSH 3.6.0 and later
632 # EscapeChar : OpenSSH 1.2.1 and later [3]
633 # ExitOnForwardFailure : OpenSSH 4.4.0 and later
634 # ForwardAgent : OpenSSH 1.2.1 and later
635 # ForwardX11 : OpenSSH 1.2.1 and later
636 # ForwardX11Trusted : OpenSSH 3.8.0 and later
637 # GatewayPorts : OpenSSH 1.2.1 and later
638 # GlobalKnownHostsFile : OpenSSH 1.2.1 and later
639 # GSSAPIAuthentication : OpenSSH 3.7.0 and later [1][3]
640 # GSSAPIDelegateCredentials : OpenSSH 3.7.0 and later [1][3]
641 # HashKnownHosts : OpenSSH 4.0.0 and later
642 # Host : OpenSSH 1.2.1 and later
643 # HostbasedAuthentication : OpenSSH 2.9.0 and later
644 # HostKeyAlgorithms : OpenSSH 2.9.0 and later [3]
645 # HostKeyAlias : OpenSSH 2.5.0 and later [3]
646 # HostName : OpenSSH 1.2.1 and later
647 # IdentitiesOnly : OpenSSH 3.9.0 and later
648 # IdentityFile : OpenSSH 1.2.1 and later
649 # KeepAlive : OpenSSH 1.2.1 and later
650 # KbdInteractiveAuthentication : OpenSSH 2.3.0 and later
651 # KbdInteractiveDevices : OpenSSH 2.3.0 and later [3]
652 # LocalCommand : OpenSSH 4.3.0 and later
653 # LocalForward : OpenSSH 1.2.1 and later [3]
654 # LogLevel : OpenSSH 1.2.1 and later
655 # MACs : OpenSSH 2.5.0 and later [3]
656 # NoHostAuthenticationForLocalhost : OpenSSH 3.0.0 and later
657 # NumberOfPasswordPrompts : OpenSSH 1.2.1 and later
658 # PasswordAuthentication : OpenSSH 1.2.1 and later
659 # PermitLocalCommand : OpenSSH 4.3.0 and later
660 # Port : OpenSSH 1.2.1 and later
661 # PreferredAuthentications : OpenSSH 2.5.2 and later
662 # Protocol : OpenSSH 2.1.0 and later
663 # ProxyCommand : OpenSSH 1.2.1 and later [3]
664 # PubkeyAuthentication : OpenSSH 2.5.0 and later
665 # RekeyLimit : OpenSSH 3.7.0 and later
666 # RemoteForward : OpenSSH 1.2.1 and later [3]
667 # RhostsRSAAuthentication : OpenSSH 1.2.1 and later
668 # RSAAuthentication : OpenSSH 1.2.1 and later
669 # SendEnv : OpenSSH 3.9.0 and later
670 # ServerAliveCountMax : OpenSSH 3.8.0 and later
671 # ServerAliveInterval : OpenSSH 3.8.0 and later
672 # SmartcardDevice : OpenSSH 2.9.9 and later [1][3]
673 # StrictHostKeyChecking : OpenSSH 1.2.1 and later
674 # TCPKeepAlive : OpenSSH 3.8.0 and later
675 # Tunnel : OpenSSH 4.3.0 and later
676 # TunnelDevice : OpenSSH 4.3.0 and later [3]
677 # UsePAM : OpenSSH 3.7.0 and later [1][2][3]
678 # UsePrivilegedPort : OpenSSH 1.2.1 and later
679 # User : OpenSSH 1.2.1 and later
680 # UserKnownHostsFile : OpenSSH 1.2.1 and later
681 # VerifyHostKeyDNS : OpenSSH 3.8.0 and later
682 # XAuthLocation : OpenSSH 2.1.1 and later [3]
684 # [1] Option only available if activated at compile time
685 # [2] Option specific for portable versions
686 # [3] Option not used in our ssh client config file
689 #***************************************************************************
690 # Initialize ssh config with options actually supported in OpenSSH 2.9.9
692 logmsg 'generating ssh client config file...' if($verbose);
694 push @cfgarr, '# This is a generated file. Do not edit.';
695 push @cfgarr, "# $sshverstr ssh client configuration file for curl testing";
697 push @cfgarr, 'Host *';
699 push @cfgarr, "Port $port";
700 push @cfgarr, "HostName $listenaddr";
701 push @cfgarr, "User $username";
702 push @cfgarr, 'Protocol 2';
704 push @cfgarr, "BindAddress $listenaddr";
705 push @cfgarr, "DynamicForward $socksport";
707 push @cfgarr, "IdentityFile $path/curl_client_key";
708 push @cfgarr, "UserKnownHostsFile $path/$knownhosts";
710 push @cfgarr, 'BatchMode yes';
711 push @cfgarr, 'ChallengeResponseAuthentication no';
712 push @cfgarr, 'CheckHostIP no';
713 push @cfgarr, 'ClearAllForwardings no';
714 push @cfgarr, 'Compression no';
715 push @cfgarr, 'ConnectionAttempts 3';
716 push @cfgarr, 'ForwardAgent no';
