sshserver.pl 38 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080
  1. #!/usr/bin/env perl
  2. #***************************************************************************
  3. # _ _ ____ _
  4. # Project ___| | | | _ \| |
  5. # / __| | | | |_) | |
  6. # | (__| |_| | _ <| |___
  7. # \___|\___/|_| \_\_____|
  8. #
  9. # Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  10. #
  11. # This software is licensed as described in the file COPYING, which
  12. # you should have received as part of this distribution. The terms
  13. # are also available at https://curl.haxx.se/docs/copyright.html.
  14. #
  15. # You may opt to use, copy, modify, merge, publish, distribute and/or sell
  16. # copies of the Software, and permit persons to whom the Software is
  17. # furnished to do so, under the terms of the COPYING file.
  18. #
  19. # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  20. # KIND, either express or implied.
  21. #
  22. #***************************************************************************
  23. # Starts sshd for use in the SCP, SFTP and SOCKS curl test harness tests.
  24. # Also creates the ssh configuration files needed for these tests.
  25. use strict;
  26. use warnings;
  27. use Cwd;
  28. use Cwd 'abs_path';
  29. #***************************************************************************
  30. # Variables and subs imported from sshhelp module
  31. #
  32. use sshhelp qw(
  33. $sshdexe
  34. $sshexe
  35. $sftpsrvexe
  36. $sftpexe
  37. $sshkeygenexe
  38. $sshdconfig
  39. $sshconfig
  40. $sftpconfig
  41. $knownhosts
  42. $sshdlog
  43. $sshlog
  44. $sftplog
  45. $sftpcmds
  46. $hstprvkeyf
  47. $hstpubkeyf
  48. $cliprvkeyf
  49. $clipubkeyf
  50. display_sshdconfig
  51. display_sshconfig
  52. display_sftpconfig
  53. display_sshdlog
  54. display_sshlog
  55. display_sftplog
  56. dump_array
  57. find_sshd
  58. find_ssh
  59. find_sftpsrv
  60. find_sftp
  61. find_sshkeygen
  62. logmsg
  63. sshversioninfo
  64. );
  65. #***************************************************************************
  66. # Subs imported from serverhelp module
  67. #
  68. use serverhelp qw(
  69. server_pidfilename
  70. server_logfilename
  71. );
  72. use pathhelp;
  73. #***************************************************************************
  74. my $verbose = 0; # set to 1 for debugging
  75. my $debugprotocol = 0; # set to 1 for protocol debugging
  76. my $port = 8999; # our default SCP/SFTP server port
  77. my $socksport = $port + 1; # our default SOCKS4/5 server port
  78. my $listenaddr = '127.0.0.1'; # default address on which to listen
  79. my $ipvnum = 4; # default IP version of listener address
  80. my $idnum = 1; # default ssh daemon instance number
  81. my $proto = 'ssh'; # protocol the ssh daemon speaks
  82. my $path = getcwd(); # current working directory
  83. my $logdir = $path .'/log'; # directory for log files
  84. my $username = $ENV{USER}; # default user
  85. my $pidfile; # ssh daemon pid file
  86. my $identity = 'curl_client_key'; # default identity file
  87. my $error;
  88. my @cfgarr;
  89. #***************************************************************************
  90. # Parse command line options
  91. #
  92. while(@ARGV) {
  93. if($ARGV[0] eq '--verbose') {
  94. $verbose = 1;
  95. }
  96. elsif($ARGV[0] eq '--debugprotocol') {
  97. $verbose = 1;
  98. $debugprotocol = 1;
  99. }
  100. elsif($ARGV[0] eq '--user') {
  101. if($ARGV[1]) {
  102. $username = $ARGV[1];
  103. shift @ARGV;
  104. }
  105. }
  106. elsif($ARGV[0] eq '--id') {
  107. if($ARGV[1]) {
  108. if($ARGV[1] =~ /^(\d+)$/) {
  109. $idnum = $1 if($1 > 0);
  110. shift @ARGV;
  111. }
  112. }
  113. }
  114. elsif($ARGV[0] eq '--ipv4') {
  115. $ipvnum = 4;
  116. $listenaddr = '127.0.0.1' if($listenaddr eq '::1');
  117. }
  118. elsif($ARGV[0] eq '--ipv6') {
  119. $ipvnum = 6;
  120. $listenaddr = '::1' if($listenaddr eq '127.0.0.1');
  121. }
  122. elsif($ARGV[0] eq '--addr') {
  123. if($ARGV[1]) {
  124. my $tmpstr = $ARGV[1];
  125. if($tmpstr =~ /^(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)$/) {
  126. $listenaddr = "$1.$2.$3.$4" if($ipvnum == 4);
  127. shift @ARGV;
  128. }
  129. elsif($ipvnum == 6) {
  130. $listenaddr = $tmpstr;
  131. $listenaddr =~ s/^\[(.*)\]$/$1/;
  132. shift @ARGV;
  133. }
  134. }
  135. }
  136. elsif($ARGV[0] eq '--pidfile') {
  137. if($ARGV[1]) {
  138. $pidfile = "$path/". $ARGV[1];
  139. shift @ARGV;
  140. }
  141. }
  142. elsif($ARGV[0] eq '--sshport') {
  143. if($ARGV[1]) {
  144. if($ARGV[1] =~ /^(\d+)$/) {
  145. $port = $1;
  146. shift @ARGV;
  147. }
  148. }
  149. }
  150. elsif($ARGV[0] eq '--socksport') {
  151. if($ARGV[1]) {
  152. if($ARGV[1] =~ /^(\d+)$/) {
  153. $socksport = $1;
  154. shift @ARGV;
  155. }
  156. }
  157. }
  158. else {
  159. print STDERR "\nWarning: sshserver.pl unknown parameter: $ARGV[0]\n";
  160. }
  161. shift @ARGV;
  162. }
