sshserver.pl 40 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160
  1. #!/usr/bin/env perl
  2. #***************************************************************************
  3. # _ _ ____ _
  4. # Project ___| | | | _ \| |
  5. # / __| | | | |_) | |
  6. # | (__| |_| | _ <| |___
  7. # \___|\___/|_| \_\_____|
  8. #
  9. # Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
  10. #
  11. # This software is licensed as described in the file COPYING, which
  12. # you should have received as part of this distribution. The terms
  13. # are also available at https://curl.se/docs/copyright.html.
  14. #
  15. # You may opt to use, copy, modify, merge, publish, distribute and/or sell
  16. # copies of the Software, and permit persons to whom the Software is
  17. # furnished to do so, under the terms of the COPYING file.
  18. #
  19. # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  20. # KIND, either express or implied.
  21. #
  22. #***************************************************************************
  23. # Starts sshd for use in the SCP and SFTP curl test harness tests.
  24. # Also creates the ssh configuration files needed for these tests.
  25. use strict;
  26. use warnings;
  27. use Cwd;
  28. use Cwd 'abs_path';
  29. use Digest::MD5;
  30. use Digest::MD5 'md5_hex';
  31. use Digest::SHA;
  32. use Digest::SHA 'sha256_base64';
  33. use MIME::Base64;
  34. #***************************************************************************
  35. # Variables and subs imported from sshhelp module
  36. #
  37. use sshhelp qw(
  38. $sshdexe
  39. $sshexe
  40. $sftpsrvexe
  41. $sftpexe
  42. $sshkeygenexe
  43. $sshdconfig
  44. $sshconfig
  45. $sftpconfig
  46. $knownhosts
  47. $sshdlog
  48. $sshlog
  49. $sftplog
  50. $sftpcmds
  51. $hstprvkeyf
  52. $hstpubkeyf
  53. $hstpubmd5f
  54. $hstpubsha256f
  55. $cliprvkeyf
  56. $clipubkeyf
  57. display_sshdconfig
  58. display_sshconfig
  59. display_sftpconfig
  60. display_sshdlog
  61. display_sshlog
  62. display_sftplog
  63. dump_array
  64. find_sshd
  65. find_ssh
  66. find_sftpsrv
  67. find_sftp
  68. find_sshkeygen
  69. logmsg
  70. sshversioninfo
  71. );
  72. #***************************************************************************
  73. # Subs imported from serverhelp module
  74. #
  75. use serverhelp qw(
  76. server_pidfilename
  77. server_logfilename
  78. );
  79. use pathhelp;
  80. #***************************************************************************
  81. my $verbose = 0; # set to 1 for debugging
  82. my $debugprotocol = 0; # set to 1 for protocol debugging
  83. my $port = 8999; # our default SCP/SFTP server port
  84. my $listenaddr = '127.0.0.1'; # default address on which to listen
  85. my $ipvnum = 4; # default IP version of listener address
  86. my $idnum = 1; # default ssh daemon instance number
  87. my $proto = 'ssh'; # protocol the ssh daemon speaks
  88. my $path = getcwd(); # current working directory
  89. my $logdir = $path .'/log'; # directory for log files
  90. my $username = $ENV{USER}; # default user
  91. my $pidfile; # ssh daemon pid file
  92. my $identity = 'curl_client_key'; # default identity file
  93. my $error;
  94. my @cfgarr;
  95. #***************************************************************************
  96. # Parse command line options
  97. #
  98. while(@ARGV) {
  99. if($ARGV[0] eq '--verbose') {
  100. $verbose = 1;
  101. }
  102. elsif($ARGV[0] eq '--debugprotocol') {
  103. $verbose = 1;
  104. $debugprotocol = 1;
  105. }
  106. elsif($ARGV[0] eq '--user') {
  107. if($ARGV[1]) {
  108. $username = $ARGV[1];
  109. shift @ARGV;
  110. }
  111. }
  112. elsif($ARGV[0] eq '--id') {
  113. if($ARGV[1]) {
  114. if($ARGV[1] =~ /^(\d+)$/) {
  115. $idnum = $1 if($1 > 0);
  116. shift @ARGV;
  117. }
  118. }
  119. }
  120. elsif($ARGV[0] eq '--ipv4') {
  121. $ipvnum = 4;
  122. $listenaddr = '127.0.0.1' if($listenaddr eq '::1');
  123. }
  124. elsif($ARGV[0] eq '--ipv6') {
  125. $ipvnum = 6;
  126. $listenaddr = '::1' if($listenaddr eq '127.0.0.1');
  127. }
  128. elsif($ARGV[0] eq '--addr') {
  129. if($ARGV[1]) {
  130. my $tmpstr = $ARGV[1];
  131. if($tmpstr =~ /^(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)$/) {
  132. $listenaddr = "$1.$2.$3.$4" if($ipvnum == 4);
  133. shift @ARGV;
  134. }
  135. elsif($ipvnum == 6) {
  136. $listenaddr = $tmpstr;
  137. $listenaddr =~ s/^\[(.*)\]$/$1/;
  138. shift @ARGV;
  139. }
  140. }
  141. }
  142. elsif($ARGV[0] eq '--pidfile') {
  143. if($ARGV[1]) {
  144. $pidfile = "$path/". $ARGV[1];
  145. shift @ARGV;
  146. }
  147. }
  148. elsif($ARGV[0] eq '--sshport') {
  149. if($ARGV[1]) {
  150. if($ARGV[1] =~ /^(\d+)$/) {
  151. $port = $1;
  152. shift @ARGV;
  153. }
  154. }
  155. }
  156. else {
  157. print STDERR "\nWarning: sshserver.pl unknown parameter: $ARGV[0]\n";
  158. }
  159. shift @ARGV;
  160. }
  161. #***************************************************************************
  162. # Default ssh daemon pid file name
