Vendor import of OpenSSH 3.9p1.

11 files changed, 413 insertions, 25 deletions

diff --git a/crypto/openssh/regress/Makefile b/crypto/openssh/regress/Makefile
index cf65b36..9e98e58 100644
--- a/crypto/openssh/regress/Makefile
+++ b/crypto/openssh/regress/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.27 2004/02/17 08:23:20 dtucker Exp $
+#	$OpenBSD: Makefile,v 1.31 2004/06/24 19:32:00 djm Exp $
 
 REGRESS_TARGETS=	t1 t2 t3 t4 t5 t6 t7 t-exec
 tests:		$(REGRESS_TARGETS)
@@ -13,6 +13,7 @@ LTESTS= 	connect \
 		proto-version \
 		proto-mismatch \
 		exit-status \
+		envpass \
 		transfer \
 		banner \
 		rekey \
@@ -28,13 +29,16 @@ LTESTS= 	connect \
 		agent-ptrace \
 		keyscan \
 		keygen-change \
+		scp \
 		sftp \
 		sftp-cmds \
 		sftp-badcmds \
 		sftp-batch \
 		reconfigure \
 		dynamic-forward \
-		forwarding
+		forwarding \
+		multiplex \
+		reexec
 
 USER!=		id -un
 CLEANFILES=	t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
@@ -42,7 +46,9 @@ CLEANFILES=	t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
 		ssh_config ssh_proxy sshd_config sshd_proxy \
 		rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \
 		rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \
-		ls.copy banner.in banner.out empty.in remote_pid
+		ls.copy banner.in banner.out empty.in \
+		scp-ssh-wrapper.exe \
+		remote_pid
 
 #LTESTS +=	ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
 
diff --git a/crypto/openssh/regress/README.regress b/crypto/openssh/regress/README.regress
index 6ff032b..0c07c9c 100644
--- a/crypto/openssh/regress/README.regress
+++ b/crypto/openssh/regress/README.regress
@@ -27,15 +27,26 @@ TEST_SSH_QUIET: set to "yes" to suppress non-fatal output.
 TEST_SSH_x: path to "ssh" command under test, where x=SSH,SSHD,SSHAGENT,SSHADD
 	SSHKEYGEN,SSHKEYSCAN,SFTP,SFTPSERVER
 OBJ: used by test scripts to access build dir.
+TEST_SHELL: shell used for running the test scripts.
+TEST_SSH_PORT: TCP port to be used for the listening tests.
+TEST_SSH_SSH_CONFOTPS: Configuration directives to be added to ssh_config
+	before running each test.
+TEST_SSH_SSHD_CONFOTPS: Configuration directives to be added to sshd_config
+	before running each test.
 
 
 Individual tests.
 
-You can invoke test-exec.sh directly if you set up the path to find the
-binaries under test and the test scripts themselves, for example:
+You can run an individual test from the top-level Makefile, eg:
+$ make tests LTESTS=agent-timeout
+
+If you need to manipulate the environment more you can invoke test-exec.sh
+directly if you set up the path to find the binaries under test and the
+test scripts themselves, for example:
 
 $ cd regress
-$ PATH=`pwd`/..:$PATH:. sh test-exec.sh `pwd` agent-timeout.sh
+$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd` \
+    agent-timeout.sh
 ok agent timeout test
 
 
@@ -82,16 +93,12 @@ Failed tests can be difficult to diagnose. Suggestions:
 
 Known Issues.
 
-- If you build with tcpwrappers and try to run the regression tests,
-  your hosts.allow must permit connections from localhost and from
-  "unknown".  This is because some tests are performed via the loopback
-  interface, while others are done with "sshd -i" as a ProxyCommand.  In
-  the latter case, when sshd calls getpeername() on the socket it will
-  fail (because it's not a tcp socket) and will be identified as
-  "unknown", which is then checked against tcpwrappers.
-
 - If your build requires ssh-rand-helper regress tests will fail
   unless ssh-rand-helper is in pre-installed (the path to
   ssh-rand-helper is hard coded).
 