  163. #***************************************************************************
  164. # Default ssh daemon pid file name
  165. #
  166. if(!$pidfile) {
  167. $pidfile = "$path/". server_pidfilename($proto, $ipvnum, $idnum);
  168. }
  169. #***************************************************************************
  170. # ssh, socks and sftp server log file names
  171. #
  172. $sshdlog = server_logfilename($logdir, 'ssh', $ipvnum, $idnum);
  173. $sftplog = server_logfilename($logdir, 'sftp', $ipvnum, $idnum);
  174. $sshlog = server_logfilename($logdir, 'socks', $ipvnum, $idnum);
  175. #***************************************************************************
  176. # Logging level for ssh server and client
  177. #
  178. my $loglevel = $debugprotocol?'DEBUG3':'DEBUG2';
  179. #***************************************************************************
  180. # Validate username
  181. #
  182. if(!$username) {
  183. $error = 'Will not run ssh server without a user name';
  184. }
  185. elsif($username eq 'root') {
  186. $error = 'Will not run ssh server as root to mitigate security risks';
  187. }
  188. if($error) {
  189. logmsg $error;
  190. exit 1;
  191. }
  192. #***************************************************************************
  193. # Find out ssh daemon canonical file name
  194. #
  195. my $sshd = find_sshd();
  196. if(!$sshd) {
  197. logmsg "cannot find $sshdexe";
  198. exit 1;
  199. }
  200. #***************************************************************************
  201. # Find out ssh daemon version info
  202. #
  203. my ($sshdid, $sshdvernum, $sshdverstr, $sshderror) = sshversioninfo($sshd);
  204. if(!$sshdid) {
  205. # Not an OpenSSH or SunSSH ssh daemon
  206. logmsg $sshderror if($verbose);
  207. logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later';
  208. exit 1;
  209. }
  210. logmsg "ssh server found $sshd is $sshdverstr" if($verbose);
  211. #***************************************************************************
  212. # ssh daemon command line options we might use and version support
  213. #
  214. # -e: log stderr : OpenSSH 2.9.0 and later
  215. # -f: sshd config file : OpenSSH 1.2.1 and later
  216. # -D: no daemon forking : OpenSSH 2.5.0 and later
  217. # -o: command-line option : OpenSSH 3.1.0 and later
  218. # -t: test config file : OpenSSH 2.9.9 and later
  219. # -?: sshd version info : OpenSSH 1.2.1 and later
  220. #
  221. # -e: log stderr : SunSSH 1.0.0 and later
  222. # -f: sshd config file : SunSSH 1.0.0 and later
  223. # -D: no daemon forking : SunSSH 1.0.0 and later
  224. # -o: command-line option : SunSSH 1.0.0 and later
  225. # -t: test config file : SunSSH 1.0.0 and later
  226. # -?: sshd version info : SunSSH 1.0.0 and later
  227. #***************************************************************************
  228. # Verify minimum ssh daemon version
  229. #
  230. if((($sshdid =~ /OpenSSH/) && ($sshdvernum < 299)) ||
  231. (($sshdid =~ /SunSSH/) && ($sshdvernum < 100))) {
  232. logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later';
  233. exit 1;
  234. }
  235. #***************************************************************************
  236. # Find out sftp server plugin canonical file name
  237. #
  238. my $sftpsrv = find_sftpsrv();
  239. if(!$sftpsrv) {
  240. logmsg "cannot find $sftpsrvexe";
  241. exit 1;
  242. }
  243. logmsg "sftp server plugin found $sftpsrv" if($verbose);
  244. #***************************************************************************
  245. # Find out sftp client canonical file name
  246. #
  247. my $sftp = find_sftp();
  248. if(!$sftp) {
  249. logmsg "cannot find $sftpexe";
  250. exit 1;
  251. }
  252. logmsg "sftp client found $sftp" if($verbose);
  253. #***************************************************************************
  254. # Find out ssh keygen canonical file name
  255. #
  256. my $sshkeygen = find_sshkeygen();
  257. if(!$sshkeygen) {
  258. logmsg "cannot find $sshkeygenexe";
  259. exit 1;
  260. }
  261. logmsg "ssh keygen found $sshkeygen" if($verbose);
  262. #***************************************************************************
  263. # Find out ssh client canonical file name
  264. #
  265. my $ssh = find_ssh();
  266. if(!$ssh) {
  267. logmsg "cannot find $sshexe";
  268. exit 1;
  269. }
  270. #***************************************************************************
  271. # Find out ssh client version info
  272. #
  273. my ($sshid, $sshvernum, $sshverstr, $ssherror) = sshversioninfo($ssh);
  274. if(!$sshid) {
  275. # Not an OpenSSH or SunSSH ssh client
  276. logmsg $ssherror if($verbose);
  277. logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later';
  278. exit 1;
  279. }
  280. logmsg "ssh client found $ssh is $sshverstr" if($verbose);
  281. #***************************************************************************
  282. # ssh client command line options we might use and version support
  283. #
