system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-21 18:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
freebsd-src/crypto/openssh/regress/cipher-speed.sh
Ed Maste 1323ec5712 ssh: update to OpenSSH v8.9p1 
Release notes are available at https://www.openssh.com/txt/release-8.9

Some highlights:

 * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
   restricting forwarding and use of keys added to ssh-agent(1)

 * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
   ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
   default KEXAlgorithms list (after the ECDH methods but before the
   prime-group DH ones). The next release of OpenSSH is likely to
   make this key exchange the default method.

 * sshd(8), portable OpenSSH only: this release removes in-built
   support for MD5-hashed passwords. If you require these on your
   system then we recommend linking against libxcrypt or similar.

Future deprecation notice
=========================

A near-future release of OpenSSH will switch scp(1) from using the
legacy scp/rcp protocol to using SFTP by default.

Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.

MFC after:	1 month
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
2022-04-13 16:00:56 -04:00

43 lines
1 KiB
Bash
Raw Blame History

# $OpenBSD: cipher-speed.sh,v 1.14 2017/04/30 23:34:55 djm Exp $
# Placed in the Public Domain.
tid="cipher speed"
# Enable all supported ciphers and macs.
ciphers=`${SSH} -Q Ciphers | tr '\n' , | sed 's/,$//'`
macs=`${SSH} -Q MACs | tr '\n' , | sed 's/,$//'`
cat >>$OBJ/sshd_proxy <<EOD
Ciphers $ciphers
MACs $macs
EOD
increase_datafile_size 10000 # 10MB
getbytes ()
{
sed -n -e '/transferred/s/.*secs (\(.* bytes.sec\).*/\1/p' \
-e '/copied/s/.*s, \(.* MB.s\).*/\1/p'
}
tries="1 2"
for c in `${SSH} -Q cipher`; do n=0; for m in `${SSH} -Q mac`; do
trace "cipher $c mac $m"
for x in $tries; do
printf "%-60s" "$c/$m:"
( ${SSH} -o 'compression no' \
-F $OBJ/ssh_proxy -m $m -c $c somehost \
exec sh -c \'"dd of=/dev/null obs=32k"\' \
< ${DATA} ) 2>&1 | getbytes
if [ $? -ne 0 ]; then
fail "ssh failed with mac $m cipher $c"
fi
done
# No point trying all MACs for AEAD ciphers since they are ignored.
if ${SSH} -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then
break
fi
n=`expr $n + 1`
done; done
Reference in a new issue View git blame Copy permalink