-$Id: README.regress,v 1.4 2004/03/08 20:12:18 tim Exp $
+- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head
+  test to fail.  The old behaviour can be restored by setting (and
+  exporting) _POSIX2_VERSION=199209 before running the tests.
+
+$Id: README.regress,v 1.9 2004/08/17 12:31:33 dtucker Exp $
diff --git a/crypto/openssh/regress/dynamic-forward.sh b/crypto/openssh/regress/dynamic-forward.sh
index 3a6e5c1..392fc19 100644
--- a/crypto/openssh/regress/dynamic-forward.sh
+++ b/crypto/openssh/regress/dynamic-forward.sh
@@ -3,8 +3,8 @@
 
 tid="dynamic forwarding"
 
-PORT=4242
-FWDPORT=4243
+FWDPORT=`expr $PORT + 1`
+
 DATA=/bin/ls${EXEEXT}
 
 if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then
diff --git a/crypto/openssh/regress/envpass.sh b/crypto/openssh/regress/envpass.sh
new file mode 100644
index 0000000..5a7e178
--- /dev/null
+++ b/crypto/openssh/regress/envpass.sh
@@ -0,0 +1,51 @@
+#	$OpenBSD: envpass.sh,v 1.3 2004/06/22 22:42:02 dtucker Exp $
+#	Placed in the Public Domain.
+
+tid="environment passing"
+
+# NB accepted env vars are in test-exec.sh (_XXX_TEST_* and _XXX_TEST)
+
+trace "pass env, don't accept"
+verbose "test $tid: pass env, don't accept"
+_TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy otherhost \
+	sh << 'EOF'
+	test -z "$_TEST_ENV"
+EOF
+r=$?
+if [ $r -ne 0 ]; then
+	fail "environment found"
+fi
+
+trace "don't pass env, accept"
+verbose "test $tid: don't pass env, accept"
+${SSH} -F $OBJ/ssh_proxy otherhost \
+	sh << 'EOF'
+	test -z "$_XXX_TEST_A" && test -z "$_XXX_TEST_B"
+EOF
+r=$?
+if [ $r -ne 0 ]; then
+	fail "environment found"
+fi
+
+trace "pass single env, accept single env"
+verbose "test $tid: pass single env, accept single env"
+_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy otherhost \
+	sh << 'EOF'
+	test X"$_XXX_TEST" = X"blah"
+EOF
+r=$?
+if [ $r -ne 0 ]; then
+	fail "environment not found"
+fi
+
+trace "pass multiple env, accept multiple env"
+verbose "test $tid: pass multiple env, accept multiple env"
+_XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -oSendEnv="_XXX_TEST_*" \
+    -F $OBJ/ssh_proxy otherhost \
+	sh << 'EOF'
+	test X"$_XXX_TEST_A" = X"1" -a X"$_XXX_TEST_B" = X"2"
+EOF
+r=$?
+if [ $r -ne 0 ]; then
+	fail "environment not found"
+fi
diff --git a/crypto/openssh/regress/login-timeout.sh b/crypto/openssh/regress/login-timeout.sh
index dfc6e6b..ce6edad 100644
--- a/crypto/openssh/regress/login-timeout.sh
+++ b/crypto/openssh/regress/login-timeout.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: login-timeout.sh,v 1.1 2004/02/17 08:23:20 dtucker Exp $
+#	$OpenBSD: login-timeout.sh,v 1.3 2004/03/08 10:17:12 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="connect after login grace timeout"
@@ -15,7 +15,7 @@ if [ $? -ne 0 ]; then
 	fail "ssh connect after login grace timeout failed with privsep"
 fi
 
