sshserver.pl 40 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162
  1. #!/usr/bin/env perl
  2. #***************************************************************************
  3. # _ _ ____ _
  4. # Project ___| | | | _ \| |
  5. # / __| | | | |_) | |
  6. # | (__| |_| | _ <| |___
  7. # \___|\___/|_| \_\_____|
  8. #
  9. # Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
  10. #
  11. # This software is licensed as described in the file COPYING, which
  12. # you should have received as part of this distribution. The terms
  13. # are also available at https://curl.se/docs/copyright.html.
  14. #
  15. # You may opt to use, copy, modify, merge, publish, distribute and/or sell
  16. # copies of the Software, and permit persons to whom the Software is
  17. # furnished to do so, under the terms of the COPYING file.
  18. #
  19. # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  20. # KIND, either express or implied.
  21. #
  22. # SPDX-License-Identifier: curl
  23. #
  24. #***************************************************************************
  25. # Starts sshd for use in the SCP and SFTP curl test harness tests.
  26. # Also creates the ssh configuration files needed for these tests.
  27. use strict;
  28. use warnings;
  29. use Cwd;
  30. use Cwd 'abs_path';
  31. use Digest::MD5;
  32. use Digest::MD5 'md5_hex';
  33. use Digest::SHA;
  34. use Digest::SHA 'sha256_base64';
  35. use MIME::Base64;
  36. #***************************************************************************
  37. # Variables and subs imported from sshhelp module
  38. #
  39. use sshhelp qw(
  40. $sshdexe
  41. $sshexe
  42. $sftpsrvexe
  43. $sftpexe
  44. $sshkeygenexe
  45. $sshdconfig
  46. $sshconfig
  47. $sftpconfig
  48. $knownhosts
  49. $sshdlog
  50. $sshlog
  51. $sftplog
  52. $sftpcmds
  53. $hstprvkeyf
  54. $hstpubkeyf
  55. $hstpubmd5f
  56. $hstpubsha256f
  57. $cliprvkeyf
  58. $clipubkeyf
  59. display_sshdconfig
  60. display_sshconfig
  61. display_sftpconfig
  62. display_sshdlog
  63. display_sshlog
  64. display_sftplog
  65. dump_array
  66. find_sshd
  67. find_ssh
  68. find_sftpsrv
  69. find_sftp
  70. find_sshkeygen
  71. logmsg
  72. sshversioninfo
  73. );
  74. #***************************************************************************
  75. # Subs imported from serverhelp module
  76. #
  77. use serverhelp qw(
  78. server_pidfilename
  79. server_logfilename
  80. );
  81. use pathhelp;
  82. #***************************************************************************
  83. my $verbose = 0; # set to 1 for debugging
  84. my $debugprotocol = 0; # set to 1 for protocol debugging
  85. my $port = 8999; # our default SCP/SFTP server port
  86. my $listenaddr = '127.0.0.1'; # default address on which to listen
  87. my $ipvnum = 4; # default IP version of listener address
  88. my $idnum = 1; # default ssh daemon instance number
  89. my $proto = 'ssh'; # protocol the ssh daemon speaks
  90. my $path = getcwd(); # current working directory
  91. my $logdir = $path .'/log'; # directory for log files
  92. my $username = $ENV{USER}; # default user
  93. my $pidfile; # ssh daemon pid file
  94. my $identity = 'curl_client_key'; # default identity file
  95. my $error;
  96. my @cfgarr;
  97. #***************************************************************************
  98. # Parse command line options
  99. #
  100. while(@ARGV) {
  101. if($ARGV[0] eq '--verbose') {
  102. $verbose = 1;
  103. }
  104. elsif($ARGV[0] eq '--debugprotocol') {
  105. $verbose = 1;
  106. $debugprotocol = 1;
  107. }
  108. elsif($ARGV[0] eq '--user') {
  109. if($ARGV[1]) {
  110. $username = $ARGV[1];
  111. shift @ARGV;
  112. }
  113. }
  114. elsif($ARGV[0] eq '--id') {
  115. if($ARGV[1]) {
  116. if($ARGV[1] =~ /^(\d+)$/) {
  117. $idnum = $1 if($1 > 0);
  118. shift @ARGV;
  119. }
  120. }
  121. }
  122. elsif($ARGV[0] eq '--ipv4') {
  123. $ipvnum = 4;
  124. $listenaddr = '127.0.0.1' if($listenaddr eq '::1');
  125. }
  126. elsif($ARGV[0] eq '--ipv6') {
  127. $ipvnum = 6;
  128. $listenaddr = '::1' if($listenaddr eq '127.0.0.1');
  129. }
  130. elsif($ARGV[0] eq '--addr') {
  131. if($ARGV[1]) {
  132. my $tmpstr = $ARGV[1];
  133. if($tmpstr =~ /^(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)$/) {
  134. $listenaddr = "$1.$2.$3.$4" if($ipvnum == 4);
  135. shift @ARGV;
  136. }
  137. elsif($ipvnum == 6) {
  138. $listenaddr = $tmpstr;
  139. $listenaddr =~ s/^\[(.*)\]$/$1/;
  140. shift @ARGV;
  141. }
  142. }
  143. }
  144. elsif($ARGV[0] eq '--pidfile') {
  145. if($ARGV[1]) {
  146. $pidfile = "$path/". $ARGV[1];
  147. shift @ARGV;
  148. }
  149. }
  150. elsif($ARGV[0] eq '--sshport') {
  151. if($ARGV[1]) {
  152. if($ARGV[1] =~ /^(\d+)$/) {
  153. $port = $1;
  154. shift @ARGV;
  155. }
  156. }
  157. }
  158. else {
  159. print STDERR "\nWarning: sshserver.pl unknown parameter: $ARGV[0]\n";
  160. }
  161. shift @ARGV;
  162. }
  163. #***************************************************************************
