56 lines
1.4 KiB
Bash
56 lines
1.4 KiB
Bash
# $OpenBSD: putty-ciphers.sh,v 1.13 2024/02/09 08:56:59 dtucker Exp $
|
|
# Placed in the Public Domain.
|
|
|
|
tid="putty ciphers"
|
|
|
|
puttysetup
|
|
|
|
cp ${OBJ}/sshd_proxy ${OBJ}/sshd_proxy_bak
|
|
|
|
# Since there doesn't seem to be a way to set MACs on the PuTTY client side,
|
|
# we force each in turn on the server side, omitting the ones PuTTY doesn't
|
|
# support. Grepping the binary is pretty janky, but AFAIK there's no way to
|
|
# query for supported algos.
|
|
macs=""
|
|
for m in `${SSH} -Q MACs`; do
|
|
if strings "${PLINK}" | grep -E "^${m}$" >/dev/null; then
|
|
macs="${macs} ${m}"
|
|
else
|
|
trace "omitting unsupported MAC ${m}"
|
|
fi
|
|
done
|
|
|
|
ciphers=""
|
|
for c in `${SSH} -Q Ciphers`; do
|
|
if strings "${PLINK}" | grep -E "^${c}$" >/dev/null; then
|
|
ciphers="${ciphers} ${c}"
|
|
else
|
|
trace "omitting unsupported cipher ${c}"
|
|
fi
|
|
done
|
|
|
|
for c in default $ciphers; do
|
|
for m in default ${macs}; do
|
|
verbose "$tid: cipher $c mac $m"
|
|
cp ${OBJ}/.putty/sessions/localhost_proxy \
|
|
${OBJ}/.putty/sessions/cipher_$c
|
|
if [ "${c}" != "default" ]; then
|
|
echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c
|
|
fi
|
|
|
|
cp ${OBJ}/sshd_proxy_bak ${OBJ}/sshd_proxy
|
|
if [ "${m}" != "default" ]; then
|
|
echo "MACs $m" >> ${OBJ}/sshd_proxy
|
|
fi
|
|
|
|
rm -f ${COPY}
|
|
env HOME=$PWD ${PLINK} -load cipher_$c -batch -i ${OBJ}/putty.rsa2 \
|
|
cat ${DATA} > ${COPY}
|
|
if [ $? -ne 0 ]; then
|
|
fail "ssh cat $DATA failed"
|
|
fi
|
|
cmp ${DATA} ${COPY} || fail "corrupted copy"
|
|
done
|
|
done
|
|
rm -f ${COPY}
|