  284. # -D: dynamic app port forwarding : OpenSSH 2.9.9 and later
  285. # -F: ssh config file : OpenSSH 2.9.9 and later
  286. # -N: no shell/command : OpenSSH 2.1.0 and later
  287. # -p: connection port : OpenSSH 1.2.1 and later
  288. # -v: verbose messages : OpenSSH 1.2.1 and later
  289. # -vv: increase verbosity : OpenSSH 2.3.0 and later
  290. # -V: ssh version info : OpenSSH 1.2.1 and later
  291. #
  292. # -D: dynamic app port forwarding : SunSSH 1.0.0 and later
  293. # -F: ssh config file : SunSSH 1.0.0 and later
  294. # -N: no shell/command : SunSSH 1.0.0 and later
  295. # -p: connection port : SunSSH 1.0.0 and later
  296. # -v: verbose messages : SunSSH 1.0.0 and later
  297. # -vv: increase verbosity : SunSSH 1.0.0 and later
  298. # -V: ssh version info : SunSSH 1.0.0 and later
  299. #***************************************************************************
  300. # Verify minimum ssh client version
  301. #
  302. if((($sshid =~ /OpenSSH/) && ($sshvernum < 299)) ||
  303. (($sshid =~ /SunSSH/) && ($sshvernum < 100))) {
  304. logmsg 'SCP, SFTP and SOCKS tests require OpenSSH 2.9.9 or later';
  305. exit 1;
  306. }
  307. #***************************************************************************
  308. # ssh keygen command line options we actually use and version support
  309. #
  310. # -C: identity comment : OpenSSH 1.2.1 and later
  311. # -f: key filename : OpenSSH 1.2.1 and later
  312. # -N: new passphrase : OpenSSH 1.2.1 and later
  313. # -q: quiet keygen : OpenSSH 1.2.1 and later
  314. # -t: key type : OpenSSH 2.5.0 and later
  315. #
  316. # -C: identity comment : SunSSH 1.0.0 and later
  317. # -f: key filename : SunSSH 1.0.0 and later
  318. # -N: new passphrase : SunSSH 1.0.0 and later
  319. # -q: quiet keygen : SunSSH 1.0.0 and later
  320. # -t: key type : SunSSH 1.0.0 and later
  321. #***************************************************************************
  322. # Generate host and client key files for curl's tests
  323. #
  324. if((! -e $hstprvkeyf) || (! -s $hstprvkeyf) ||
  325. (! -e $hstpubkeyf) || (! -s $hstpubkeyf) ||
  326. (! -e $cliprvkeyf) || (! -s $cliprvkeyf) ||
  327. (! -e $clipubkeyf) || (! -s $clipubkeyf)) {
  328. # Make sure all files are gone so ssh-keygen doesn't complain
  329. unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf);
  330. logmsg 'generating host keys...' if($verbose);
  331. if(system "\"$sshkeygen\" -q -t rsa -f $hstprvkeyf -C 'curl test server' -N ''") {
  332. logmsg 'Could not generate host key';
  333. exit 1;
  334. }
  335. logmsg 'generating client keys...' if($verbose);
  336. if(system "\"$sshkeygen\" -q -t rsa -f $cliprvkeyf -C 'curl test client' -N ''") {
  337. logmsg 'Could not generate client key';
  338. exit 1;
  339. }
  340. }
  341. #***************************************************************************
  342. # Convert paths for curl's tests running on Windows with Cygwin/Msys OpenSSH
  343. #
  344. my $clipubkeyf_config = abs_path("$path/$clipubkeyf");
  345. my $hstprvkeyf_config = abs_path("$path/$hstprvkeyf");
  346. my $pidfile_config = $pidfile;
  347. my $sftpsrv_config = $sftpsrv;
  348. if ($^O eq 'MSWin32' || $^O eq 'cygwin' || $^O eq 'msys') {
  349. # Ensure to use MinGW/Cygwin paths
  350. $clipubkeyf_config = pathhelp::build_sys_abs_path($clipubkeyf_config);
  351. $hstprvkeyf_config = pathhelp::build_sys_abs_path($hstprvkeyf_config);
  352. $pidfile_config = pathhelp::build_sys_abs_path($pidfile_config);
  353. $sftpsrv_config = "internal-sftp";
  354. }
  355. #***************************************************************************
  356. # ssh daemon configuration file options we might use and version support
  357. #
  358. # AFSTokenPassing : OpenSSH 1.2.1 and later [1]
  359. # AcceptEnv : OpenSSH 3.9.0 and later
  360. # AddressFamily : OpenSSH 4.0.0 and later
  361. # AllowGroups : OpenSSH 1.2.1 and later
  362. # AllowTcpForwarding : OpenSSH 2.3.0 and later
  363. # AllowUsers : OpenSSH 1.2.1 and later
  364. # AuthorizedKeysFile : OpenSSH 2.9.9 and later
  365. # AuthorizedKeysFile2 : OpenSSH 2.9.9 and later
  366. # Banner : OpenSSH 2.5.0 and later
  367. # ChallengeResponseAuthentication : OpenSSH 2.5.0 and later
  368. # Ciphers : OpenSSH 2.1.0 and later [3]
  369. # ClientAliveCountMax : OpenSSH 2.9.0 and later
  370. # ClientAliveInterval : OpenSSH 2.9.0 and later
  371. # Compression : OpenSSH 3.3.0 and later
  372. # DenyGroups : OpenSSH 1.2.1 and later
  373. # DenyUsers : OpenSSH 1.2.1 and later
  374. # ForceCommand : OpenSSH 4.4.0 and later [3]
  375. # GatewayPorts : OpenSSH 2.1.0 and later
  376. # GSSAPIAuthentication : OpenSSH 3.7.0 and later [1]
  377. # GSSAPICleanupCredentials : OpenSSH 3.8.0 and later [1]
  378. # GSSAPIKeyExchange : SunSSH 1.0.0 and later [1]
  379. # GSSAPIStoreDelegatedCredentials : SunSSH 1.0.0 and later [1]
  380. # GSSCleanupCreds : SunSSH 1.0.0 and later [1]
  381. # GSSUseSessionCredCache : SunSSH 1.0.0 and later [1]