  164. # Default ssh daemon pid file name
  165. #
  166. if(!$pidfile) {
  167. $pidfile = "$path/". server_pidfilename($proto, $ipvnum, $idnum);
  168. }
  169. #***************************************************************************
  170. # ssh and sftp server log file names
  171. #
  172. $sshdlog = server_logfilename($logdir, 'ssh', $ipvnum, $idnum);
  173. $sftplog = server_logfilename($logdir, 'sftp', $ipvnum, $idnum);
  174. #***************************************************************************
  175. # Logging level for ssh server and client
  176. #
  177. my $loglevel = $debugprotocol?'DEBUG3':'DEBUG2';
  178. #***************************************************************************
  179. # Validate username
  180. #
  181. if(!$username) {
  182. $error = 'Will not run ssh server without a user name';
  183. }
  184. elsif($username eq 'root') {
  185. $error = 'Will not run ssh server as root to mitigate security risks';
  186. }
  187. if($error) {
  188. logmsg $error;
  189. exit 1;
  190. }
  191. #***************************************************************************
  192. # Find out ssh daemon canonical file name
  193. #
  194. my $sshd = find_sshd();
  195. if(!$sshd) {
  196. logmsg "cannot find $sshdexe";
  197. exit 1;
  198. }
  199. #***************************************************************************
  200. # Find out ssh daemon version info
  201. #
  202. my ($sshdid, $sshdvernum, $sshdverstr, $sshderror) = sshversioninfo($sshd);
  203. if(!$sshdid) {
  204. # Not an OpenSSH or SunSSH ssh daemon
  205. logmsg $sshderror if($verbose);
  206. logmsg 'SCP and SFTP tests require OpenSSH 2.9.9 or later';
  207. exit 1;
  208. }
  209. logmsg "ssh server found $sshd is $sshdverstr" if($verbose);
  210. #***************************************************************************
  211. # ssh daemon command line options we might use and version support
  212. #
  213. # -e: log stderr : OpenSSH 2.9.0 and later
  214. # -f: sshd config file : OpenSSH 1.2.1 and later
  215. # -D: no daemon forking : OpenSSH 2.5.0 and later
  216. # -o: command-line option : OpenSSH 3.1.0 and later
  217. # -t: test config file : OpenSSH 2.9.9 and later
  218. # -?: sshd version info : OpenSSH 1.2.1 and later
  219. #
  220. # -e: log stderr : SunSSH 1.0.0 and later
  221. # -f: sshd config file : SunSSH 1.0.0 and later
  222. # -D: no daemon forking : SunSSH 1.0.0 and later
  223. # -o: command-line option : SunSSH 1.0.0 and later
  224. # -t: test config file : SunSSH 1.0.0 and later
  225. # -?: sshd version info : SunSSH 1.0.0 and later
  226. #***************************************************************************
  227. # Verify minimum ssh daemon version
  228. #
  229. if((($sshdid =~ /OpenSSH/) && ($sshdvernum < 299)) ||
  230. (($sshdid =~ /SunSSH/) && ($sshdvernum < 100))) {
  231. logmsg 'SCP and SFTP tests require OpenSSH 2.9.9 or later';
  232. exit 1;
  233. }
  234. #***************************************************************************
  235. # Find out sftp server plugin canonical file name
  236. #
  237. my $sftpsrv = find_sftpsrv();
  238. if(!$sftpsrv) {
  239. logmsg "cannot find $sftpsrvexe";
  240. exit 1;
  241. }
  242. logmsg "sftp server plugin found $sftpsrv" if($verbose);
  243. #***************************************************************************
  244. # Find out sftp client canonical file name
  245. #
  246. my $sftp = find_sftp();
  247. if(!$sftp) {
  248. logmsg "cannot find $sftpexe";
  249. exit 1;
  250. }
  251. logmsg "sftp client found $sftp" if($verbose);
  252. #***************************************************************************
  253. # Find out ssh keygen canonical file name
  254. #
  255. my $sshkeygen = find_sshkeygen();
  256. if(!$sshkeygen) {
  257. logmsg "cannot find $sshkeygenexe";
  258. exit 1;
  259. }
  260. logmsg "ssh keygen found $sshkeygen" if($verbose);
  261. #***************************************************************************
  262. # Find out ssh client canonical file name
  263. #
  264. my $ssh = find_ssh();
  265. if(!$ssh) {
  266. logmsg "cannot find $sshexe";
  267. exit 1;
  268. }
  269. #***************************************************************************
  270. # Find out ssh client version info
  271. #
  272. my ($sshid, $sshvernum, $sshverstr, $ssherror) = sshversioninfo($ssh);
  273. if(!$sshid) {
  274. # Not an OpenSSH or SunSSH ssh client
  275. logmsg $ssherror if($verbose);
  276. logmsg 'SCP and SFTP tests require OpenSSH 2.9.9 or later';
  277. exit 1;
  278. }
  279. logmsg "ssh client found $ssh is $sshverstr" if($verbose);
  280. #***************************************************************************
  281. # ssh client command line options we might use and version support
  282. #
  283. # -D: dynamic app port forwarding : OpenSSH 2.9.9 and later
  284. # -F: ssh config file : OpenSSH 2.9.9 and later
  285. # -N: no shell/command : OpenSSH 2.1.0 and later
  286. # -p: connection port : OpenSSH 1.2.1 and later