-kill `cat $PIDFILE`
+$SUDO kill `cat $PIDFILE`
 
 trace "test login grace without privsep"
 echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config
diff --git a/crypto/openssh/regress/multiplex.sh b/crypto/openssh/regress/multiplex.sh
new file mode 100644
index 0000000..dbf2025
--- /dev/null
+++ b/crypto/openssh/regress/multiplex.sh
@@ -0,0 +1,74 @@
+#	$OpenBSD: multiplex.sh,v 1.8 2004/06/22 03:12:13 markus Exp $
+#	Placed in the Public Domain.
+
+CTL=$OBJ/ctl-sock
+
+tid="connection multiplexing"
+
+DATA=/bin/ls${EXEEXT}
+COPY=$OBJ/ls.copy
+
+start_sshd
+
+trace "start master, fork to background"
+${SSH} -2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" -f somehost sleep 120
+
+verbose "test $tid: envpass"
+trace "env passing over multiplexed connection"
+_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -S$CTL otherhost sh << 'EOF'
+	test X"$_XXX_TEST" = X"blah"
+EOF
+if [ $? -ne 0 ]; then
+	fail "environment not found"
+fi
+
+verbose "test $tid: transfer"
+rm -f ${COPY}
+trace "ssh transfer over multiplexed connection and check result"
+${SSH} -S$CTL otherhost cat ${DATA} > ${COPY}
+test -f ${COPY}			|| fail "ssh -Sctl: failed copy ${DATA}" 
+cmp ${DATA} ${COPY}		|| fail "ssh -Sctl: corrupted copy of ${DATA}"
+
+rm -f ${COPY}
+trace "ssh transfer over multiplexed connection and check result"
+${SSH} -S $CTL otherhost cat ${DATA} > ${COPY}
+test -f ${COPY}			|| fail "ssh -S ctl: failed copy ${DATA}" 
+cmp ${DATA} ${COPY}		|| fail "ssh -S ctl: corrupted copy of ${DATA}"
+
+rm -f ${COPY}
+trace "sftp transfer over multiplexed connection and check result"
+echo "get ${DATA} ${COPY}" | \
+	${SFTP} -S ${SSH} -oControlPath=$CTL otherhost >/dev/null 2>&1
+test -f ${COPY}			|| fail "sftp: failed copy ${DATA}" 
+cmp ${DATA} ${COPY}		|| fail "sftp: corrupted copy of ${DATA}"
+
+rm -f ${COPY}
+trace "scp transfer over multiplexed connection and check result"
+${SCP} -S ${SSH} -oControlPath=$CTL otherhost:${DATA} ${COPY} >/dev/null 2>&1
+test -f ${COPY}			|| fail "scp: failed copy ${DATA}" 
+cmp ${DATA} ${COPY}		|| fail "scp: corrupted copy of ${DATA}"
+
+rm -f ${COPY}
+
+for s in 0 1 4 5 44; do
+	trace "exit status $s over multiplexed connection"
+	verbose "test $tid: status $s"
+	${SSH} -S $CTL otherhost exit $s
+	r=$?
+	if [ $r -ne $s ]; then
+		fail "exit code mismatch for protocol $p: $r != $s"
+	fi
+
+	# same with early close of stdout/err
+	trace "exit status $s with early close over multiplexed connection"
+	${SSH} -S $CTL -n otherhost \
+                exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\'
+	r=$?
+	if [ $r -ne $s ]; then
+		fail "exit code (with sleep) mismatch for protocol $p: $r != $s"
+	fi
+done
+
+# kill master, remove control socket.  ssh -MS will exit when sleep exits
+$SUDO kill `cat $PIDFILE`
+rm -f $CTL
diff --git a/crypto/openssh/regress/reexec.sh b/crypto/openssh/regress/reexec.sh
new file mode 100644
index 0000000..39fffef
--- /dev/null
+++ b/crypto/openssh/regress/reexec.sh
@@ -0,0 +1,87 @@
+#	$OpenBSD: reexec.sh,v 1.3 2004/06/25 01:32:44 djm Exp $
+#	Placed in the Public Domain.
+