  382. # HostbasedAuthentication : OpenSSH 2.9.0 and later
  383. # HostbasedUsesNameFromPacketOnly : OpenSSH 2.9.0 and later
  384. # HostKey : OpenSSH 1.2.1 and later
  385. # IgnoreRhosts : OpenSSH 1.2.1 and later
  386. # IgnoreUserKnownHosts : OpenSSH 1.2.1 and later
  387. # KbdInteractiveAuthentication : OpenSSH 2.3.0 and later
  388. # KeepAlive : OpenSSH 1.2.1 and later
  389. # KerberosAuthentication : OpenSSH 1.2.1 and later [1]
  390. # KerberosGetAFSToken : OpenSSH 3.8.0 and later [1]
  391. # KerberosOrLocalPasswd : OpenSSH 1.2.1 and later [1]
  392. # KerberosTgtPassing : OpenSSH 1.2.1 and later [1]
  393. # KerberosTicketCleanup : OpenSSH 1.2.1 and later [1]
  394. # KeyRegenerationInterval : OpenSSH 1.2.1 and later
  395. # ListenAddress : OpenSSH 1.2.1 and later
  396. # LoginGraceTime : OpenSSH 1.2.1 and later
  397. # LogLevel : OpenSSH 1.2.1 and later
  398. # LookupClientHostnames : SunSSH 1.0.0 and later
  399. # MACs : OpenSSH 2.5.0 and later [3]
  400. # Match : OpenSSH 4.4.0 and later [3]
  401. # MaxAuthTries : OpenSSH 3.9.0 and later
  402. # MaxStartups : OpenSSH 2.2.0 and later
  403. # PAMAuthenticationViaKbdInt : OpenSSH 2.9.0 and later [2]
  404. # PasswordAuthentication : OpenSSH 1.2.1 and later
  405. # PermitEmptyPasswords : OpenSSH 1.2.1 and later
  406. # PermitOpen : OpenSSH 4.4.0 and later [3]
  407. # PermitRootLogin : OpenSSH 1.2.1 and later
  408. # PermitTunnel : OpenSSH 4.3.0 and later
  409. # PermitUserEnvironment : OpenSSH 3.5.0 and later
  410. # PidFile : OpenSSH 2.1.0 and later
  411. # Port : OpenSSH 1.2.1 and later
  412. # PrintLastLog : OpenSSH 2.9.0 and later
  413. # PrintMotd : OpenSSH 1.2.1 and later
  414. # Protocol : OpenSSH 2.1.0 and later
  415. # PubkeyAuthentication : OpenSSH 2.5.0 and later
  416. # RhostsAuthentication : OpenSSH 1.2.1 and later
  417. # RhostsRSAAuthentication : OpenSSH 1.2.1 and later
  418. # RSAAuthentication : OpenSSH 1.2.1 and later
  419. # ServerKeyBits : OpenSSH 1.2.1 and later
  420. # SkeyAuthentication : OpenSSH 1.2.1 and later [1]
  421. # StrictModes : OpenSSH 1.2.1 and later
  422. # Subsystem : OpenSSH 2.2.0 and later
  423. # SyslogFacility : OpenSSH 1.2.1 and later
  424. # TCPKeepAlive : OpenSSH 3.8.0 and later
  425. # UseDNS : OpenSSH 3.7.0 and later
  426. # UseLogin : OpenSSH 1.2.1 and later
  427. # UsePAM : OpenSSH 3.7.0 and later [1][2]
  428. # UsePrivilegeSeparation : OpenSSH 3.2.2 and later
  429. # VerifyReverseMapping : OpenSSH 3.1.0 and later
  430. # X11DisplayOffset : OpenSSH 1.2.1 and later [3]
  431. # X11Forwarding : OpenSSH 1.2.1 and later
  432. # X11UseLocalhost : OpenSSH 3.1.0 and later
  433. # XAuthLocation : OpenSSH 2.1.1 and later [3]
  434. #
  435. # [1] Option only available if activated at compile time
  436. # [2] Option specific for portable versions
  437. # [3] Option not used in our ssh server config file
  438. #***************************************************************************
  439. # Initialize sshd config with options actually supported in OpenSSH 2.9.9
  440. #
  441. logmsg 'generating ssh server config file...' if($verbose);
  442. @cfgarr = ();
  443. push @cfgarr, '# This is a generated file. Do not edit.';
  444. push @cfgarr, "# $sshdverstr sshd configuration file for curl testing";
  445. push @cfgarr, '#';
  446. push @cfgarr, "DenyUsers !$username";
  447. push @cfgarr, "AllowUsers $username";
  448. push @cfgarr, 'DenyGroups';
  449. push @cfgarr, 'AllowGroups';
  450. push @cfgarr, '#';
  451. push @cfgarr, "AuthorizedKeysFile $clipubkeyf_config";
  452. push @cfgarr, "AuthorizedKeysFile2 $clipubkeyf_config";
  453. push @cfgarr, "HostKey $hstprvkeyf_config";
  454. push @cfgarr, "PidFile $pidfile_config";
  455. push @cfgarr, '#';
  456. push @cfgarr, "Port $port";
  457. push @cfgarr, "ListenAddress $listenaddr";
  458. push @cfgarr, 'Protocol 2';
  459. push @cfgarr, '#';
  460. push @cfgarr, 'AllowTcpForwarding yes';
  461. push @cfgarr, 'Banner none';
  462. push @cfgarr, 'ChallengeResponseAuthentication no';
  463. push @cfgarr, 'ClientAliveCountMax 3';
  464. push @cfgarr, 'ClientAliveInterval 0';
  465. push @cfgarr, 'GatewayPorts no';
  466. push @cfgarr, 'HostbasedAuthentication no';
  467. push @cfgarr, 'HostbasedUsesNameFromPacketOnly no';
  468. push @cfgarr, 'IgnoreRhosts yes';
  469. push @cfgarr, 'IgnoreUserKnownHosts yes';
  470. push @cfgarr, 'KeyRegenerationInterval 0';
  471. push @cfgarr, 'LoginGraceTime 30';
  472. push @cfgarr, "LogLevel $loglevel";
  473. push @cfgarr, 'MaxStartups 5';
  474. push @cfgarr, 'PasswordAuthentication no';
  475. push @cfgarr, 'PermitEmptyPasswords no';
  476. push @cfgarr, 'PermitRootLogin no';
  477. push @cfgarr, 'PrintLastLog no';
  478. push @cfgarr, 'PrintMotd no';
  479. push @cfgarr, 'PubkeyAuthentication yes';
  480. push @cfgarr, 'RhostsRSAAuthentication no';
  481. push @cfgarr, 'RSAAuthentication no';
  482. push @cfgarr, 'ServerKeyBits 768';
  483. push @cfgarr, 'StrictModes no';