  287. # -v: verbose messages : OpenSSH 1.2.1 and later
  288. # -vv: increase verbosity : OpenSSH 2.3.0 and later
  289. # -V: ssh version info : OpenSSH 1.2.1 and later
  290. #
  291. # -D: dynamic app port forwarding : SunSSH 1.0.0 and later
  292. # -F: ssh config file : SunSSH 1.0.0 and later
  293. # -N: no shell/command : SunSSH 1.0.0 and later
  294. # -p: connection port : SunSSH 1.0.0 and later
  295. # -v: verbose messages : SunSSH 1.0.0 and later
  296. # -vv: increase verbosity : SunSSH 1.0.0 and later
  297. # -V: ssh version info : SunSSH 1.0.0 and later
  298. #***************************************************************************
  299. # Verify minimum ssh client version
  300. #
  301. if((($sshid =~ /OpenSSH/) && ($sshvernum < 299)) ||
  302. (($sshid =~ /SunSSH/) && ($sshvernum < 100))) {
  303. logmsg 'SCP and SFTP tests require OpenSSH 2.9.9 or later';
  304. exit 1;
  305. }
  306. #***************************************************************************
  307. # ssh keygen command line options we actually use and version support
  308. #
  309. # -C: identity comment : OpenSSH 1.2.1 and later
  310. # -f: key filename : OpenSSH 1.2.1 and later
  311. # -N: new passphrase : OpenSSH 1.2.1 and later
  312. # -q: quiet keygen : OpenSSH 1.2.1 and later
  313. # -t: key type : OpenSSH 2.5.0 and later
  314. #
  315. # -C: identity comment : SunSSH 1.0.0 and later
  316. # -f: key filename : SunSSH 1.0.0 and later
  317. # -N: new passphrase : SunSSH 1.0.0 and later
  318. # -q: quiet keygen : SunSSH 1.0.0 and later
  319. # -t: key type : SunSSH 1.0.0 and later
  320. #***************************************************************************
  321. # Generate host and client key files for curl's tests
  322. #
  323. if((! -e $hstprvkeyf) || (! -s $hstprvkeyf) ||
  324. (! -e $hstpubkeyf) || (! -s $hstpubkeyf) ||
  325. (! -e $hstpubmd5f) || (! -s $hstpubmd5f) ||
  326. (! -e $hstpubsha256f) || (! -s $hstpubsha256f) ||
  327. (! -e $cliprvkeyf) || (! -s $cliprvkeyf) ||
  328. (! -e $clipubkeyf) || (! -s $clipubkeyf)) {
  329. # Make sure all files are gone so ssh-keygen doesn't complain
  330. unlink($hstprvkeyf, $hstpubkeyf, $hstpubmd5f, $hstpubsha256f,
  331. $cliprvkeyf, $clipubkeyf);
  332. logmsg 'generating host keys...' if($verbose);
  333. if(system "\"$sshkeygen\" -q -t rsa -f $hstprvkeyf -C 'curl test server' -N ''") {
  334. logmsg 'Could not generate host key';
  335. exit 1;
  336. }
  337. logmsg 'generating client keys...' if($verbose);
  338. if(system "\"$sshkeygen\" -q -t rsa -f $cliprvkeyf -C 'curl test client' -N ''") {
  339. logmsg 'Could not generate client key';
  340. exit 1;
  341. }
  342. # Make sure that permissions are restricted so openssh doesn't complain
  343. system "chmod 600 $hstprvkeyf";
  344. system "chmod 600 $cliprvkeyf";
  345. # Save md5 and sha256 hashes of public host key
  346. open(RSAKEYFILE, "<$hstpubkeyf");
  347. my @rsahostkey = do { local $/ = ' '; <RSAKEYFILE> };
  348. close(RSAKEYFILE);
  349. if(!$rsahostkey[1]) {
  350. logmsg 'Failed parsing base64 encoded RSA host key';
  351. exit 1;
  352. }
  353. open(PUBMD5FILE, ">$hstpubmd5f");
  354. print PUBMD5FILE md5_hex(decode_base64($rsahostkey[1]));
  355. close(PUBMD5FILE);
  356. if((! -e $hstpubmd5f) || (! -s $hstpubmd5f)) {
  357. logmsg 'Failed writing md5 hash of RSA host key';
  358. exit 1;
  359. }
  360. open(PUBSHA256FILE, ">$hstpubsha256f");
  361. print PUBSHA256FILE sha256_base64(decode_base64($rsahostkey[1]));
  362. close(PUBSHA256FILE);
  363. if((! -e $hstpubsha256f) || (! -s $hstpubsha256f)) {
  364. logmsg 'Failed writing sha256 hash of RSA host key';
  365. exit 1;
  366. }
  367. }
  368. #***************************************************************************
  369. # Convert paths for curl's tests running on Windows with Cygwin/Msys OpenSSH
  370. #
  371. my $clipubkeyf_config = abs_path("$path/$clipubkeyf");
  372. my $hstprvkeyf_config = abs_path("$path/$hstprvkeyf");
  373. my $pidfile_config = $pidfile;
  374. my $sftpsrv_config = $sftpsrv;
  375. if (pathhelp::os_is_win()) {
  376. # Ensure to use MinGW/Cygwin paths
  377. $clipubkeyf_config = pathhelp::build_sys_abs_path($clipubkeyf_config);
  378. $hstprvkeyf_config = pathhelp::build_sys_abs_path($hstprvkeyf_config);
  379. $pidfile_config = pathhelp::build_sys_abs_path($pidfile_config);
  380. $sftpsrv_config = "internal-sftp";
  381. }
  382. if ($sshdid =~ /OpenSSH-Windows/) {
  383. # Ensure to use native Windows paths with OpenSSH for Windows
  384. $clipubkeyf_config = pathhelp::sys_native_abs_path($clipubkeyf);
  385. $hstprvkeyf_config = pathhelp::sys_native_abs_path($hstprvkeyf);
  386. $pidfile_config = pathhelp::sys_native_abs_path($pidfile);
  387. $sftpsrv_config = pathhelp::sys_native_abs_path($sftpsrv);
  388. $sshdconfig = pathhelp::sys_native_abs_path($sshdconfig);
  389. $sshconfig = pathhelp::sys_native_abs_path($sshconfig);
  390. $sftpconfig = pathhelp::sys_native_abs_path($sftpconfig);
  391. }