  163. #
  164. if(!$pidfile) {
  165. $pidfile = "$path/". server_pidfilename($proto, $ipvnum, $idnum);
  166. }
  167. #***************************************************************************
  168. # ssh and sftp server log file names
  169. #
  170. $sshdlog = server_logfilename($logdir, 'ssh', $ipvnum, $idnum);
  171. $sftplog = server_logfilename($logdir, 'sftp', $ipvnum, $idnum);
  172. #***************************************************************************
  173. # Logging level for ssh server and client
  174. #
  175. my $loglevel = $debugprotocol?'DEBUG3':'DEBUG2';
  176. #***************************************************************************
  177. # Validate username
  178. #
  179. if(!$username) {
  180. $error = 'Will not run ssh server without a user name';
  181. }
  182. elsif($username eq 'root') {
  183. $error = 'Will not run ssh server as root to mitigate security risks';
  184. }
  185. if($error) {
  186. logmsg $error;
  187. exit 1;
  188. }
  189. #***************************************************************************
  190. # Find out ssh daemon canonical file name
  191. #
  192. my $sshd = find_sshd();
  193. if(!$sshd) {
  194. logmsg "cannot find $sshdexe";
  195. exit 1;
  196. }
  197. #***************************************************************************
  198. # Find out ssh daemon version info
  199. #
  200. my ($sshdid, $sshdvernum, $sshdverstr, $sshderror) = sshversioninfo($sshd);
  201. if(!$sshdid) {
  202. # Not an OpenSSH or SunSSH ssh daemon
  203. logmsg $sshderror if($verbose);
  204. logmsg 'SCP and SFTP tests require OpenSSH 2.9.9 or later';
  205. exit 1;
  206. }
  207. logmsg "ssh server found $sshd is $sshdverstr" if($verbose);
  208. #***************************************************************************
  209. # ssh daemon command line options we might use and version support
  210. #
  211. # -e: log stderr : OpenSSH 2.9.0 and later
  212. # -f: sshd config file : OpenSSH 1.2.1 and later
  213. # -D: no daemon forking : OpenSSH 2.5.0 and later
  214. # -o: command-line option : OpenSSH 3.1.0 and later
  215. # -t: test config file : OpenSSH 2.9.9 and later
  216. # -?: sshd version info : OpenSSH 1.2.1 and later
  217. #
  218. # -e: log stderr : SunSSH 1.0.0 and later
  219. # -f: sshd config file : SunSSH 1.0.0 and later
  220. # -D: no daemon forking : SunSSH 1.0.0 and later
  221. # -o: command-line option : SunSSH 1.0.0 and later
  222. # -t: test config file : SunSSH 1.0.0 and later
  223. # -?: sshd version info : SunSSH 1.0.0 and later
  224. #***************************************************************************
  225. # Verify minimum ssh daemon version
  226. #
  227. if((($sshdid =~ /OpenSSH/) && ($sshdvernum < 299)) ||
  228. (($sshdid =~ /SunSSH/) && ($sshdvernum < 100))) {
  229. logmsg 'SCP and SFTP tests require OpenSSH 2.9.9 or later';
  230. exit 1;
  231. }
  232. #***************************************************************************
  233. # Find out sftp server plugin canonical file name
  234. #
  235. my $sftpsrv = find_sftpsrv();
  236. if(!$sftpsrv) {
  237. logmsg "cannot find $sftpsrvexe";
  238. exit 1;
  239. }
  240. logmsg "sftp server plugin found $sftpsrv" if($verbose);
  241. #***************************************************************************
  242. # Find out sftp client canonical file name
  243. #
  244. my $sftp = find_sftp();
  245. if(!$sftp) {
  246. logmsg "cannot find $sftpexe";
  247. exit 1;
  248. }
  249. logmsg "sftp client found $sftp" if($verbose);
  250. #***************************************************************************
  251. # Find out ssh keygen canonical file name
  252. #
  253. my $sshkeygen = find_sshkeygen();
  254. if(!$sshkeygen) {
  255. logmsg "cannot find $sshkeygenexe";
  256. exit 1;
  257. }
  258. logmsg "ssh keygen found $sshkeygen" if($verbose);
  259. #***************************************************************************
  260. # Find out ssh client canonical file name
  261. #
  262. my $ssh = find_ssh();
  263. if(!$ssh) {
  264. logmsg "cannot find $sshexe";
  265. exit 1;
  266. }
  267. #***************************************************************************
  268. # Find out ssh client version info
  269. #
  270. my ($sshid, $sshvernum, $sshverstr, $ssherror) = sshversioninfo($ssh);
  271. if(!$sshid) {
  272. # Not an OpenSSH or SunSSH ssh client
  273. logmsg $ssherror if($verbose);
  274. logmsg 'SCP and SFTP tests require OpenSSH 2.9.9 or later';
  275. exit 1;
  276. }
  277. logmsg "ssh client found $ssh is $sshverstr" if($verbose);
  278. #***************************************************************************
  279. # ssh client command line options we might use and version support
  280. #
  281. # -D: dynamic app port forwarding : OpenSSH 2.9.9 and later
  282. # -F: ssh config file : OpenSSH 2.9.9 and later
  283. # -N: no shell/command : OpenSSH 2.1.0 and later
  284. # -p: connection port : OpenSSH 1.2.1 and later
