1# $OpenBSD: keytype.sh,v 1.11 2021/02/25 03:27:34 djm Exp $ 2# Placed in the Public Domain. 3 4tid="login with different key types" 5 6cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 7cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak 8 9# Construct list of key types based on what the built binaries support. 10ktypes="" 11for i in ${SSH_KEYTYPES}; do 12 case "$i" in 13 ssh-dss) ktypes="$ktypes dsa-1024" ;; 14 ssh-rsa) ktypes="$ktypes rsa-2048 rsa-3072" ;; 15 ssh-ed25519) ktypes="$ktypes ed25519-512" ;; 16 ecdsa-sha2-nistp256) ktypes="$ktypes ecdsa-256" ;; 17 ecdsa-sha2-nistp384) ktypes="$ktypes ecdsa-384" ;; 18 ecdsa-sha2-nistp521) ktypes="$ktypes ecdsa-521" ;; 19 sk-ssh-ed25519*) ktypes="$ktypes ed25519-sk" ;; 20 sk-ecdsa-sha2-nistp256*) ktypes="$ktypes ecdsa-sk" ;; 21 esac 22done 23 24for kt in $ktypes; do 25 rm -f $OBJ/key.$kt 26 xbits=`echo ${kt} | awk -F- '{print $2}'` 27 xtype=`echo ${kt} | awk -F- '{print $1}'` 28 case "$kt" in 29 *sk) type="$kt"; bits="n/a"; bits_arg="";; 30 *) type=$xtype; bits=$xbits; bits_arg="-b $bits";; 31 esac 32 verbose "keygen $type, $bits bits" 33 ${SSHKEYGEN} $bits_arg -q -N '' -t $type -f $OBJ/key.$kt || \ 34 fail "ssh-keygen for type $type, $bits bits failed" 35done 36 37kname_to_ktype() { 38 case $1 in 39 dsa-1024) echo ssh-dss;; 40 ecdsa-256) echo ecdsa-sha2-nistp256;; 41 ecdsa-384) echo ecdsa-sha2-nistp384;; 42 ecdsa-521) echo ecdsa-sha2-nistp521;; 43 ed25519-512) echo ssh-ed25519;; 44 rsa-*) echo rsa-sha2-512,rsa-sha2-256,ssh-rsa;; 45 ed25519-sk) echo sk-ssh-ed25519@openssh.com;; 46 ecdsa-sk) echo sk-ecdsa-sha2-nistp256@openssh.com;; 47 esac 48} 49 50tries="1 2 3" 51for ut in $ktypes; do 52 user_type=`kname_to_ktype "$ut"` 53 htypes="$ut" 54 #htypes=$ktypes 55 for ht in $htypes; do 56 host_type=`kname_to_ktype "$ht"` 57 trace "ssh connect, userkey $ut, hostkey $ht" 58 ( 59 grep -v HostKey $OBJ/sshd_proxy_bak 60 echo HostKey $OBJ/key.$ht 61 echo PubkeyAcceptedAlgorithms $user_type 62 echo HostKeyAlgorithms $host_type 63 ) > $OBJ/sshd_proxy 64 ( 65 grep -v IdentityFile $OBJ/ssh_proxy_bak 66 echo IdentityFile $OBJ/key.$ut 67 echo PubkeyAcceptedAlgorithms $user_type 68 echo HostKeyAlgorithms $host_type 69 ) > $OBJ/ssh_proxy 70 ( 71 printf 'localhost-with-alias,127.0.0.1,::1 ' 72 cat $OBJ/key.$ht.pub 73 ) > $OBJ/known_hosts 74 cat $OBJ/key.$ut.pub > $OBJ/authorized_keys_$USER 75 for i in $tries; do 76 verbose "userkey $ut, hostkey ${ht}" 77 ${SSH} -F $OBJ/ssh_proxy 999.999.999.999 true 78 if [ $? -ne 0 ]; then 79 fail "ssh userkey $ut, hostkey $ht failed" 80 fi 81 done 82 done 83done 84