  392. #***************************************************************************
  393. # ssh daemon configuration file options we might use and version support
  394. #
  395. # AFSTokenPassing : OpenSSH 1.2.1 and later [1]
  396. # AddressFamily : OpenSSH 4.0.0 and later
  397. # AllowTcpForwarding : OpenSSH 2.3.0 and later
  398. # AllowUsers : OpenSSH 1.2.1 and later
  399. # AuthorizedKeysFile : OpenSSH 2.9.9 and later
  400. # AuthorizedKeysFile2 : OpenSSH 2.9.9 and later
  401. # Banner : OpenSSH 2.5.0 and later
  402. # ChallengeResponseAuthentication : OpenSSH 2.5.0 and later
  403. # Ciphers : OpenSSH 2.1.0 and later [3]
  404. # ClientAliveCountMax : OpenSSH 2.9.0 and later
  405. # ClientAliveInterval : OpenSSH 2.9.0 and later
  406. # Compression : OpenSSH 3.3.0 and later
  407. # DenyUsers : OpenSSH 1.2.1 and later
  408. # ForceCommand : OpenSSH 4.4.0 and later [3]
  409. # GatewayPorts : OpenSSH 2.1.0 and later
  410. # GSSAPIAuthentication : OpenSSH 3.7.0 and later [1]
  411. # GSSAPICleanupCredentials : OpenSSH 3.8.0 and later [1]
  412. # GSSAPIKeyExchange : SunSSH 1.0.0 and later [1]
  413. # GSSAPIStoreDelegatedCredentials : SunSSH 1.0.0 and later [1]
  414. # GSSCleanupCreds : SunSSH 1.0.0 and later [1]
  415. # GSSUseSessionCredCache : SunSSH 1.0.0 and later [1]
  416. # HostbasedAuthentication : OpenSSH 2.9.0 and later
  417. # HostbasedUsesNameFromPacketOnly : OpenSSH 2.9.0 and later
  418. # HostKey : OpenSSH 1.2.1 and later
  419. # IgnoreRhosts : OpenSSH 1.2.1 and later
  420. # IgnoreUserKnownHosts : OpenSSH 1.2.1 and later
  421. # KbdInteractiveAuthentication : OpenSSH 2.3.0 and later
  422. # KeepAlive : OpenSSH 1.2.1 and later
  423. # KerberosAuthentication : OpenSSH 1.2.1 and later [1]
  424. # KerberosGetAFSToken : OpenSSH 3.8.0 and later [1]
  425. # KerberosOrLocalPasswd : OpenSSH 1.2.1 and later [1]
  426. # KerberosTgtPassing : OpenSSH 1.2.1 and later [1]
  427. # KerberosTicketCleanup : OpenSSH 1.2.1 and later [1]
  428. # KeyRegenerationInterval : OpenSSH 1.2.1 and later
  429. # ListenAddress : OpenSSH 1.2.1 and later
  430. # LoginGraceTime : OpenSSH 1.2.1 and later
  431. # LogLevel : OpenSSH 1.2.1 and later
  432. # LookupClientHostnames : SunSSH 1.0.0 and later
  433. # MACs : OpenSSH 2.5.0 and later [3]
  434. # Match : OpenSSH 4.4.0 and later [3]
  435. # MaxAuthTries : OpenSSH 3.9.0 and later
  436. # MaxStartups : OpenSSH 2.2.0 and later
  437. # PAMAuthenticationViaKbdInt : OpenSSH 2.9.0 and later [2]
  438. # PasswordAuthentication : OpenSSH 1.2.1 and later
  439. # PermitEmptyPasswords : OpenSSH 1.2.1 and later
  440. # PermitOpen : OpenSSH 4.4.0 and later [3]
  441. # PermitRootLogin : OpenSSH 1.2.1 and later
  442. # PermitTunnel : OpenSSH 4.3.0 and later
  443. # PermitUserEnvironment : OpenSSH 3.5.0 and later
  444. # PidFile : OpenSSH 2.1.0 and later
  445. # Port : OpenSSH 1.2.1 and later
  446. # PrintLastLog : OpenSSH 2.9.0 and later
  447. # PrintMotd : OpenSSH 1.2.1 and later
  448. # Protocol : OpenSSH 2.1.0 and later
  449. # PubkeyAuthentication : OpenSSH 2.5.0 and later
  450. # RhostsAuthentication : OpenSSH 1.2.1 and later
  451. # RhostsRSAAuthentication : OpenSSH 1.2.1 and later
  452. # RSAAuthentication : OpenSSH 1.2.1 and later
  453. # ServerKeyBits : OpenSSH 1.2.1 and later
  454. # SkeyAuthentication : OpenSSH 1.2.1 and later [1]
  455. # StrictModes : OpenSSH 1.2.1 and later
  456. # Subsystem : OpenSSH 2.2.0 and later
  457. # SyslogFacility : OpenSSH 1.2.1 and later
  458. # TCPKeepAlive : OpenSSH 3.8.0 and later
  459. # UseDNS : OpenSSH 3.7.0 and later
  460. # UseLogin : OpenSSH 1.2.1 and later
  461. # UsePAM : OpenSSH 3.7.0 and later [1][2]
  462. # UsePrivilegeSeparation : OpenSSH 3.2.2 and later
  463. # VerifyReverseMapping : OpenSSH 3.1.0 and later
  464. # X11DisplayOffset : OpenSSH 1.2.1 and later [3]
  465. # X11Forwarding : OpenSSH 1.2.1 and later
  466. # X11UseLocalhost : OpenSSH 3.1.0 and later
  467. # XAuthLocation : OpenSSH 2.1.1 and later [3]
  468. #
  469. # [1] Option only available if activated at compile time
  470. # [2] Option specific for portable versions
  471. # [3] Option not used in our ssh server config file
  472. #***************************************************************************
  473. # Initialize sshd config with options actually supported in OpenSSH 2.9.9
  474. #
  475. logmsg 'generating ssh server config file...' if($verbose);
  476. @cfgarr = ();
  477. push @cfgarr, '# This is a generated file. Do not edit.';
  478. push @cfgarr, "# $sshdverstr sshd configuration file for curl testing";
  479. push @cfgarr, '#';
  480. # AllowUsers and DenyUsers options should use lowercase on Windows
  481. # and do not support quotes around values for some unknown reason.
  482. if ($sshdid =~ /OpenSSH-Windows/) {
  483. my $username_lc = lc $username;
  484. if (exists $ENV{USERDOMAIN}) {
  485. my $userdomain_lc = lc $ENV{USERDOMAIN};
  486. $username_lc = "$userdomain_lc\\$username_lc";
  487. }
  488. $username_lc =~ s/ /\?/g; # replace space with ?