  285. # -v: verbose messages : OpenSSH 1.2.1 and later
  286. # -vv: increase verbosity : OpenSSH 2.3.0 and later
  287. # -V: ssh version info : OpenSSH 1.2.1 and later
  288. #
  289. # -D: dynamic app port forwarding : SunSSH 1.0.0 and later
  290. # -F: ssh config file : SunSSH 1.0.0 and later
  291. # -N: no shell/command : SunSSH 1.0.0 and later
  292. # -p: connection port : SunSSH 1.0.0 and later
  293. # -v: verbose messages : SunSSH 1.0.0 and later
  294. # -vv: increase verbosity : SunSSH 1.0.0 and later
  295. # -V: ssh version info : SunSSH 1.0.0 and later
  296. #***************************************************************************
  297. # Verify minimum ssh client version
  298. #
  299. if((($sshid =~ /OpenSSH/) && ($sshvernum < 299)) ||
  300. (($sshid =~ /SunSSH/) && ($sshvernum < 100))) {
  301. logmsg 'SCP and SFTP tests require OpenSSH 2.9.9 or later';
  302. exit 1;
  303. }
  304. #***************************************************************************
  305. # ssh keygen command line options we actually use and version support
  306. #
  307. # -C: identity comment : OpenSSH 1.2.1 and later
  308. # -f: key filename : OpenSSH 1.2.1 and later
  309. # -N: new passphrase : OpenSSH 1.2.1 and later
  310. # -q: quiet keygen : OpenSSH 1.2.1 and later
  311. # -t: key type : OpenSSH 2.5.0 and later
  312. #
  313. # -C: identity comment : SunSSH 1.0.0 and later
  314. # -f: key filename : SunSSH 1.0.0 and later
  315. # -N: new passphrase : SunSSH 1.0.0 and later
  316. # -q: quiet keygen : SunSSH 1.0.0 and later
  317. # -t: key type : SunSSH 1.0.0 and later
  318. #***************************************************************************
  319. # Generate host and client key files for curl's tests
  320. #
  321. if((! -e $hstprvkeyf) || (! -s $hstprvkeyf) ||
  322. (! -e $hstpubkeyf) || (! -s $hstpubkeyf) ||
  323. (! -e $hstpubmd5f) || (! -s $hstpubmd5f) ||
  324. (! -e $hstpubsha256f) || (! -s $hstpubsha256f) ||
  325. (! -e $cliprvkeyf) || (! -s $cliprvkeyf) ||
  326. (! -e $clipubkeyf) || (! -s $clipubkeyf)) {
  327. # Make sure all files are gone so ssh-keygen doesn't complain
  328. unlink($hstprvkeyf, $hstpubkeyf, $hstpubmd5f, $hstpubsha256f,
  329. $cliprvkeyf, $clipubkeyf);
  330. logmsg 'generating host keys...' if($verbose);
  331. if(system "\"$sshkeygen\" -q -t rsa -f $hstprvkeyf -C 'curl test server' -N ''") {
  332. logmsg 'Could not generate host key';
  333. exit 1;
  334. }
  335. logmsg 'generating client keys...' if($verbose);
  336. if(system "\"$sshkeygen\" -q -t rsa -f $cliprvkeyf -C 'curl test client' -N ''") {
  337. logmsg 'Could not generate client key';
  338. exit 1;
  339. }
  340. # Make sure that permissions are restricted so openssh doesn't complain
  341. system "chmod 600 $hstprvkeyf";
  342. system "chmod 600 $cliprvkeyf";
  343. # Save md5 and sha256 hashes of public host key
  344. open(RSAKEYFILE, "<$hstpubkeyf");
  345. my @rsahostkey = do { local $/ = ' '; <RSAKEYFILE> };
  346. close(RSAKEYFILE);
  347. if(!$rsahostkey[1]) {
  348. logmsg 'Failed parsing base64 encoded RSA host key';
  349. exit 1;
  350. }
  351. open(PUBMD5FILE, ">$hstpubmd5f");
  352. print PUBMD5FILE md5_hex(decode_base64($rsahostkey[1]));
  353. close(PUBMD5FILE);
  354. if((! -e $hstpubmd5f) || (! -s $hstpubmd5f)) {
  355. logmsg 'Failed writing md5 hash of RSA host key';
  356. exit 1;
  357. }
  358. open(PUBSHA256FILE, ">$hstpubsha256f");
  359. print PUBSHA256FILE sha256_base64(decode_base64($rsahostkey[1]));
  360. close(PUBSHA256FILE);
  361. if((! -e $hstpubsha256f) || (! -s $hstpubsha256f)) {
  362. logmsg 'Failed writing sha256 hash of RSA host key';
  363. exit 1;
  364. }
  365. }
  366. #***************************************************************************
  367. # Convert paths for curl's tests running on Windows with Cygwin/Msys OpenSSH
  368. #
  369. my $clipubkeyf_config = abs_path("$path/$clipubkeyf");
  370. my $hstprvkeyf_config = abs_path("$path/$hstprvkeyf");
  371. my $pidfile_config = $pidfile;
  372. my $sftpsrv_config = $sftpsrv;
  373. if (pathhelp::os_is_win()) {
  374. # Ensure to use MinGW/Cygwin paths
  375. $clipubkeyf_config = pathhelp::build_sys_abs_path($clipubkeyf_config);
  376. $hstprvkeyf_config = pathhelp::build_sys_abs_path($hstprvkeyf_config);
  377. $pidfile_config = pathhelp::build_sys_abs_path($pidfile_config);
  378. $sftpsrv_config = "internal-sftp";
  379. }
  380. if ($sshdid =~ /OpenSSH-Windows/) {
  381. # Ensure to use native Windows paths with OpenSSH for Windows
  382. $clipubkeyf_config = pathhelp::sys_native_abs_path($clipubkeyf);
  383. $hstprvkeyf_config = pathhelp::sys_native_abs_path($hstprvkeyf);
  384. $pidfile_config = pathhelp::sys_native_abs_path($pidfile);
  385. $sftpsrv_config = pathhelp::sys_native_abs_path($sftpsrv);
  386. $sshdconfig = pathhelp::sys_native_abs_path($sshdconfig);
  387. $sshconfig = pathhelp::sys_native_abs_path($sshconfig);
  388. $sftpconfig = pathhelp::sys_native_abs_path($sftpconfig);
  389. }
