diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2024-06-14 06:43:11 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2024-06-14 06:46:21 +0200 |
| commit | 2866ad08a9c50d7b67ce9424ca990532b806a21a (patch) | |
| tree | 31e99d1f590343690599a0c241892598790b03d3 /regress/penalty.sh | |
| parent | add a sshd_config PamServiceName option (diff) | |
| download | openssh-2866ad08a9c50d7b67ce9424ca990532b806a21a.tar.xz openssh-2866ad08a9c50d7b67ce9424ca990532b806a21a.zip | |
upstream: split the PerSourcePenalties test in two: one tests penalty
enforcement but not penalty expiry, the other tests penalty expiry.
This lets us disable the expiry testing in certain CI test environments.
OpenBSD-Regress-ID: f56811064f3e3cb52ee73a206b8c2a06af1c8791
Diffstat (limited to '')
| -rw-r--r-- | regress/penalty.sh | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/regress/penalty.sh b/regress/penalty.sh index 0285f0036..4308e0b82 100644 --- a/regress/penalty.sh +++ b/regress/penalty.sh @@ -14,7 +14,7 @@ conf() { start_sshd } -conf "noauth:10s authfail:6s grace-exceeded:10s min:8s max:20s" +conf "authfail:30s min:50s max:200s" verbose "test connect" ${SSH} -F $OBJ/ssh_config somehost true || fatal "basic connect failed" @@ -36,13 +36,10 @@ cp $OBJ/authorized_keys_${USER}.bak $OBJ/authorized_keys_${USER} # These should be refused by the active penalty ${SSH} -F $OBJ/ssh_config somehost true && fail "authfail not rejected" -sleep 5 ${SSH} -F $OBJ/ssh_config somehost true && fail "repeat authfail not rejected" -# Penalty should have expired, this should succeed. -sleep 8 -${SSH} -F $OBJ/ssh_config somehost true || fail "authfail not expired" - +conf "noauth:100s" +${SSH} -F $OBJ/ssh_config somehost true || fatal "basic connect failed" verbose "penalty for no authentication" ${SSHKEYSCAN} -t ssh-ed25519 -p $PORT 127.0.0.1 >/dev/null || fatal "keyscan failed" |