717 push @cfgarr, 'ForwardX11 no';
718 push @cfgarr, 'GatewayPorts no';
719 push @cfgarr, 'GlobalKnownHostsFile /dev/null';
720 push @cfgarr, 'HostbasedAuthentication no';
721 push @cfgarr, 'KbdInteractiveAuthentication no';
722 push @cfgarr, "LogLevel $loglevel";
723 push @cfgarr, 'NumberOfPasswordPrompts 0';
724 push @cfgarr, 'PasswordAuthentication no';
725 push @cfgarr, 'PreferredAuthentications publickey';
726 push @cfgarr, 'PubkeyAuthentication yes';
727 push @cfgarr, 'RhostsRSAAuthentication no';
728 push @cfgarr, 'RSAAuthentication no';
729 push @cfgarr, 'StrictHostKeyChecking yes';
730 push @cfgarr, 'UsePrivilegedPort no';
734 #***************************************************************************
735 # Options supported in ssh client newer than OpenSSH 2.9.9
738 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) {
739 push @cfgarr, 'AddressFamily any';
742 if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) ||
743 ($sshid =~ /SunSSH/)) {
744 push @cfgarr, 'ConnectTimeout 30';
747 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
748 push @cfgarr, 'ControlMaster no';
749 push @cfgarr, 'ControlPath none';
752 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 360)) {
753 push @cfgarr, 'EnableSSHKeysign no';
756 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 440)) {
757 push @cfgarr, 'ExitOnForwardFailure yes';
760 if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) ||
761 ($sshid =~ /SunSSH/)) {
762 push @cfgarr, 'ForwardX11Trusted no';
765 if((($sshid =~ /OpenSSH/) && ($sshvernum >= 400)) ||
766 ($sshid =~ /SunSSH/)) {
767 push @cfgarr, 'HashKnownHosts no';
770 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
771 push @cfgarr, 'IdentitiesOnly yes';
774 if((($sshid =~ /OpenSSH/) && ($sshvernum < 380)) ||
775 ($sshid =~ /SunSSH/)) {
776 push @cfgarr, 'KeepAlive no';
779 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) {
780 push @cfgarr, 'LocalCommand';
783 if((($sshid =~ /OpenSSH/) && ($sshvernum >= 300)) ||
784 ($sshid =~ /SunSSH/)) {
785 push @cfgarr, 'NoHostAuthenticationForLocalhost no';
788 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) {
789 push @cfgarr, 'PermitLocalCommand no';
792 if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) ||
793 ($sshid =~ /SunSSH/)) {
794 push @cfgarr, 'RekeyLimit 1G';
797 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
798 push @cfgarr, 'SendEnv';
801 if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) ||
802 ($sshid =~ /SunSSH/)) {
803 push @cfgarr, 'ServerAliveCountMax 3';
804 push @cfgarr, 'ServerAliveInterval 0';
807 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) {
808 push @cfgarr, 'TCPKeepAlive no';
811 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) {
812 push @cfgarr, 'Tunnel no';
815 if(($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) {
816 push @cfgarr, 'VerifyHostKeyDNS no';
822 #***************************************************************************
823 # Write out resulting ssh client configuration file for curl's tests
825 $error = dump_array($sshconfig, @cfgarr);
833 #***************************************************************************
834 # Start the ssh server daemon without forking it
836 my $rc = system "$sshd -e -D -f $sshdconfig > $sshdlog 2>&1";
838 logmsg "$sshd failed with: $!";
841 logmsg sprintf("$sshd died with signal %d, and %s coredump",
842 ($rc & 127), ($rc & 128)?'a':'no');
844 elsif($verbose && ($rc >> 8)) {
845 logmsg sprintf("$sshd exited with %d", $rc >> 8);
849 #***************************************************************************
850 # Clean up once the server has stopped
852 unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf, $knownhosts);
853 unlink($sshdconfig, $sshconfig);