  390. #***************************************************************************
  391. # ssh daemon configuration file options we might use and version support
  392. #
  393. # AFSTokenPassing : OpenSSH 1.2.1 and later [1]
  394. # AddressFamily : OpenSSH 4.0.0 and later
  395. # AllowTcpForwarding : OpenSSH 2.3.0 and later
  396. # AllowUsers : OpenSSH 1.2.1 and later
  397. # AuthorizedKeysFile : OpenSSH 2.9.9 and later
  398. # AuthorizedKeysFile2 : OpenSSH 2.9.9 and later
  399. # Banner : OpenSSH 2.5.0 and later
  400. # ChallengeResponseAuthentication : OpenSSH 2.5.0 and later
  401. # Ciphers : OpenSSH 2.1.0 and later [3]
  402. # ClientAliveCountMax : OpenSSH 2.9.0 and later
  403. # ClientAliveInterval : OpenSSH 2.9.0 and later
  404. # Compression : OpenSSH 3.3.0 and later
  405. # DenyUsers : OpenSSH 1.2.1 and later
  406. # ForceCommand : OpenSSH 4.4.0 and later [3]
  407. # GatewayPorts : OpenSSH 2.1.0 and later
  408. # GSSAPIAuthentication : OpenSSH 3.7.0 and later [1]
  409. # GSSAPICleanupCredentials : OpenSSH 3.8.0 and later [1]
  410. # GSSAPIKeyExchange : SunSSH 1.0.0 and later [1]
  411. # GSSAPIStoreDelegatedCredentials : SunSSH 1.0.0 and later [1]
  412. # GSSCleanupCreds : SunSSH 1.0.0 and later [1]
  413. # GSSUseSessionCredCache : SunSSH 1.0.0 and later [1]
  414. # HostbasedAuthentication : OpenSSH 2.9.0 and later
  415. # HostbasedUsesNameFromPacketOnly : OpenSSH 2.9.0 and later
  416. # HostKey : OpenSSH 1.2.1 and later
  417. # IgnoreRhosts : OpenSSH 1.2.1 and later
  418. # IgnoreUserKnownHosts : OpenSSH 1.2.1 and later
  419. # KbdInteractiveAuthentication : OpenSSH 2.3.0 and later
  420. # KeepAlive : OpenSSH 1.2.1 and later
  421. # KerberosAuthentication : OpenSSH 1.2.1 and later [1]
  422. # KerberosGetAFSToken : OpenSSH 3.8.0 and later [1]
  423. # KerberosOrLocalPasswd : OpenSSH 1.2.1 and later [1]
  424. # KerberosTgtPassing : OpenSSH 1.2.1 and later [1]
  425. # KerberosTicketCleanup : OpenSSH 1.2.1 and later [1]
  426. # KeyRegenerationInterval : OpenSSH 1.2.1 and later
  427. # ListenAddress : OpenSSH 1.2.1 and later
  428. # LoginGraceTime : OpenSSH 1.2.1 and later
  429. # LogLevel : OpenSSH 1.2.1 and later
  430. # LookupClientHostnames : SunSSH 1.0.0 and later
  431. # MACs : OpenSSH 2.5.0 and later [3]
  432. # Match : OpenSSH 4.4.0 and later [3]
  433. # MaxAuthTries : OpenSSH 3.9.0 and later
  434. # MaxStartups : OpenSSH 2.2.0 and later
  435. # PAMAuthenticationViaKbdInt : OpenSSH 2.9.0 and later [2]
  436. # PasswordAuthentication : OpenSSH 1.2.1 and later
  437. # PermitEmptyPasswords : OpenSSH 1.2.1 and later
  438. # PermitOpen : OpenSSH 4.4.0 and later [3]
  439. # PermitRootLogin : OpenSSH 1.2.1 and later
  440. # PermitTunnel : OpenSSH 4.3.0 and later
  441. # PermitUserEnvironment : OpenSSH 3.5.0 and later
  442. # PidFile : OpenSSH 2.1.0 and later
  443. # Port : OpenSSH 1.2.1 and later
  444. # PrintLastLog : OpenSSH 2.9.0 and later
  445. # PrintMotd : OpenSSH 1.2.1 and later
  446. # Protocol : OpenSSH 2.1.0 and later
  447. # PubkeyAuthentication : OpenSSH 2.5.0 and later
  448. # RhostsAuthentication : OpenSSH 1.2.1 and later
  449. # RhostsRSAAuthentication : OpenSSH 1.2.1 and later
  450. # RSAAuthentication : OpenSSH 1.2.1 and later
  451. # ServerKeyBits : OpenSSH 1.2.1 and later
  452. # SkeyAuthentication : OpenSSH 1.2.1 and later [1]
  453. # StrictModes : OpenSSH 1.2.1 and later
  454. # Subsystem : OpenSSH 2.2.0 and later
  455. # SyslogFacility : OpenSSH 1.2.1 and later
  456. # TCPKeepAlive : OpenSSH 3.8.0 and later
  457. # UseDNS : OpenSSH 3.7.0 and later
  458. # UseLogin : OpenSSH 1.2.1 and later
  459. # UsePAM : OpenSSH 3.7.0 and later [1][2]
  460. # UsePrivilegeSeparation : OpenSSH 3.2.2 and later
  461. # VerifyReverseMapping : OpenSSH 3.1.0 and later
  462. # X11DisplayOffset : OpenSSH 1.2.1 and later [3]
  463. # X11Forwarding : OpenSSH 1.2.1 and later
  464. # X11UseLocalhost : OpenSSH 3.1.0 and later
  465. # XAuthLocation : OpenSSH 2.1.1 and later [3]
  466. #
  467. # [1] Option only available if activated at compile time
  468. # [2] Option specific for portable versions
  469. # [3] Option not used in our ssh server config file
  470. #***************************************************************************
  471. # Initialize sshd config with options actually supported in OpenSSH 2.9.9
  472. #
  473. logmsg 'generating ssh server config file...' if($verbose);
  474. @cfgarr = ();
  475. push @cfgarr, '# This is a generated file. Do not edit.';
  476. push @cfgarr, "# $sshdverstr sshd configuration file for curl testing";
  477. push @cfgarr, '#';
  478. # AllowUsers and DenyUsers options should use lowercase on Windows
  479. # and do not support quotes around values for some unknown reason.
  480. if ($sshdid =~ /OpenSSH-Windows/) {
  481. my $username_lc = lc $username;
  482. if (exists $ENV{USERDOMAIN}) {
  483. my $userdomain_lc = lc $ENV{USERDOMAIN};
  484. $username_lc = "$userdomain_lc\\$username_lc";
  485. }
  486. $username_lc =~ s/ /\?/g; # replace space with ?