+tid="reexec tests"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+SSHD_ORIG=$SSHD
+SSHD_COPY=$OBJ/sshd.copy
+
+# Start a sshd and then delete it
+start_sshd_copy_zap ()
+{
+	cp $SSHD_ORIG $SSHD_COPY
+	SSHD=$SSHD_COPY
+	start_sshd
+	rm -f $SSHD_COPY
+	SSHD=$SSHD_ORIG
+}
+
+verbose "test config passing"
+cp $OBJ/sshd_config $OBJ/sshd_config.orig
+
+start_sshd
+
+echo "InvalidXXX=no" >> $OBJ/sshd_config
+
+rm -f ${COPY}
+for p in 1 2; do
+	verbose "$tid: proto $p"
+	${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
+	    cat ${DATA} > ${COPY}
+	if [ $? -ne 0 ]; then
+		fail "ssh cat $DATA failed"
+	fi
+	cmp ${DATA} ${COPY}		|| fail "corrupted copy"
+	rm -f ${COPY}
+done
+
+$SUDO kill `cat $PIDFILE`
+rm -f $PIDFILE
+
+cp $OBJ/sshd_config.orig $OBJ/sshd_config
+
+verbose "test reexec fallback"
+
+start_sshd_copy_zap
+
+rm -f ${COPY}
+for p in 1 2; do
+	verbose "$tid: proto $p"
+	${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
+	    cat ${DATA} > ${COPY}
+	if [ $? -ne 0 ]; then
+		fail "ssh cat $DATA failed"
+	fi
+	cmp ${DATA} ${COPY}		|| fail "corrupted copy"
+	rm -f ${COPY}
+done
+
+$SUDO kill `cat $PIDFILE`
+rm -f $PIDFILE
+
+verbose "test reexec fallback without privsep"
+
+cp $OBJ/sshd_config.orig $OBJ/sshd_config
+echo "UsePrivilegeSeparation=no" >> $OBJ/sshd_config
+
+start_sshd_copy_zap
+
+rm -f ${COPY}
+for p in 1 2; do
+	verbose "$tid: proto $p"
+	${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
+	    cat ${DATA} > ${COPY}
+	if [ $? -ne 0 ]; then
+		fail "ssh cat $DATA failed"
+	fi
+	cmp ${DATA} ${COPY}		|| fail "corrupted copy"
+	rm -f ${COPY}
+done
+
+$SUDO kill `cat $PIDFILE`
+rm -f $PIDFILE
+
+cp $OBJ/sshd_config.orig $OBJ/sshd_config
+
diff --git a/crypto/openssh/regress/scp-ssh-wrapper.sh b/crypto/openssh/regress/scp-ssh-wrapper.sh
new file mode 100644
index 0000000..8e43147
--- /dev/null
+++ b/crypto/openssh/regress/scp-ssh-wrapper.sh
@@ -0,0 +1,54 @@
+#!/bin/sh
+#       $OpenBSD: scp-ssh-wrapper.sh,v 1.1 2004/06/13 13:51:02 dtucker Exp $
+#       Placed in the Public Domain.
+
+printname () {
+	NAME=$1
+	save_IFS=$IFS
+	IFS=/
+	set -- `echo "$NAME"`
+	IFS="$save_IFS"
+	while [ $# -ge 1 ] ; do
+		if [ "x$1" != "x" ]; then
+			echo "D0755 0 $1"
+		fi
+		shift;
+	done
+}
+
+# discard first 5 args
+shift; shift; shift; shift; shift
+
+BAD="../../../../../../../../../../../../../${DIR}/dotpathdir"
+
+case "$SCPTESTMODE" in
+badserver_0)
+	echo "D0755 0 /${DIR}/rootpathdir"
+	echo "C755 2 rootpathfile"
+	echo "X"
+	;;
+badserver_1)
+	echo "D0755 0 $BAD"
+	echo "C755 2 file"
+	echo "X"
+	;;
+badserver_2)
+	echo "D0755 0 $BAD"
+	echo "C755 2 file"
+	echo "X"
+	;;
+badserver_3)
+	printname $BAD
+	echo "C755 2 file"
+	echo "X"
+	;;
+badserver_4)
+	printname $BAD
+	echo "D0755 0 .."
+	echo "C755 2 file"
+	echo "X"
+	;;
+*)
+	exec $1
+	;;
+esac
diff --git a/crypto/openssh/regress/scp.sh b/crypto/openssh/regress/scp.sh
new file mode 100644
index 0000000..703cc08
--- /dev/null
+++ b/crypto/openssh/regress/scp.sh
@@ -0,0 +1,82 @@
+#	$OpenBSD: scp.sh,v 1.2 2004/06/16 13:15:09 dtucker Exp $
+#	Placed in the Public Domain.
+
+tid="scp"
+
+#set -x