  484. push @cfgarr, "Subsystem sftp \"$sftpsrv_config\"";
  485. push @cfgarr, 'SyslogFacility AUTH';
  486. push @cfgarr, 'UseLogin no';
  487. push @cfgarr, 'X11Forwarding no';
  488. push @cfgarr, '#';
  489. #***************************************************************************
  490. # Write out initial sshd configuration file for curl's tests
  491. #
  492. $error = dump_array($sshdconfig, @cfgarr);
  493. if($error) {
  494. logmsg $error;
  495. exit 1;
  496. }
  497. #***************************************************************************
  498. # Verifies at run time if sshd supports a given configuration file option
  499. #
  500. sub sshd_supports_opt {
  501. my ($option, $value) = @_;
  502. my $err;
  503. #
  504. if((($sshdid =~ /OpenSSH/) && ($sshdvernum >= 310)) ||
  505. ($sshdid =~ /SunSSH/)) {
  506. # ssh daemon supports command line options -t -f and -o
  507. $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/,
  508. qx("$sshd" -t -f $sshdconfig -o "$option=$value" 2>&1);
  509. return !$err;
  510. }
  511. if(($sshdid =~ /OpenSSH/) && ($sshdvernum >= 299)) {
  512. # ssh daemon supports command line options -t and -f
  513. $err = dump_array($sshdconfig, (@cfgarr, "$option $value"));
  514. if($err) {
  515. logmsg $err;
  516. return 0;
  517. }
  518. $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/,
  519. qx("$sshd" -t -f $sshdconfig 2>&1);
  520. unlink $sshdconfig;
  521. return !$err;
  522. }
  523. return 0;
  524. }
  525. #***************************************************************************
  526. # Kerberos Authentication support may have not been built into sshd
  527. #
  528. if(sshd_supports_opt('KerberosAuthentication','no')) {
  529. push @cfgarr, 'KerberosAuthentication no';
  530. }
  531. if(sshd_supports_opt('KerberosGetAFSToken','no')) {
  532. push @cfgarr, 'KerberosGetAFSToken no';
  533. }
  534. if(sshd_supports_opt('KerberosOrLocalPasswd','no')) {
  535. push @cfgarr, 'KerberosOrLocalPasswd no';
  536. }
  537. if(sshd_supports_opt('KerberosTgtPassing','no')) {
  538. push @cfgarr, 'KerberosTgtPassing no';
  539. }
  540. if(sshd_supports_opt('KerberosTicketCleanup','yes')) {
  541. push @cfgarr, 'KerberosTicketCleanup yes';
  542. }
  543. #***************************************************************************
  544. # Andrew File System support may have not been built into sshd
  545. #
  546. if(sshd_supports_opt('AFSTokenPassing','no')) {
  547. push @cfgarr, 'AFSTokenPassing no';
  548. }
  549. #***************************************************************************
  550. # S/Key authentication support may have not been built into sshd
  551. #
  552. if(sshd_supports_opt('SkeyAuthentication','no')) {
  553. push @cfgarr, 'SkeyAuthentication no';
  554. }
  555. #***************************************************************************
  556. # GSSAPI Authentication support may have not been built into sshd
  557. #
  558. my $sshd_builtwith_GSSAPI;
  559. if(sshd_supports_opt('GSSAPIAuthentication','no')) {
  560. push @cfgarr, 'GSSAPIAuthentication no';
  561. $sshd_builtwith_GSSAPI = 1;
  562. }
  563. if(sshd_supports_opt('GSSAPICleanupCredentials','yes')) {
  564. push @cfgarr, 'GSSAPICleanupCredentials yes';
  565. }
  566. if(sshd_supports_opt('GSSAPIKeyExchange','no')) {
  567. push @cfgarr, 'GSSAPIKeyExchange no';
  568. }
  569. if(sshd_supports_opt('GSSAPIStoreDelegatedCredentials','no')) {
  570. push @cfgarr, 'GSSAPIStoreDelegatedCredentials no';
  571. }
  572. if(sshd_supports_opt('GSSCleanupCreds','yes')) {
  573. push @cfgarr, 'GSSCleanupCreds yes';
  574. }
  575. if(sshd_supports_opt('GSSUseSessionCredCache','no')) {
  576. push @cfgarr, 'GSSUseSessionCredCache no';
  577. }
  578. push @cfgarr, '#';
  579. #***************************************************************************
  580. # Options that might be supported or not in sshd OpenSSH 2.9.9 and later
  581. #
  582. if(sshd_supports_opt('AcceptEnv','')) {
  583. push @cfgarr, 'AcceptEnv';
  584. }
  585. if(sshd_supports_opt('AddressFamily','any')) {
  586. # Address family must be specified before ListenAddress
  587. splice @cfgarr, 14, 0, 'AddressFamily any';
  588. }
  589. if(sshd_supports_opt('Compression','no')) {
  590. push @cfgarr, 'Compression no';
  591. }
  592. if(sshd_supports_opt('KbdInteractiveAuthentication','no')) {
  593. push @cfgarr, 'KbdInteractiveAuthentication no';
  594. }
  595. if(sshd_supports_opt('KeepAlive','no')) {
  596. push @cfgarr, 'KeepAlive no';
  597. }
  598. if(sshd_supports_opt('LookupClientHostnames','no')) {
  599. push @cfgarr, 'LookupClientHostnames no';
  600. }
  601. if(sshd_supports_opt('MaxAuthTries','10')) {
  602. push @cfgarr, 'MaxAuthTries 10';
  603. }
  604. if(sshd_supports_opt('PAMAuthenticationViaKbdInt','no')) {
  605. push @cfgarr, 'PAMAuthenticationViaKbdInt no';
  606. }
  607. if(sshd_supports_opt('PermitTunnel','no')) {
  608. push @cfgarr, 'PermitTunnel no';