  487. push @cfgarr, "DenyUsers !$username_lc";
  488. push @cfgarr, "AllowUsers $username_lc";
  489. } else {
  490. push @cfgarr, "DenyUsers !$username";
  491. push @cfgarr, "AllowUsers $username";
  492. }
  493. push @cfgarr, "AuthorizedKeysFile $clipubkeyf_config";
  494. push @cfgarr, "AuthorizedKeysFile2 $clipubkeyf_config";
  495. push @cfgarr, "HostKey $hstprvkeyf_config";
  496. if ($sshdid !~ /OpenSSH-Windows/) {
  497. push @cfgarr, "PidFile $pidfile_config";
  498. }
  499. push @cfgarr, '#';
  500. push @cfgarr, "Port $port";
  501. push @cfgarr, "ListenAddress $listenaddr";
  502. push @cfgarr, 'Protocol 2';
  503. push @cfgarr, '#';
  504. push @cfgarr, 'AllowTcpForwarding yes';
  505. push @cfgarr, 'Banner none';
  506. push @cfgarr, 'ChallengeResponseAuthentication no';
  507. push @cfgarr, 'ClientAliveCountMax 3';
  508. push @cfgarr, 'ClientAliveInterval 0';
  509. push @cfgarr, 'GatewayPorts no';
  510. push @cfgarr, 'HostbasedAuthentication no';
  511. push @cfgarr, 'HostbasedUsesNameFromPacketOnly no';
  512. push @cfgarr, 'IgnoreRhosts yes';
  513. push @cfgarr, 'IgnoreUserKnownHosts yes';
  514. push @cfgarr, 'KeyRegenerationInterval 0';
  515. push @cfgarr, 'LoginGraceTime 30';
  516. push @cfgarr, "LogLevel $loglevel";
  517. push @cfgarr, 'MaxStartups 5';
  518. push @cfgarr, 'PasswordAuthentication no';
  519. push @cfgarr, 'PermitEmptyPasswords no';
  520. push @cfgarr, 'PermitRootLogin no';
  521. push @cfgarr, 'PrintLastLog no';
  522. push @cfgarr, 'PrintMotd no';
  523. push @cfgarr, 'PubkeyAuthentication yes';
  524. push @cfgarr, 'RhostsRSAAuthentication no';
  525. push @cfgarr, 'RSAAuthentication no';
  526. push @cfgarr, 'ServerKeyBits 768';
  527. push @cfgarr, 'StrictModes no';
  528. push @cfgarr, "Subsystem sftp \"$sftpsrv_config\"";
  529. push @cfgarr, 'SyslogFacility AUTH';
  530. push @cfgarr, 'UseLogin no';
  531. push @cfgarr, 'X11Forwarding no';
  532. push @cfgarr, '#';
  533. #***************************************************************************
  534. # Write out initial sshd configuration file for curl's tests
  535. #
  536. $error = dump_array($sshdconfig, @cfgarr);
  537. if($error) {
  538. logmsg $error;
  539. exit 1;
  540. }
  541. #***************************************************************************
  542. # Verifies at run time if sshd supports a given configuration file option
  543. #
  544. sub sshd_supports_opt {
  545. my ($option, $value) = @_;
  546. my $err;
  547. #
  548. if((($sshdid =~ /OpenSSH/) && ($sshdvernum >= 310)) ||
  549. ($sshdid =~ /SunSSH/)) {
  550. # ssh daemon supports command line options -t -f and -o
  551. $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/,
  552. qx("$sshd" -t -f $sshdconfig -o "$option=$value" 2>&1);
  553. return !$err;
  554. }
  555. if(($sshdid =~ /OpenSSH/) && ($sshdvernum >= 299)) {
  556. # ssh daemon supports command line options -t and -f
  557. $err = dump_array($sshdconfig, (@cfgarr, "$option $value"));
  558. if($err) {
  559. logmsg $err;
  560. return 0;
  561. }
  562. $err = grep /((Unsupported)|(Bad configuration)|(Deprecated)) option.*$option/,
  563. qx("$sshd" -t -f $sshdconfig 2>&1);
  564. unlink $sshdconfig;
  565. return !$err;
  566. }
  567. return 0;
  568. }
  569. #***************************************************************************
  570. # Kerberos Authentication support may have not been built into sshd
  571. #
  572. if(sshd_supports_opt('KerberosAuthentication','no')) {
  573. push @cfgarr, 'KerberosAuthentication no';
  574. }
  575. if(sshd_supports_opt('KerberosGetAFSToken','no')) {
  576. push @cfgarr, 'KerberosGetAFSToken no';
  577. }
  578. if(sshd_supports_opt('KerberosOrLocalPasswd','no')) {
  579. push @cfgarr, 'KerberosOrLocalPasswd no';
  580. }
  581. if(sshd_supports_opt('KerberosTgtPassing','no')) {
  582. push @cfgarr, 'KerberosTgtPassing no';
  583. }
  584. if(sshd_supports_opt('KerberosTicketCleanup','yes')) {
  585. push @cfgarr, 'KerberosTicketCleanup yes';
  586. }
  587. #***************************************************************************
  588. # Andrew File System support may have not been built into sshd
  589. #
  590. if(sshd_supports_opt('AFSTokenPassing','no')) {
  591. push @cfgarr, 'AFSTokenPassing no';
  592. }
  593. #***************************************************************************
  594. # S/Key authentication support may have not been built into sshd
  595. #
  596. if(sshd_supports_opt('SkeyAuthentication','no')) {
  597. push @cfgarr, 'SkeyAuthentication no';
  598. }
  599. #***************************************************************************
  600. # GSSAPI Authentication support may have not been built into sshd
  601. #
  602. my $sshd_builtwith_GSSAPI;
  603. if(sshd_supports_opt('GSSAPIAuthentication','no')) {
  604. push @cfgarr, 'GSSAPIAuthentication no';
  605. $sshd_builtwith_GSSAPI = 1;
  606. }
  607. if(sshd_supports_opt('GSSAPICleanupCredentials','yes')) {
  608. push @cfgarr, 'GSSAPICleanupCredentials yes';
  609. }
  610. if(sshd_supports_opt('GSSAPIKeyExchange','no')) {
  611. push @cfgarr, 'GSSAPIKeyExchange no';
  612. }
  613. if(sshd_supports_opt('GSSAPIStoreDelegatedCredentials','no')) {
  614. push @cfgarr, 'GSSAPIStoreDelegatedCredentials no';
  615. }
  616. if(sshd_supports_opt('GSSCleanupCreds','yes')) {
  617. push @cfgarr, 'GSSCleanupCreds yes';
  618. }
  619. if(sshd_supports_opt('GSSUseSessionCredCache','no')) {
  620. push @cfgarr, 'GSSUseSessionCredCache no';
  621. }
  622. push @cfgarr, '#';
  623. #***************************************************************************
  624. # Options that might be supported or not in sshd OpenSSH 2.9.9 and later
  625. #
  626. if(sshd_supports_opt('AddressFamily','any')) {