  489. push @cfgarr, "DenyUsers !$username_lc";
  490. push @cfgarr, "AllowUsers $username_lc";
  491. } else {
  492. push @cfgarr, "DenyUsers !$username";
  493. push @cfgarr, "AllowUsers $username";
  494. }
  495. push @cfgarr, "AuthorizedKeysFile $clipubkeyf_config";
  496. push @cfgarr, "AuthorizedKeysFile2 $clipubkeyf_config";
  497. push @cfgarr, "HostKey $hstprvkeyf_config";
  498. if ($sshdid !~ /OpenSSH-Windows/) {
  499. push @cfgarr, "PidFile $pidfile_config";
  500. }
  501. push @cfgarr, '#';
  502. push @cfgarr, "Port $port";
  503. push @cfgarr, "ListenAddress $listenaddr";
  504. push @cfgarr, 'Protocol 2';
  505. push @cfgarr, '#';
  506. push @cfgarr, 'AllowTcpForwarding yes';
  507. push @cfgarr, 'Banner none';
  508. push @cfgarr, 'ChallengeResponseAuthentication no';
  509. push @cfgarr, 'ClientAliveCountMax 3';
  510. push @cfgarr, 'ClientAliveInterval 0';
  511. push @cfgarr, 'GatewayPorts no';
  512. push @cfgarr, 'HostbasedAuthentication no';
  513. push @cfgarr, 'HostbasedUsesNameFromPacketOnly no';
  514. push @cfgarr, 'IgnoreRhosts yes';
  515. push @cfgarr, 'IgnoreUserKnownHosts yes';
  516. push @cfgarr, 'KeyRegenerationInterval 0';
  517. push @cfgarr, 'LoginGraceTime 30';
  518. push @cfgarr, "LogLevel $loglevel";
  519. push @cfgarr, 'MaxStartups 5';
  520. push @cfgarr, 'PasswordAuthentication no';
  521. push @cfgarr, 'PermitEmptyPasswords no';
  522. push @cfgarr, 'PermitRootLogin no';
  523. push @cfgarr, 'PrintLastLog no';
  524. push @cfgarr, 'PrintMotd no';
  525. push @cfgarr, 'PubkeyAuthentication yes';
  526. push @cfgarr, 'RhostsRSAAuthentication no';
  527. push @cfgarr, 'RSAAuthentication no';
  528. push @cfgarr, 'ServerKeyBits 768';
  529. push @cfgarr, 'StrictModes no';
  530. push @cfgarr, "Subsystem sftp \"$sftpsrv_config\"";
  531. push @cfgarr, 'SyslogFacility AUTH';
  532. push @cfgarr, 'UseLogin no';
  533. push @cfgarr, 'X11Forwarding no';
  534. push @cfgarr, '#';
  535. #***************************************************************************
  536. # Write out initial sshd configuration file for curl's tests
  537. #
  538. $error = dump_array($sshdconfig, @cfgarr);
  539. if($error) {
  540. logmsg $error;
  541. exit 1;
  542. }
  543. #***************************************************************************
  544. # Verifies at run time if sshd supports a given configuration file option
  545. #
  546. sub sshd_supports_opt {
  547. my ($option, $value) = @_;
  548. my $err;
  549. #
  550. if((($sshdid =~ /OpenSSH/) && ($sshdvernum >= 310)) ||
  551. ($sshdid =~ /SunSSH/)) {
  552. # ssh daemon supports command line options -t -f and -o
  553. $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/,
  554. qx("$sshd" -t -f $sshdconfig -o "$option=$value" 2>&1);
  555. return !$err;
  556. }
  557. if(($sshdid =~ /OpenSSH/) && ($sshdvernum >= 299)) {
  558. # ssh daemon supports command line options -t and -f
  559. $err = dump_array($sshdconfig, (@cfgarr, "$option $value"));
  560. if($err) {
  561. logmsg $err;
  562. return 0;
  563. }
  564. $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/,
  565. qx("$sshd" -t -f $sshdconfig 2>&1);
  566. unlink $sshdconfig;
  567. return !$err;
  568. }
  569. return 0;
  570. }
  571. #***************************************************************************
  572. # Kerberos Authentication support may have not been built into sshd
  573. #
  574. if(sshd_supports_opt('KerberosAuthentication','no')) {
  575. push @cfgarr, 'KerberosAuthentication no';
  576. }
  577. if(sshd_supports_opt('KerberosGetAFSToken','no')) {
  578. push @cfgarr, 'KerberosGetAFSToken no';
  579. }
  580. if(sshd_supports_opt('KerberosOrLocalPasswd','no')) {
  581. push @cfgarr, 'KerberosOrLocalPasswd no';
  582. }
  583. if(sshd_supports_opt('KerberosTgtPassing','no')) {
  584. push @cfgarr, 'KerberosTgtPassing no';
  585. }
  586. if(sshd_supports_opt('KerberosTicketCleanup','yes')) {
  587. push @cfgarr, 'KerberosTicketCleanup yes';
  588. }
  589. #***************************************************************************
  590. # Andrew File System support may have not been built into sshd
  591. #
  592. if(sshd_supports_opt('AFSTokenPassing','no')) {
  593. push @cfgarr, 'AFSTokenPassing no';
  594. }
  595. #***************************************************************************
  596. # S/Key authentication support may have not been built into sshd
  597. #
  598. if(sshd_supports_opt('SkeyAuthentication','no')) {
  599. push @cfgarr, 'SkeyAuthentication no';
  600. }
  601. #***************************************************************************
  602. # GSSAPI Authentication support may have not been built into sshd
  603. #
  604. my $sshd_builtwith_GSSAPI;
  605. if(sshd_supports_opt('GSSAPIAuthentication','no')) {
  606. push @cfgarr, 'GSSAPIAuthentication no';
  607. $sshd_builtwith_GSSAPI = 1;
  608. }
  609. if(sshd_supports_opt('GSSAPICleanupCredentials','yes')) {
  610. push @cfgarr, 'GSSAPICleanupCredentials yes';
  611. }
  612. if(sshd_supports_opt('GSSAPIKeyExchange','no')) {
  613. push @cfgarr, 'GSSAPIKeyExchange no';
  614. }
  615. if(sshd_supports_opt('GSSAPIStoreDelegatedCredentials','no')) {
  616. push @cfgarr, 'GSSAPIStoreDelegatedCredentials no';
  617. }
  618. if(sshd_supports_opt('GSSCleanupCreds','yes')) {
  619. push @cfgarr, 'GSSCleanupCreds yes';
  620. }
  621. if(sshd_supports_opt('GSSUseSessionCredCache','no')) {
  622. push @cfgarr, 'GSSUseSessionCredCache no';
  623. }
  624. push @cfgarr, '#';
  625. #***************************************************************************
  626. # Options that might be supported or not in sshd OpenSSH 2.9.9 and later
  627. #
  628. if(sshd_supports_opt('AddressFamily','any')) {