  609. }
  610. if(sshd_supports_opt('PermitUserEnvironment','no')) {
  611. push @cfgarr, 'PermitUserEnvironment no';
  612. }
  613. if(sshd_supports_opt('RhostsAuthentication','no')) {
  614. push @cfgarr, 'RhostsAuthentication no';
  615. }
  616. if(sshd_supports_opt('TCPKeepAlive','no')) {
  617. push @cfgarr, 'TCPKeepAlive no';
  618. }
  619. if(sshd_supports_opt('UseDNS','no')) {
  620. push @cfgarr, 'UseDNS no';
  621. }
  622. if(sshd_supports_opt('UsePAM','no')) {
  623. push @cfgarr, 'UsePAM no';
  624. }
  625. if($sshdid =~ /OpenSSH/) {
  626. # http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6492415
  627. if(sshd_supports_opt('UsePrivilegeSeparation','no')) {
  628. push @cfgarr, 'UsePrivilegeSeparation no';
  629. }
  630. }
  631. if(sshd_supports_opt('VerifyReverseMapping','no')) {
  632. push @cfgarr, 'VerifyReverseMapping no';
  633. }
  634. if(sshd_supports_opt('X11UseLocalhost','yes')) {
  635. push @cfgarr, 'X11UseLocalhost yes';
  636. }
  637. push @cfgarr, '#';
  638. #***************************************************************************
  639. # Write out resulting sshd configuration file for curl's tests
  640. #
  641. $error = dump_array($sshdconfig, @cfgarr);
  642. if($error) {
  643. logmsg $error;
  644. exit 1;
  645. }
  646. #***************************************************************************
  647. # Verify that sshd actually supports our generated configuration file
  648. #
  649. if(system "\"$sshd\" -t -f $sshdconfig > $sshdlog 2>&1") {
  650. logmsg "sshd configuration file $sshdconfig failed verification";
  651. display_sshdlog();
  652. display_sshdconfig();
  653. exit 1;
  654. }
  655. #***************************************************************************
  656. # Generate ssh client host key database file for curl's tests
  657. #
  658. if((! -e $knownhosts) || (! -s $knownhosts)) {
  659. logmsg 'generating ssh client known hosts file...' if($verbose);
  660. unlink($knownhosts);
  661. if(open(RSAKEYFILE, "<$hstpubkeyf")) {
  662. my @rsahostkey = do { local $/ = ' '; <RSAKEYFILE> };
  663. if(close(RSAKEYFILE)) {
  664. if(open(KNOWNHOSTS, ">$knownhosts")) {
  665. print KNOWNHOSTS "$listenaddr ssh-rsa $rsahostkey[1]\n";
  666. if(!close(KNOWNHOSTS)) {
  667. $error = "Error: cannot close file $knownhosts";
  668. }
  669. }
  670. else {
  671. $error = "Error: cannot write file $knownhosts";
  672. }
  673. }
  674. else {
  675. $error = "Error: cannot close file $hstpubkeyf";
  676. }
  677. }
  678. else {
  679. $error = "Error: cannot read file $hstpubkeyf";
  680. }
  681. if($error) {
  682. logmsg $error;
  683. exit 1;
  684. }
  685. }
  686. #***************************************************************************
  687. # Convert paths for curl's tests running on Windows using Cygwin OpenSSH
  688. #
  689. my $identity_config = abs_path("$path/$identity");
  690. my $knownhosts_config = abs_path("$path/$knownhosts");
  691. if ($^O eq 'MSWin32' || $^O eq 'cygwin' || $^O eq 'msys') {
  692. # Ensure to use MinGW/Cygwin paths
  693. $identity_config = pathhelp::build_sys_abs_path($identity_config);
  694. $knownhosts_config = pathhelp::build_sys_abs_path($knownhosts_config);
  695. }
  696. #***************************************************************************
  697. # ssh client configuration file options we might use and version support
  698. #
  699. # AddressFamily : OpenSSH 3.7.0 and later
  700. # BatchMode : OpenSSH 1.2.1 and later
  701. # BindAddress : OpenSSH 2.9.9 and later
  702. # ChallengeResponseAuthentication : OpenSSH 2.5.0 and later
  703. # CheckHostIP : OpenSSH 1.2.1 and later
  704. # Cipher : OpenSSH 1.2.1 and later [3]
  705. # Ciphers : OpenSSH 2.1.0 and later [3]
  706. # ClearAllForwardings : OpenSSH 2.9.9 and later
  707. # Compression : OpenSSH 1.2.1 and later
  708. # CompressionLevel : OpenSSH 1.2.1 and later [3]
  709. # ConnectionAttempts : OpenSSH 1.2.1 and later
  710. # ConnectTimeout : OpenSSH 3.7.0 and later
  711. # ControlMaster : OpenSSH 3.9.0 and later
  712. # ControlPath : OpenSSH 3.9.0 and later
  713. # DisableBanner : SunSSH 1.2.0 and later
  714. # DynamicForward : OpenSSH 2.9.0 and later
  715. # EnableSSHKeysign : OpenSSH 3.6.0 and later
  716. # EscapeChar : OpenSSH 1.2.1 and later [3]
  717. # ExitOnForwardFailure : OpenSSH 4.4.0 and later
  718. # ForwardAgent : OpenSSH 1.2.1 and later
  719. # ForwardX11 : OpenSSH 1.2.1 and later
  720. # ForwardX11Trusted : OpenSSH 3.8.0 and later
  721. # GatewayPorts : OpenSSH 1.2.1 and later
  722. # GlobalKnownHostsFile : OpenSSH 1.2.1 and later
  723. # GSSAPIAuthentication : OpenSSH 3.7.0 and later [1]
  724. # GSSAPIDelegateCredentials : OpenSSH 3.7.0 and later [1]
  725. # HashKnownHosts : OpenSSH 4.0.0 and later
  726. # Host : OpenSSH 1.2.1 and later
  727. # HostbasedAuthentication : OpenSSH 2.9.0 and later
  728. # HostKeyAlgorithms : OpenSSH 2.9.0 and later [3]
  729. # HostKeyAlias : OpenSSH 2.5.0 and later [3]