  627. # Address family must be specified before ListenAddress
  628. splice @cfgarr, 14, 0, 'AddressFamily any';
  629. }
  630. if(sshd_supports_opt('Compression','no')) {
  631. push @cfgarr, 'Compression no';
  632. }
  633. if(sshd_supports_opt('KbdInteractiveAuthentication','no')) {
  634. push @cfgarr, 'KbdInteractiveAuthentication no';
  635. }
  636. if(sshd_supports_opt('KeepAlive','no')) {
  637. push @cfgarr, 'KeepAlive no';
  638. }
  639. if(sshd_supports_opt('LookupClientHostnames','no')) {
  640. push @cfgarr, 'LookupClientHostnames no';
  641. }
  642. if(sshd_supports_opt('MaxAuthTries','10')) {
  643. push @cfgarr, 'MaxAuthTries 10';
  644. }
  645. if(sshd_supports_opt('PAMAuthenticationViaKbdInt','no')) {
  646. push @cfgarr, 'PAMAuthenticationViaKbdInt no';
  647. }
  648. if(sshd_supports_opt('PermitTunnel','no')) {
  649. push @cfgarr, 'PermitTunnel no';
  650. }
  651. if(sshd_supports_opt('PermitUserEnvironment','no')) {
  652. push @cfgarr, 'PermitUserEnvironment no';
  653. }
  654. if(sshd_supports_opt('RhostsAuthentication','no')) {
  655. push @cfgarr, 'RhostsAuthentication no';
  656. }
  657. if(sshd_supports_opt('TCPKeepAlive','no')) {
  658. push @cfgarr, 'TCPKeepAlive no';
  659. }
  660. if(sshd_supports_opt('UseDNS','no')) {
  661. push @cfgarr, 'UseDNS no';
  662. }
  663. if(sshd_supports_opt('UsePAM','no')) {
  664. push @cfgarr, 'UsePAM no';
  665. }
  666. if($sshdid =~ /OpenSSH/) {
  667. # http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6492415
  668. if(sshd_supports_opt('UsePrivilegeSeparation','no')) {
  669. push @cfgarr, 'UsePrivilegeSeparation no';
  670. }
  671. }
  672. if(sshd_supports_opt('VerifyReverseMapping','no')) {
  673. push @cfgarr, 'VerifyReverseMapping no';
  674. }
  675. if(sshd_supports_opt('X11UseLocalhost','yes')) {
  676. push @cfgarr, 'X11UseLocalhost yes';
  677. }
  678. push @cfgarr, '#';
  679. #***************************************************************************
  680. # Write out resulting sshd configuration file for curl's tests
  681. #
  682. $error = dump_array($sshdconfig, @cfgarr);
  683. if($error) {
  684. logmsg $error;
  685. exit 1;
  686. }
  687. #***************************************************************************
  688. # Verify that sshd actually supports our generated configuration file
  689. #
  690. if(system "\"$sshd\" -t -f $sshdconfig > $sshdlog 2>&1") {
  691. logmsg "sshd configuration file $sshdconfig failed verification";
  692. display_sshdlog();
  693. display_sshdconfig();
  694. exit 1;
  695. }
  696. #***************************************************************************
  697. # Generate ssh client host key database file for curl's tests
  698. #
  699. if((! -e $knownhosts) || (! -s $knownhosts)) {
  700. logmsg 'generating ssh client known hosts file...' if($verbose);
  701. unlink($knownhosts);
  702. if(open(RSAKEYFILE, "<$hstpubkeyf")) {
  703. my @rsahostkey = do { local $/ = ' '; <RSAKEYFILE> };
  704. if(close(RSAKEYFILE)) {
  705. if(open(KNOWNHOSTS, ">$knownhosts")) {
  706. print KNOWNHOSTS "$listenaddr ssh-rsa $rsahostkey[1]\n";
  707. if(!close(KNOWNHOSTS)) {
  708. $error = "Error: cannot close file $knownhosts";
  709. }
  710. }
  711. else {
  712. $error = "Error: cannot write file $knownhosts";
  713. }
  714. }
  715. else {
  716. $error = "Error: cannot close file $hstpubkeyf";
  717. }
  718. }
  719. else {
  720. $error = "Error: cannot read file $hstpubkeyf";
  721. }
  722. if($error) {
  723. logmsg $error;
  724. exit 1;
  725. }
  726. }
  727. #***************************************************************************
  728. # Convert paths for curl's tests running on Windows using Cygwin OpenSSH
  729. #
  730. my $identity_config = abs_path("$path/$identity");
  731. my $knownhosts_config = abs_path("$path/$knownhosts");
  732. if (pathhelp::os_is_win()) {
  733. # Ensure to use MinGW/Cygwin paths
  734. $identity_config = pathhelp::build_sys_abs_path($identity_config);
  735. $knownhosts_config = pathhelp::build_sys_abs_path($knownhosts_config);
  736. }
  737. if ($sshdid =~ /OpenSSH-Windows/) {
  738. # Ensure to use native Windows paths with OpenSSH for Windows
  739. $identity_config = pathhelp::sys_native_abs_path($identity);
  740. $knownhosts_config = pathhelp::sys_native_abs_path($knownhosts);
  741. }
  742. #***************************************************************************
  743. # ssh client configuration file options we might use and version support
  744. #
  745. # AddressFamily : OpenSSH 3.7.0 and later
  746. # BatchMode : OpenSSH 1.2.1 and later
  747. # BindAddress : OpenSSH 2.9.9 and later
  748. # ChallengeResponseAuthentication : OpenSSH 2.5.0 and later
  749. # CheckHostIP : OpenSSH 1.2.1 and later
  750. # Cipher : OpenSSH 1.2.1 and later [3]
  751. # Ciphers : OpenSSH 2.1.0 and later [3]
  752. # ClearAllForwardings : OpenSSH 2.9.9 and later
  753. # Compression : OpenSSH 1.2.1 and later
  754. # CompressionLevel : OpenSSH 1.2.1 and later [3]
  755. # ConnectionAttempts : OpenSSH 1.2.1 and later
  756. # ConnectTimeout : OpenSSH 3.7.0 and later
  757. # ControlMaster : OpenSSH 3.9.0 and later
  758. # ControlPath : OpenSSH 3.9.0 and later
  759. # DisableBanner : SunSSH 1.2.0 and later
  760. # DynamicForward : OpenSSH 2.9.0 and later
  761. # EnableSSHKeysign : OpenSSH 3.6.0 and later
  762. # EscapeChar : OpenSSH 1.2.1 and later [3]
  763. # ExitOnForwardFailure : OpenSSH 4.4.0 and later
  764. # ForwardAgent : OpenSSH 1.2.1 and later
  765. # ForwardX11 : OpenSSH 1.2.1 and later
  766. # ForwardX11Trusted : OpenSSH 3.8.0 and later
  767. # GatewayPorts : OpenSSH 1.2.1 and later
  768. # GlobalKnownHostsFile : OpenSSH 1.2.1 and later
  769. # GSSAPIAuthentication : OpenSSH 3.7.0 and later [1]