  629. # Address family must be specified before ListenAddress
  630. splice @cfgarr, 14, 0, 'AddressFamily any';
  631. }
  632. if(sshd_supports_opt('Compression','no')) {
  633. push @cfgarr, 'Compression no';
  634. }
  635. if(sshd_supports_opt('KbdInteractiveAuthentication','no')) {
  636. push @cfgarr, 'KbdInteractiveAuthentication no';
  637. }
  638. if(sshd_supports_opt('KeepAlive','no')) {
  639. push @cfgarr, 'KeepAlive no';
  640. }
  641. if(sshd_supports_opt('LookupClientHostnames','no')) {
  642. push @cfgarr, 'LookupClientHostnames no';
  643. }
  644. if(sshd_supports_opt('MaxAuthTries','10')) {
  645. push @cfgarr, 'MaxAuthTries 10';
  646. }
  647. if(sshd_supports_opt('PAMAuthenticationViaKbdInt','no')) {
  648. push @cfgarr, 'PAMAuthenticationViaKbdInt no';
  649. }
  650. if(sshd_supports_opt('PermitTunnel','no')) {
  651. push @cfgarr, 'PermitTunnel no';
  652. }
  653. if(sshd_supports_opt('PermitUserEnvironment','no')) {
  654. push @cfgarr, 'PermitUserEnvironment no';
  655. }
  656. if(sshd_supports_opt('RhostsAuthentication','no')) {
  657. push @cfgarr, 'RhostsAuthentication no';
  658. }
  659. if(sshd_supports_opt('TCPKeepAlive','no')) {
  660. push @cfgarr, 'TCPKeepAlive no';
  661. }
  662. if(sshd_supports_opt('UseDNS','no')) {
  663. push @cfgarr, 'UseDNS no';
  664. }
  665. if(sshd_supports_opt('UsePAM','no')) {
  666. push @cfgarr, 'UsePAM no';
  667. }
  668. if($sshdid =~ /OpenSSH/) {
  669. # http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6492415
  670. if(sshd_supports_opt('UsePrivilegeSeparation','no')) {
  671. push @cfgarr, 'UsePrivilegeSeparation no';
  672. }
  673. }
  674. if(sshd_supports_opt('VerifyReverseMapping','no')) {
  675. push @cfgarr, 'VerifyReverseMapping no';
  676. }
  677. if(sshd_supports_opt('X11UseLocalhost','yes')) {
  678. push @cfgarr, 'X11UseLocalhost yes';
  679. }
  680. push @cfgarr, '#';
  681. #***************************************************************************
  682. # Write out resulting sshd configuration file for curl's tests
  683. #
  684. $error = dump_array($sshdconfig, @cfgarr);
  685. if($error) {
  686. logmsg $error;
  687. exit 1;
  688. }
  689. #***************************************************************************
  690. # Verify that sshd actually supports our generated configuration file
  691. #
  692. if(system "\"$sshd\" -t -f $sshdconfig > $sshdlog 2>&1") {
  693. logmsg "sshd configuration file $sshdconfig failed verification";
  694. display_sshdlog();
  695. display_sshdconfig();
  696. exit 1;
  697. }
  698. #***************************************************************************
  699. # Generate ssh client host key database file for curl's tests
  700. #
  701. if((! -e $knownhosts) || (! -s $knownhosts)) {
  702. logmsg 'generating ssh client known hosts file...' if($verbose);
  703. unlink($knownhosts);
  704. if(open(RSAKEYFILE, "<$hstpubkeyf")) {
  705. my @rsahostkey = do { local $/ = ' '; <RSAKEYFILE> };
  706. if(close(RSAKEYFILE)) {
  707. if(open(KNOWNHOSTS, ">$knownhosts")) {
  708. print KNOWNHOSTS "$listenaddr ssh-rsa $rsahostkey[1]\n";
  709. if(!close(KNOWNHOSTS)) {
  710. $error = "Error: cannot close file $knownhosts";
  711. }
  712. }
  713. else {
  714. $error = "Error: cannot write file $knownhosts";
  715. }
  716. }
  717. else {
  718. $error = "Error: cannot close file $hstpubkeyf";
  719. }
  720. }
  721. else {
  722. $error = "Error: cannot read file $hstpubkeyf";
  723. }
  724. if($error) {
  725. logmsg $error;
  726. exit 1;
  727. }
  728. }
  729. #***************************************************************************
  730. # Convert paths for curl's tests running on Windows using Cygwin OpenSSH
  731. #
  732. my $identity_config = abs_path("$path/$identity");
  733. my $knownhosts_config = abs_path("$path/$knownhosts");
  734. if (pathhelp::os_is_win()) {
  735. # Ensure to use MinGW/Cygwin paths
  736. $identity_config = pathhelp::build_sys_abs_path($identity_config);
  737. $knownhosts_config = pathhelp::build_sys_abs_path($knownhosts_config);
  738. }
  739. if ($sshdid =~ /OpenSSH-Windows/) {
  740. # Ensure to use native Windows paths with OpenSSH for Windows
  741. $identity_config = pathhelp::sys_native_abs_path($identity);
  742. $knownhosts_config = pathhelp::sys_native_abs_path($knownhosts);
  743. }
  744. #***************************************************************************
  745. # ssh client configuration file options we might use and version support
  746. #
  747. # AddressFamily : OpenSSH 3.7.0 and later
  748. # BatchMode : OpenSSH 1.2.1 and later
  749. # BindAddress : OpenSSH 2.9.9 and later
  750. # ChallengeResponseAuthentication : OpenSSH 2.5.0 and later
  751. # CheckHostIP : OpenSSH 1.2.1 and later
  752. # Cipher : OpenSSH 1.2.1 and later [3]
  753. # Ciphers : OpenSSH 2.1.0 and later [3]
  754. # ClearAllForwardings : OpenSSH 2.9.9 and later
  755. # Compression : OpenSSH 1.2.1 and later
  756. # CompressionLevel : OpenSSH 1.2.1 and later [3]
  757. # ConnectionAttempts : OpenSSH 1.2.1 and later
  758. # ConnectTimeout : OpenSSH 3.7.0 and later
  759. # ControlMaster : OpenSSH 3.9.0 and later
  760. # ControlPath : OpenSSH 3.9.0 and later
  761. # DisableBanner : SunSSH 1.2.0 and later
  762. # DynamicForward : OpenSSH 2.9.0 and later
  763. # EnableSSHKeysign : OpenSSH 3.6.0 and later
  764. # EscapeChar : OpenSSH 1.2.1 and later [3]
  765. # ExitOnForwardFailure : OpenSSH 4.4.0 and later
  766. # ForwardAgent : OpenSSH 1.2.1 and later
  767. # ForwardX11 : OpenSSH 1.2.1 and later
  768. # ForwardX11Trusted : OpenSSH 3.8.0 and later
  769. # GatewayPorts : OpenSSH 1.2.1 and later
  770. # GlobalKnownHostsFile : OpenSSH 1.2.1 and later
  771. # GSSAPIAuthentication : OpenSSH 3.7.0 and later [1]
