1 # $OpenBSD: connect-privsep.sh,v 1.2 2011/06/30 22:44:43 markus Exp $ 2 # Placed in the Public Domain. 3 4 tid="proxy connect with privsep" 5 6 cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig 7 echo 'UsePrivilegeSeparation yes' >> $OBJ/sshd_proxy 8 9 for p in 1 2; do 10 ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true 11 if [ $? -ne 0 ]; then 12 fail "ssh privsep+proxyconnect protocol $p failed" 13 fi 14 done 15 16 cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy 17 echo 'UsePrivilegeSeparation sandbox' >> $OBJ/sshd_proxy 18 19 for p in 1 2; do 20 ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true 21 if [ $? -ne 0 ]; then 22 # XXX replace this with fail once sandbox has stabilised 23 warn "ssh privsep/sandbox+proxyconnect protocol $p failed" 24 fi 25 done 26
