1# $OpenBSD: putty-ciphers.sh,v 1.13 2024/02/09 08:56:59 dtucker Exp $ 2# Placed in the Public Domain. 3 4tid="putty ciphers" 5 6puttysetup 7 8cp ${OBJ}/sshd_proxy ${OBJ}/sshd_proxy_bak 9 10# Since there doesn't seem to be a way to set MACs on the PuTTY client side, 11# we force each in turn on the server side, omitting the ones PuTTY doesn't 12# support. Grepping the binary is pretty janky, but AFAIK there's no way to 13# query for supported algos. 14macs="" 15for m in `${SSH} -Q MACs`; do 16 if strings "${PLINK}" | grep -E "^${m}$" >/dev/null; then 17 macs="${macs} ${m}" 18 else 19 trace "omitting unsupported MAC ${m}" 20 fi 21done 22 23ciphers="" 24for c in `${SSH} -Q Ciphers`; do 25 if strings "${PLINK}" | grep -E "^${c}$" >/dev/null; then 26 ciphers="${ciphers} ${c}" 27 else 28 trace "omitting unsupported cipher ${c}" 29 fi 30done 31 32for c in default $ciphers; do 33 for m in default ${macs}; do 34 verbose "$tid: cipher $c mac $m" 35 cp ${OBJ}/.putty/sessions/localhost_proxy \ 36 ${OBJ}/.putty/sessions/cipher_$c 37 if [ "${c}" != "default" ]; then 38 echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c 39 fi 40 41 cp ${OBJ}/sshd_proxy_bak ${OBJ}/sshd_proxy 42 if [ "${m}" != "default" ]; then 43 echo "MACs $m" >> ${OBJ}/sshd_proxy 44 fi 45 46 rm -f ${COPY} 47 env HOME=$PWD ${PLINK} -load cipher_$c -batch -i ${OBJ}/putty.rsa2 \ 48 cat ${DATA} > ${COPY} 49 if [ $? -ne 0 ]; then 50 fail "ssh cat $DATA failed" 51 fi 52 cmp ${DATA} ${COPY} || fail "corrupted copy" 53 done 54done 55rm -f ${COPY} 56