  772. # GSSAPIDelegateCredentials : OpenSSH 3.7.0 and later [1]
  773. # HashKnownHosts : OpenSSH 4.0.0 and later
  774. # Host : OpenSSH 1.2.1 and later
  775. # HostbasedAuthentication : OpenSSH 2.9.0 and later
  776. # HostKeyAlgorithms : OpenSSH 2.9.0 and later [3]
  777. # HostKeyAlias : OpenSSH 2.5.0 and later [3]
  778. # HostName : OpenSSH 1.2.1 and later
  779. # IdentitiesOnly : OpenSSH 3.9.0 and later
  780. # IdentityFile : OpenSSH 1.2.1 and later
  781. # IgnoreIfUnknown : SunSSH 1.2.0 and later
  782. # KeepAlive : OpenSSH 1.2.1 and later
  783. # KbdInteractiveAuthentication : OpenSSH 2.3.0 and later
  784. # KbdInteractiveDevices : OpenSSH 2.3.0 and later [3]
  785. # LocalCommand : OpenSSH 4.3.0 and later [3]
  786. # LocalForward : OpenSSH 1.2.1 and later [3]
  787. # LogLevel : OpenSSH 1.2.1 and later
  788. # MACs : OpenSSH 2.5.0 and later [3]
  789. # NoHostAuthenticationForLocalhost : OpenSSH 3.0.0 and later
  790. # NumberOfPasswordPrompts : OpenSSH 1.2.1 and later
  791. # PasswordAuthentication : OpenSSH 1.2.1 and later
  792. # PermitLocalCommand : OpenSSH 4.3.0 and later
  793. # Port : OpenSSH 1.2.1 and later
  794. # PreferredAuthentications : OpenSSH 2.5.2 and later
  795. # Protocol : OpenSSH 2.1.0 and later
  796. # ProxyCommand : OpenSSH 1.2.1 and later [3]
  797. # PubkeyAuthentication : OpenSSH 2.5.0 and later
  798. # RekeyLimit : OpenSSH 3.7.0 and later
  799. # RemoteForward : OpenSSH 1.2.1 and later [3]
  800. # RhostsRSAAuthentication : OpenSSH 1.2.1 and later
  801. # RSAAuthentication : OpenSSH 1.2.1 and later
  802. # ServerAliveCountMax : OpenSSH 3.8.0 and later
  803. # ServerAliveInterval : OpenSSH 3.8.0 and later
  804. # SmartcardDevice : OpenSSH 2.9.9 and later [1][3]
  805. # StrictHostKeyChecking : OpenSSH 1.2.1 and later
  806. # TCPKeepAlive : OpenSSH 3.8.0 and later
  807. # Tunnel : OpenSSH 4.3.0 and later
  808. # TunnelDevice : OpenSSH 4.3.0 and later [3]
  809. # UsePAM : OpenSSH 3.7.0 and later [1][2][3]
  810. # UsePrivilegedPort : OpenSSH 1.2.1 and later
  811. # User : OpenSSH 1.2.1 and later
  812. # UserKnownHostsFile : OpenSSH 1.2.1 and later
  813. # VerifyHostKeyDNS : OpenSSH 3.8.0 and later
  814. # XAuthLocation : OpenSSH 2.1.1 and later [3]
  815. #
  816. # [1] Option only available if activated at compile time
  817. # [2] Option specific for portable versions
  818. # [3] Option not used in our ssh client config file
  819. #***************************************************************************
  820. # Initialize ssh config with options actually supported in OpenSSH 2.9.9
  821. #
  822. logmsg 'generating ssh client config file...' if($verbose);
  823. @cfgarr = ();
  824. push @cfgarr, '# This is a generated file. Do not edit.';
  825. push @cfgarr, "# $sshverstr ssh client configuration file for curl testing";
  826. push @cfgarr, '#';
  827. push @cfgarr, 'Host *';
  828. push @cfgarr, '#';
  829. push @cfgarr, "Port $port";
  830. push @cfgarr, "HostName $listenaddr";
  831. push @cfgarr, "User $username";
  832. push @cfgarr, 'Protocol 2';
  833. push @cfgarr, '#';
  834. # BindAddress option is not supported by OpenSSH for Windows
  835. if (!($sshdid =~ /OpenSSH-Windows/)) {
  836. push @cfgarr, "BindAddress $listenaddr";
  837. }
  838. push @cfgarr, '#';
  839. push @cfgarr, "IdentityFile $identity_config";
  840. push @cfgarr, "UserKnownHostsFile $knownhosts_config";
  841. push @cfgarr, '#';
  842. push @cfgarr, 'BatchMode yes';
  843. push @cfgarr, 'ChallengeResponseAuthentication no';
  844. push @cfgarr, 'CheckHostIP no';
  845. push @cfgarr, 'ClearAllForwardings no';
  846. push @cfgarr, 'Compression no';
  847. push @cfgarr, 'ConnectionAttempts 3';
  848. push @cfgarr, 'ForwardAgent no';
  849. push @cfgarr, 'ForwardX11 no';
  850. push @cfgarr, 'GatewayPorts no';
  851. push @cfgarr, 'GlobalKnownHostsFile /dev/null';
  852. push @cfgarr, 'HostbasedAuthentication no';
  853. push @cfgarr, 'KbdInteractiveAuthentication no';
  854. push @cfgarr, "LogLevel $loglevel";
  855. push @cfgarr, 'NumberOfPasswordPrompts 0';
  856. push @cfgarr, 'PasswordAuthentication no';
  857. push @cfgarr, 'PreferredAuthentications publickey';
  858. push @cfgarr, 'PubkeyAuthentication yes';
  859. # RSA authentication options are not supported by OpenSSH for Windows
  860. if (!($sshdid =~ /OpenSSH-Windows/)) {
  861. push @cfgarr, 'RhostsRSAAuthentication no';
  862. push @cfgarr, 'RSAAuthentication no';
  863. }
  864. # Disabled StrictHostKeyChecking since it makes the tests fail on my
  865. # OpenSSH_6.0p1 on Debian Linux / Daniel
  866. push @cfgarr, 'StrictHostKeyChecking no';
  867. push @cfgarr, 'UsePrivilegedPort no';
  868. push @cfgarr, '#';
  869. #***************************************************************************
  870. # Options supported in ssh client newer than OpenSSH 2.9.9
  871. #
  872. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) {
  873. push @cfgarr, 'AddressFamily any';
  874. }
  875. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) ||
  876. (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
  877. push @cfgarr, 'ConnectTimeout 30';
  878. }
  879. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
  880. push @cfgarr, 'ControlMaster no';
  881. }
  882. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 420)) {
  883. push @cfgarr, 'ControlPath none';
  884. }
  885. if(($sshid =~ /SunSSH/) && ($sshvernum >= 120)) {
  886. push @cfgarr, 'DisableBanner yes';
  887. }
  888. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 360)) {
  889. push @cfgarr, 'EnableSSHKeysign no';
  890. }
  891. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 440)) {
  892. push @cfgarr, 'ExitOnForwardFailure yes';
  893. }
  894. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) ||