  770. # GSSAPIDelegateCredentials : OpenSSH 3.7.0 and later [1]
  771. # HashKnownHosts : OpenSSH 4.0.0 and later
  772. # Host : OpenSSH 1.2.1 and later
  773. # HostbasedAuthentication : OpenSSH 2.9.0 and later
  774. # HostKeyAlgorithms : OpenSSH 2.9.0 and later [3]
  775. # HostKeyAlias : OpenSSH 2.5.0 and later [3]
  776. # HostName : OpenSSH 1.2.1 and later
  777. # IdentitiesOnly : OpenSSH 3.9.0 and later
  778. # IdentityFile : OpenSSH 1.2.1 and later
  779. # IgnoreIfUnknown : SunSSH 1.2.0 and later
  780. # KeepAlive : OpenSSH 1.2.1 and later
  781. # KbdInteractiveAuthentication : OpenSSH 2.3.0 and later
  782. # KbdInteractiveDevices : OpenSSH 2.3.0 and later [3]
  783. # LocalCommand : OpenSSH 4.3.0 and later [3]
  784. # LocalForward : OpenSSH 1.2.1 and later [3]
  785. # LogLevel : OpenSSH 1.2.1 and later
  786. # MACs : OpenSSH 2.5.0 and later [3]
  787. # NoHostAuthenticationForLocalhost : OpenSSH 3.0.0 and later
  788. # NumberOfPasswordPrompts : OpenSSH 1.2.1 and later
  789. # PasswordAuthentication : OpenSSH 1.2.1 and later
  790. # PermitLocalCommand : OpenSSH 4.3.0 and later
  791. # Port : OpenSSH 1.2.1 and later
  792. # PreferredAuthentications : OpenSSH 2.5.2 and later
  793. # Protocol : OpenSSH 2.1.0 and later
  794. # ProxyCommand : OpenSSH 1.2.1 and later [3]
  795. # PubkeyAuthentication : OpenSSH 2.5.0 and later
  796. # RekeyLimit : OpenSSH 3.7.0 and later
  797. # RemoteForward : OpenSSH 1.2.1 and later [3]
  798. # RhostsRSAAuthentication : OpenSSH 1.2.1 and later
  799. # RSAAuthentication : OpenSSH 1.2.1 and later
  800. # ServerAliveCountMax : OpenSSH 3.8.0 and later
  801. # ServerAliveInterval : OpenSSH 3.8.0 and later
  802. # SmartcardDevice : OpenSSH 2.9.9 and later [1][3]
  803. # StrictHostKeyChecking : OpenSSH 1.2.1 and later
  804. # TCPKeepAlive : OpenSSH 3.8.0 and later
  805. # Tunnel : OpenSSH 4.3.0 and later
  806. # TunnelDevice : OpenSSH 4.3.0 and later [3]
  807. # UsePAM : OpenSSH 3.7.0 and later [1][2][3]
  808. # UsePrivilegedPort : OpenSSH 1.2.1 and later
  809. # User : OpenSSH 1.2.1 and later
  810. # UserKnownHostsFile : OpenSSH 1.2.1 and later
  811. # VerifyHostKeyDNS : OpenSSH 3.8.0 and later
  812. # XAuthLocation : OpenSSH 2.1.1 and later [3]
  813. #
  814. # [1] Option only available if activated at compile time
  815. # [2] Option specific for portable versions
  816. # [3] Option not used in our ssh client config file
  817. #***************************************************************************
  818. # Initialize ssh config with options actually supported in OpenSSH 2.9.9
  819. #
  820. logmsg 'generating ssh client config file...' if($verbose);
  821. @cfgarr = ();
  822. push @cfgarr, '# This is a generated file. Do not edit.';
  823. push @cfgarr, "# $sshverstr ssh client configuration file for curl testing";
  824. push @cfgarr, '#';
  825. push @cfgarr, 'Host *';
  826. push @cfgarr, '#';
  827. push @cfgarr, "Port $port";
  828. push @cfgarr, "HostName $listenaddr";
  829. push @cfgarr, "User $username";
  830. push @cfgarr, 'Protocol 2';
  831. push @cfgarr, '#';
  832. # BindAddress option is not supported by OpenSSH for Windows
  833. if (!($sshdid =~ /OpenSSH-Windows/)) {
  834. push @cfgarr, "BindAddress $listenaddr";
  835. }
  836. push @cfgarr, '#';
  837. push @cfgarr, "IdentityFile $identity_config";
  838. push @cfgarr, "UserKnownHostsFile $knownhosts_config";
  839. push @cfgarr, '#';
  840. push @cfgarr, 'BatchMode yes';
  841. push @cfgarr, 'ChallengeResponseAuthentication no';
  842. push @cfgarr, 'CheckHostIP no';
  843. push @cfgarr, 'ClearAllForwardings no';
  844. push @cfgarr, 'Compression no';
  845. push @cfgarr, 'ConnectionAttempts 3';
  846. push @cfgarr, 'ForwardAgent no';
  847. push @cfgarr, 'ForwardX11 no';
  848. push @cfgarr, 'GatewayPorts no';
  849. push @cfgarr, 'GlobalKnownHostsFile /dev/null';
  850. push @cfgarr, 'HostbasedAuthentication no';
  851. push @cfgarr, 'KbdInteractiveAuthentication no';
  852. push @cfgarr, "LogLevel $loglevel";
  853. push @cfgarr, 'NumberOfPasswordPrompts 0';
  854. push @cfgarr, 'PasswordAuthentication no';
  855. push @cfgarr, 'PreferredAuthentications publickey';
  856. push @cfgarr, 'PubkeyAuthentication yes';
  857. # RSA authentication options are not supported by OpenSSH for Windows
  858. if (!($sshdid =~ /OpenSSH-Windows/)) {
  859. push @cfgarr, 'RhostsRSAAuthentication no';
  860. push @cfgarr, 'RSAAuthentication no';
  861. }
  862. # Disabled StrictHostKeyChecking since it makes the tests fail on my
  863. # OpenSSH_6.0p1 on Debian Linux / Daniel
  864. push @cfgarr, 'StrictHostKeyChecking no';
  865. push @cfgarr, 'UsePrivilegedPort no';
  866. push @cfgarr, '#';
  867. #***************************************************************************
  868. # Options supported in ssh client newer than OpenSSH 2.9.9
  869. #
  870. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) {
  871. push @cfgarr, 'AddressFamily any';
  872. }
  873. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) ||
  874. (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
  875. push @cfgarr, 'ConnectTimeout 30';
  876. }
  877. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
  878. push @cfgarr, 'ControlMaster no';
  879. }
  880. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 420)) {
  881. push @cfgarr, 'ControlPath none';
  882. }
  883. if(($sshid =~ /SunSSH/) && ($sshvernum >= 120)) {
  884. push @cfgarr, 'DisableBanner yes';
  885. }
  886. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 360)) {
  887. push @cfgarr, 'EnableSSHKeysign no';
  888. }
  889. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 440)) {
  890. push @cfgarr, 'ExitOnForwardFailure yes';
  891. }
  892. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) ||