  730. # HostName : OpenSSH 1.2.1 and later
  731. # IdentitiesOnly : OpenSSH 3.9.0 and later
  732. # IdentityFile : OpenSSH 1.2.1 and later
  733. # IgnoreIfUnknown : SunSSH 1.2.0 and later
  734. # KeepAlive : OpenSSH 1.2.1 and later
  735. # KbdInteractiveAuthentication : OpenSSH 2.3.0 and later
  736. # KbdInteractiveDevices : OpenSSH 2.3.0 and later [3]
  737. # LocalCommand : OpenSSH 4.3.0 and later [3]
  738. # LocalForward : OpenSSH 1.2.1 and later [3]
  739. # LogLevel : OpenSSH 1.2.1 and later
  740. # MACs : OpenSSH 2.5.0 and later [3]
  741. # NoHostAuthenticationForLocalhost : OpenSSH 3.0.0 and later
  742. # NumberOfPasswordPrompts : OpenSSH 1.2.1 and later
  743. # PasswordAuthentication : OpenSSH 1.2.1 and later
  744. # PermitLocalCommand : OpenSSH 4.3.0 and later
  745. # Port : OpenSSH 1.2.1 and later
  746. # PreferredAuthentications : OpenSSH 2.5.2 and later
  747. # Protocol : OpenSSH 2.1.0 and later
  748. # ProxyCommand : OpenSSH 1.2.1 and later [3]
  749. # PubkeyAuthentication : OpenSSH 2.5.0 and later
  750. # RekeyLimit : OpenSSH 3.7.0 and later
  751. # RemoteForward : OpenSSH 1.2.1 and later [3]
  752. # RhostsRSAAuthentication : OpenSSH 1.2.1 and later
  753. # RSAAuthentication : OpenSSH 1.2.1 and later
  754. # SendEnv : OpenSSH 3.9.0 and later
  755. # ServerAliveCountMax : OpenSSH 3.8.0 and later
  756. # ServerAliveInterval : OpenSSH 3.8.0 and later
  757. # SmartcardDevice : OpenSSH 2.9.9 and later [1][3]
  758. # StrictHostKeyChecking : OpenSSH 1.2.1 and later
  759. # TCPKeepAlive : OpenSSH 3.8.0 and later
  760. # Tunnel : OpenSSH 4.3.0 and later
  761. # TunnelDevice : OpenSSH 4.3.0 and later [3]
  762. # UsePAM : OpenSSH 3.7.0 and later [1][2][3]
  763. # UsePrivilegedPort : OpenSSH 1.2.1 and later
  764. # User : OpenSSH 1.2.1 and later
  765. # UserKnownHostsFile : OpenSSH 1.2.1 and later
  766. # VerifyHostKeyDNS : OpenSSH 3.8.0 and later
  767. # XAuthLocation : OpenSSH 2.1.1 and later [3]
  768. #
  769. # [1] Option only available if activated at compile time
  770. # [2] Option specific for portable versions
  771. # [3] Option not used in our ssh client config file
  772. #***************************************************************************
  773. # Initialize ssh config with options actually supported in OpenSSH 2.9.9
  774. #
  775. logmsg 'generating ssh client config file...' if($verbose);
  776. @cfgarr = ();
  777. push @cfgarr, '# This is a generated file. Do not edit.';
  778. push @cfgarr, "# $sshverstr ssh client configuration file for curl testing";
  779. push @cfgarr, '#';
  780. push @cfgarr, 'Host *';
  781. push @cfgarr, '#';
  782. push @cfgarr, "Port $port";
  783. push @cfgarr, "HostName $listenaddr";
  784. push @cfgarr, "User $username";
  785. push @cfgarr, 'Protocol 2';
  786. push @cfgarr, '#';
  787. push @cfgarr, "BindAddress $listenaddr";
  788. push @cfgarr, "DynamicForward $socksport";
  789. push @cfgarr, '#';
  790. push @cfgarr, "IdentityFile $identity_config";
  791. push @cfgarr, "UserKnownHostsFile $knownhosts_config";
  792. push @cfgarr, '#';
  793. push @cfgarr, 'BatchMode yes';
  794. push @cfgarr, 'ChallengeResponseAuthentication no';
  795. push @cfgarr, 'CheckHostIP no';
  796. push @cfgarr, 'ClearAllForwardings no';
  797. push @cfgarr, 'Compression no';
  798. push @cfgarr, 'ConnectionAttempts 3';
  799. push @cfgarr, 'ForwardAgent no';
  800. push @cfgarr, 'ForwardX11 no';
  801. push @cfgarr, 'GatewayPorts no';
  802. push @cfgarr, 'GlobalKnownHostsFile /dev/null';
  803. push @cfgarr, 'HostbasedAuthentication no';
  804. push @cfgarr, 'KbdInteractiveAuthentication no';
  805. push @cfgarr, "LogLevel $loglevel";
  806. push @cfgarr, 'NumberOfPasswordPrompts 0';
  807. push @cfgarr, 'PasswordAuthentication no';
  808. push @cfgarr, 'PreferredAuthentications publickey';
  809. push @cfgarr, 'PubkeyAuthentication yes';
  810. push @cfgarr, 'RhostsRSAAuthentication no';
  811. push @cfgarr, 'RSAAuthentication no';
  812. # Disabled StrictHostKeyChecking since it makes the tests fail on my
  813. # OpenSSH_6.0p1 on Debian Linux / Daniel
  814. push @cfgarr, 'StrictHostKeyChecking no';
  815. push @cfgarr, 'UsePrivilegedPort no';
  816. push @cfgarr, '#';
  817. #***************************************************************************
  818. # Options supported in ssh client newer than OpenSSH 2.9.9
  819. #
  820. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) {
  821. push @cfgarr, 'AddressFamily any';
  822. }
  823. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) ||
  824. (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
  825. push @cfgarr, 'ConnectTimeout 30';
  826. }
  827. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
  828. push @cfgarr, 'ControlMaster no';
  829. }
  830. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 420)) {
  831. push @cfgarr, 'ControlPath none';
  832. }
  833. if(($sshid =~ /SunSSH/) && ($sshvernum >= 120)) {
  834. push @cfgarr, 'DisableBanner yes';