  895. (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
  896. push @cfgarr, 'ForwardX11Trusted no';
  897. }
  898. if(($sshd_builtwith_GSSAPI) && ($sshdid eq $sshid) &&
  899. ($sshdvernum == $sshvernum)) {
  900. push @cfgarr, 'GSSAPIAuthentication no';
  901. push @cfgarr, 'GSSAPIDelegateCredentials no';
  902. if($sshid =~ /SunSSH/) {
  903. push @cfgarr, 'GSSAPIKeyExchange no';
  904. }
  905. }
  906. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 400)) ||
  907. (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
  908. push @cfgarr, 'HashKnownHosts no';
  909. }
  910. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
  911. push @cfgarr, 'IdentitiesOnly yes';
  912. }
  913. if(($sshid =~ /SunSSH/) && ($sshvernum >= 120)) {
  914. push @cfgarr, 'IgnoreIfUnknown no';
  915. }
  916. if((($sshid =~ /OpenSSH/) && ($sshvernum < 380)) ||
  917. ($sshid =~ /SunSSH/)) {
  918. push @cfgarr, 'KeepAlive no';
  919. }
  920. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 300)) ||
  921. ($sshid =~ /SunSSH/)) {
  922. push @cfgarr, 'NoHostAuthenticationForLocalhost no';
  923. }
  924. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) {
  925. push @cfgarr, 'PermitLocalCommand no';
  926. }
  927. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) ||
  928. (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
  929. push @cfgarr, 'RekeyLimit 1G';
  930. }
  931. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) ||
  932. (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
  933. push @cfgarr, 'ServerAliveCountMax 3';
  934. push @cfgarr, 'ServerAliveInterval 0';
  935. }
  936. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) {
  937. push @cfgarr, 'TCPKeepAlive no';
  938. }
  939. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) {
  940. push @cfgarr, 'Tunnel no';
  941. }
  942. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) {
  943. push @cfgarr, 'VerifyHostKeyDNS no';
  944. }
  945. push @cfgarr, '#';
  946. #***************************************************************************
  947. # Write out resulting ssh client configuration file for curl's tests
  948. #
  949. $error = dump_array($sshconfig, @cfgarr);
  950. if($error) {
  951. logmsg $error;
  952. exit 1;
  953. }
  954. #***************************************************************************
  955. # Initialize client sftp config with options actually supported.
  956. #
  957. logmsg 'generating sftp client config file...' if($verbose);
  958. splice @cfgarr, 1, 1, "# $sshverstr sftp client configuration file for curl testing";
  959. #
  960. for(my $i = scalar(@cfgarr) - 1; $i > 0; $i--) {
  961. if($cfgarr[$i] =~ /^DynamicForward/) {
  962. splice @cfgarr, $i, 1;
  963. next;
  964. }
  965. if($cfgarr[$i] =~ /^ClearAllForwardings/) {
  966. splice @cfgarr, $i, 1, "ClearAllForwardings yes";
  967. next;
  968. }
  969. }
  970. #***************************************************************************
  971. # Write out resulting sftp client configuration file for curl's tests
  972. #
  973. $error = dump_array($sftpconfig, @cfgarr);
  974. if($error) {
  975. logmsg $error;
  976. exit 1;
  977. }
  978. @cfgarr = ();
  979. #***************************************************************************
  980. # Generate client sftp commands batch file for sftp server verification
  981. #
  982. logmsg 'generating sftp client commands file...' if($verbose);
  983. push @cfgarr, 'pwd';
  984. push @cfgarr, 'quit';
  985. $error = dump_array($sftpcmds, @cfgarr);
  986. if($error) {
  987. logmsg $error;
  988. exit 1;
  989. }
  990. @cfgarr = ();
  991. #***************************************************************************
  992. # Prepare command line of ssh server daemon
  993. #
  994. my $cmd = "\"$sshd\" -e -D -f $sshdconfig > $sshdlog 2>&1";
  995. logmsg "SCP/SFTP server listening on port $port" if($verbose);
  996. logmsg "RUN: $cmd" if($verbose);
  997. #***************************************************************************
  998. # Start the ssh server daemon on Windows without forking it
  999. #
  1000. if ($sshdid =~ /OpenSSH-Windows/) {
  1001. # Fake pidfile for ssh server on Windows.
  1002. if(open(OUT, ">$pidfile")) {
  1003. print OUT $$ . "\n";
  1004. close(OUT);
  1005. }
  1006. # Flush output.
  1007. $| = 1;
  1008. # Put an "exec" in front of the command so that the child process
  1009. # keeps this child's process ID by being tied to the spawned shell.
  1010. exec("exec $cmd") || die "Can't exec() $cmd: $!";
  1011. # exec() will create a new process, but ties the existence of the
  1012. # new process to the parent waiting perl.exe and sh.exe processes.
  1013. # exec() should never return back here to this process. We protect
  1014. # ourselves by calling die() just in case something goes really bad.
  1015. die "error: exec() has returned";
  1016. }
  1017. #***************************************************************************
  1018. # Start the ssh server daemon without forking it
  1019. #
  1020. my $rc = system($cmd);
  1021. if($rc == -1) {
  1022. logmsg "\"$sshd\" failed with: $!";
  1023. }
  1024. elsif($rc & 127) {
  1025. logmsg sprintf("\"$sshd\" died with signal %d, and %s coredump",
  1026. ($rc & 127), ($rc & 128)?'a':'no');
  1027. }
  1028. elsif($verbose && ($rc >> 8)) {
  1029. logmsg sprintf("\"$sshd\" exited with %d", $rc >> 8);
  1030. }
  1031. #***************************************************************************
  1032. # Clean up once the server has stopped
  1033. #
  1034. unlink($hstprvkeyf, $hstpubkeyf, $hstpubmd5f, $hstpubsha256f,
  1035. $cliprvkeyf, $clipubkeyf, $knownhosts,
  1036. $sshdconfig, $sshconfig, $sftpconfig);
  1037. exit 0;