  893. (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
  894. push @cfgarr, 'ForwardX11Trusted no';
  895. }
  896. if(($sshd_builtwith_GSSAPI) && ($sshdid eq $sshid) &&
  897. ($sshdvernum == $sshvernum)) {
  898. push @cfgarr, 'GSSAPIAuthentication no';
  899. push @cfgarr, 'GSSAPIDelegateCredentials no';
  900. if($sshid =~ /SunSSH/) {
  901. push @cfgarr, 'GSSAPIKeyExchange no';
  902. }
  903. }
  904. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 400)) ||
  905. (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
  906. push @cfgarr, 'HashKnownHosts no';
  907. }
  908. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
  909. push @cfgarr, 'IdentitiesOnly yes';
  910. }
  911. if(($sshid =~ /SunSSH/) && ($sshvernum >= 120)) {
  912. push @cfgarr, 'IgnoreIfUnknown no';
  913. }
  914. if((($sshid =~ /OpenSSH/) && ($sshvernum < 380)) ||
  915. ($sshid =~ /SunSSH/)) {
  916. push @cfgarr, 'KeepAlive no';
  917. }
  918. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 300)) ||
  919. ($sshid =~ /SunSSH/)) {
  920. push @cfgarr, 'NoHostAuthenticationForLocalhost no';
  921. }
  922. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) {
  923. push @cfgarr, 'PermitLocalCommand no';
  924. }
  925. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) ||
  926. (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
  927. push @cfgarr, 'RekeyLimit 1G';
  928. }
  929. if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) ||
  930. (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
  931. push @cfgarr, 'ServerAliveCountMax 3';
  932. push @cfgarr, 'ServerAliveInterval 0';
  933. }
  934. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) {
  935. push @cfgarr, 'TCPKeepAlive no';
  936. }
  937. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 430)) {
  938. push @cfgarr, 'Tunnel no';
  939. }
  940. if(($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) {
  941. push @cfgarr, 'VerifyHostKeyDNS no';
  942. }
  943. push @cfgarr, '#';
  944. #***************************************************************************
  945. # Write out resulting ssh client configuration file for curl's tests
  946. #
  947. $error = dump_array($sshconfig, @cfgarr);
  948. if($error) {
  949. logmsg $error;
  950. exit 1;
  951. }
  952. #***************************************************************************
  953. # Initialize client sftp config with options actually supported.
  954. #
  955. logmsg 'generating sftp client config file...' if($verbose);
  956. splice @cfgarr, 1, 1, "# $sshverstr sftp client configuration file for curl testing";
  957. #
  958. for(my $i = scalar(@cfgarr) - 1; $i > 0; $i--) {
  959. if($cfgarr[$i] =~ /^DynamicForward/) {
  960. splice @cfgarr, $i, 1;
  961. next;
  962. }
  963. if($cfgarr[$i] =~ /^ClearAllForwardings/) {
  964. splice @cfgarr, $i, 1, "ClearAllForwardings yes";
  965. next;
  966. }
  967. }
  968. #***************************************************************************
  969. # Write out resulting sftp client configuration file for curl's tests
  970. #
  971. $error = dump_array($sftpconfig, @cfgarr);
  972. if($error) {
  973. logmsg $error;
  974. exit 1;
  975. }
  976. @cfgarr = ();
  977. #***************************************************************************
  978. # Generate client sftp commands batch file for sftp server verification
  979. #
  980. logmsg 'generating sftp client commands file...' if($verbose);
  981. push @cfgarr, 'pwd';
  982. push @cfgarr, 'quit';
  983. $error = dump_array($sftpcmds, @cfgarr);
  984. if($error) {
  985. logmsg $error;
  986. exit 1;
  987. }
  988. @cfgarr = ();
  989. #***************************************************************************
  990. # Prepare command line of ssh server daemon
  991. #
  992. my $cmd = "\"$sshd\" -e -D -f $sshdconfig > $sshdlog 2>&1";
  993. logmsg "SCP/SFTP server listening on port $port" if($verbose);
  994. logmsg "RUN: $cmd" if($verbose);
  995. #***************************************************************************
  996. # Start the ssh server daemon on Windows without forking it
  997. #
  998. if ($sshdid =~ /OpenSSH-Windows/) {
  999. # Fake pidfile for ssh server on Windows.
  1000. if(open(OUT, ">$pidfile")) {
  1001. print OUT $$ . "\n";
  1002. close(OUT);
  1003. }
  1004. # Flush output.
  1005. $| = 1;
  1006. # Put an "exec" in front of the command so that the child process
  1007. # keeps this child's process ID by being tied to the spawned shell.
  1008. exec("exec $cmd") || die "Can't exec() $cmd: $!";
  1009. # exec() will create a new process, but ties the existence of the
  1010. # new process to the parent waiting perl.exe and sh.exe processes.
  1011. # exec() should never return back here to this process. We protect
  1012. # ourselves by calling die() just in case something goes really bad.
  1013. die "error: exec() has returned";
  1014. }
  1015. #***************************************************************************
  1016. # Start the ssh server daemon without forking it
  1017. #
  1018. my $rc = system($cmd);
  1019. if($rc == -1) {
  1020. logmsg "\"$sshd\" failed with: $!";
  1021. }
  1022. elsif($rc & 127) {
  1023. logmsg sprintf("\"$sshd\" died with signal %d, and %s coredump",
  1024. ($rc & 127), ($rc & 128)?'a':'no');
  1025. }
  1026. elsif($verbose && ($rc >> 8)) {
  1027. logmsg sprintf("\"$sshd\" exited with %d", $rc >> 8);
  1028. }
  1029. #***************************************************************************
  1030. # Clean up once the server has stopped
  1031. #
  1032. unlink($hstprvkeyf, $hstpubkeyf, $hstpubmd5f, $hstpubsha256f,
  1033. $cliprvkeyf, $clipubkeyf, $knownhosts,
  1034. $sshdconfig, $sshconfig, $sftpconfig);
  1035. exit 0;