  835. }
  836. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 360)) {
  837. push @cfgarr, 'EnableSSHKeysign no';
  838. }
  839. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 440)) {
  840. push @cfgarr, 'ExitOnForwardFailure yes';
  841. }
  842. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) ||
  843. (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
  844. push @cfgarr, 'ForwardX11Trusted no';
  845. }
  846. if(($sshd_builtwith_GSSAPI) && ($sshdid eq $sshid) &&
  847. ($sshdvernum == $sshvernum)) {
  848. push @cfgarr, 'GSSAPIAuthentication no';
  849. push @cfgarr, 'GSSAPIDelegateCredentials no';
  850. if($sshid =~ /SunSSH/) {
  851. push @cfgarr, 'GSSAPIKeyExchange no';
  852. }
  853. }
  854. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 400)) ||
  855. (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
  856. push @cfgarr, 'HashKnownHosts no';
  857. }
  858. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
  859. push @cfgarr, 'IdentitiesOnly yes';
  860. }
  861. if(($sshid =~ /SunSSH/) && ($sshvernum >= 120)) {
  862. push @cfgarr, 'IgnoreIfUnknown no';
  863. }
  864. if((($sshid =~ /OpenSSH/) && ($sshvernum < 380)) ||
  865. ($sshid =~ /SunSSH/)) {
  866. push @cfgarr, 'KeepAlive no';
  867. }
  868. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 300)) ||
  869. ($sshid =~ /SunSSH/)) {
  870. push @cfgarr, 'NoHostAuthenticationForLocalhost no';
  871. }
  872. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) {
  873. push @cfgarr, 'PermitLocalCommand no';
  874. }
  875. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) ||
  876. (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
  877. push @cfgarr, 'RekeyLimit 1G';
  878. }
  879. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
  880. push @cfgarr, 'SendEnv';
  881. }
  882. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) ||
  883. (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
  884. push @cfgarr, 'ServerAliveCountMax 3';
  885. push @cfgarr, 'ServerAliveInterval 0';
  886. }
  887. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) {
  888. push @cfgarr, 'TCPKeepAlive no';
  889. }
  890. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) {
  891. push @cfgarr, 'Tunnel no';
  892. }
  893. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) {
  894. push @cfgarr, 'VerifyHostKeyDNS no';
  895. }
  896. push @cfgarr, '#';
  897. #***************************************************************************
  898. # Write out resulting ssh client configuration file for curl's tests
  899. #
  900. $error = dump_array($sshconfig, @cfgarr);
  901. if($error) {
  902. logmsg $error;
  903. exit 1;
  904. }
  905. #***************************************************************************
  906. # Initialize client sftp config with options actually supported.
  907. #
  908. logmsg 'generating sftp client config file...' if($verbose);
  909. splice @cfgarr, 1, 1, "# $sshverstr sftp client configuration file for curl testing";
  910. #
  911. for(my $i = scalar(@cfgarr) - 1; $i > 0; $i--) {
  912. if($cfgarr[$i] =~ /^DynamicForward/) {
  913. splice @cfgarr, $i, 1;
  914. next;
  915. }
  916. if($cfgarr[$i] =~ /^ClearAllForwardings/) {
  917. splice @cfgarr, $i, 1, "ClearAllForwardings yes";
  918. next;
  919. }
  920. }
  921. #***************************************************************************
  922. # Write out resulting sftp client configuration file for curl's tests
  923. #
  924. $error = dump_array($sftpconfig, @cfgarr);
  925. if($error) {
  926. logmsg $error;
  927. exit 1;
  928. }
  929. @cfgarr = ();
  930. #***************************************************************************
  931. # Generate client sftp commands batch file for sftp server verification
  932. #
  933. logmsg 'generating sftp client commands file...' if($verbose);
  934. push @cfgarr, 'pwd';
  935. push @cfgarr, 'quit';
  936. $error = dump_array($sftpcmds, @cfgarr);
  937. if($error) {
  938. logmsg $error;
  939. exit 1;
  940. }
  941. @cfgarr = ();
  942. #***************************************************************************
  943. # Start the ssh server daemon without forking it
  944. #
  945. logmsg "SCP/SFTP server listening on port $port" if($verbose);
  946. my $rc = system "\"$sshd\" -e -D -f $sshdconfig > $sshdlog 2>&1";
  947. if($rc == -1) {
  948. logmsg "\"$sshd\" failed with: $!";
  949. }
  950. elsif($rc & 127) {
  951. logmsg sprintf("\"$sshd\" died with signal %d, and %s coredump",
  952. ($rc & 127), ($rc & 128)?'a':'no');
  953. }
  954. elsif($verbose && ($rc >> 8)) {
  955. logmsg sprintf("\"$sshd\" exited with %d", $rc >> 8);
  956. }
  957. #***************************************************************************
  958. # Clean up once the server has stopped
  959. #
  960. unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf, $knownhosts);
  961. unlink($sshdconfig, $sshconfig, $sftpconfig);
  962. exit 0;