1*4f52dfbbSDag-Erling Smørgrav# $OpenBSD: try-ciphers.sh,v 1.26 2017/04/30 23:34:55 djm Exp $ 2ce3adf43SDag-Erling Smørgrav# Placed in the Public Domain. 3ce3adf43SDag-Erling Smørgrav 4ce3adf43SDag-Erling Smørgravtid="try ciphers" 5ce3adf43SDag-Erling Smørgrav 6a0ee8cc6SDag-Erling Smørgravcp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 7a0ee8cc6SDag-Erling Smørgrav 8f7167e0eSDag-Erling Smørgravfor c in `${SSH} -Q cipher`; do 9ce3adf43SDag-Erling Smørgrav n=0 10f7167e0eSDag-Erling Smørgrav for m in `${SSH} -Q mac`; do 11*4f52dfbbSDag-Erling Smørgrav trace "cipher $c mac $m" 12*4f52dfbbSDag-Erling Smørgrav verbose "test $tid: cipher $c mac $m" 13a0ee8cc6SDag-Erling Smørgrav cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 14a0ee8cc6SDag-Erling Smørgrav echo "Ciphers=$c" >> $OBJ/sshd_proxy 15a0ee8cc6SDag-Erling Smørgrav echo "MACs=$m" >> $OBJ/sshd_proxy 16*4f52dfbbSDag-Erling Smørgrav ${SSH} -F $OBJ/ssh_proxy -m $m -c $c somehost true 17ce3adf43SDag-Erling Smørgrav if [ $? -ne 0 ]; then 18*4f52dfbbSDag-Erling Smørgrav fail "ssh failed with mac $m cipher $c" 19ce3adf43SDag-Erling Smørgrav fi 20f7167e0eSDag-Erling Smørgrav # No point trying all MACs for AEAD ciphers since they 21f7167e0eSDag-Erling Smørgrav # are ignored. 22557f75e5SDag-Erling Smørgrav if ${SSH} -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then 23f7167e0eSDag-Erling Smørgrav break 24f7167e0eSDag-Erling Smørgrav fi 25ce3adf43SDag-Erling Smørgrav n=`expr $n + 1` 26ce3adf43SDag-Erling Smørgrav done 27ce3adf43SDag-Erling Smørgravdone 28ce3adf43SDag-Erling Smørgrav 29