+
+# Figure out if diff understands "-N"
+if diff -N ${SRC}/scp.sh ${SRC}/scp.sh 2>/dev/null; then
+	DIFFOPT="-rN"
+else
+	DIFFOPT="-r"
+fi
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+COPY2=${OBJ}/copy2
+DIR=${COPY}.dd
+DIR2=${COPY}.dd2
+
+SRC=`dirname ${SCRIPT}`
+cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.exe
+chmod 755 ${OBJ}/scp-ssh-wrapper.exe
+scpopts="-q -S ${OBJ}/scp-ssh-wrapper.exe"
+
+scpclean() {
+	rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2}
+	mkdir ${DIR} ${DIR2}
+}
+
+verbose "$tid: simple copy local file to remote file"
+scpclean
+$SCP $scpopts ${DATA} somehost:${COPY} || fail "copy failed"
+cmp ${DATA} ${COPY} || fail "corrupted copy"
+
+verbose "$tid: simple copy remote file to local file"
+scpclean
+$SCP $scpopts somehost:${DATA} ${COPY} || fail "copy failed"
+cmp ${DATA} ${COPY} || fail "corrupted copy"
+
+verbose "$tid: simple copy local file to remote dir"
+scpclean
+cp ${DATA} ${COPY}
+$SCP $scpopts ${COPY} somehost:${DIR} || fail "copy failed"
+cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
+
+verbose "$tid: simple copy remote file to local dir"
+scpclean
+cp ${DATA} ${COPY}
+$SCP $scpopts somehost:${COPY} ${DIR} || fail "copy failed"
+cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
+
+verbose "$tid: recursive local dir to remote dir"
+scpclean
+rm -rf ${DIR2}
+cp ${DATA} ${DIR}/copy
+$SCP $scpopts -r ${DIR} somehost:${DIR2} || fail "copy failed"
+diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
+
+verbose "$tid: recursive remote dir to local dir"
+scpclean
+rm -rf ${DIR2}
+cp ${DATA} ${DIR}/copy
+$SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed"
+diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
+
+for i in 0 1 2 3 4; do
+	verbose "$tid: disallow bad server #$i"
+	SCPTESTMODE=badserver_$i
+	export DIR SCPTESTMODE
+	scpclean
+	$SCP $scpopts somehost:${DATA} ${DIR} >/dev/null 2>/dev/null
+	[ -d {$DIR}/rootpathdir ] && fail "allows dir relative to root dir"
+	[ -d ${DIR}/dotpathdir ] && fail "allows dir creation in non-recursive mode"
+
+	scpclean
+	$SCP -r $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
+	[ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir"
+done
+
+scpclean
+rm -f ${OBJ}/scp-ssh-wrapper.exe
diff --git a/crypto/openssh/regress/test-exec.sh b/crypto/openssh/regress/test-exec.sh
index 986d992..70250ac 100644
--- a/crypto/openssh/regress/test-exec.sh
+++ b/crypto/openssh/regress/test-exec.sh
@@ -1,9 +1,14 @@
-#	$OpenBSD: test-exec.sh,v 1.15 2004/02/24 16:56:30 markus Exp $
+#	$OpenBSD: test-exec.sh,v 1.23 2004/06/25 01:25:12 djm Exp $
 #	Placed in the Public Domain.
 
-PORT=4242
 #SUDO=sudo
 
+if [ ! -z "$TEST_SSH_PORT" ]; then
+	PORT="$TEST_SSH_PORT"
+else
+	PORT=4242
+fi
+
 if [ -x /usr/ucb/whoami ]; then
 	USER=`/usr/ucb/whoami`
 elif whoami >/dev/null 2>&1; then
@@ -47,6 +52,7 @@ SSHKEYGEN=ssh-keygen
 SSHKEYSCAN=ssh-keyscan
 SFTP=sftp
 SFTPSERVER=/usr/libexec/openssh/sftp-server
+SCP=scp
 
 if [ "x$TEST_SSH_SSH" != "x" ]; then
 	SSH="${TEST_SSH_SSH}"
@@ -72,10 +78,16 @@ fi
 if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
 	SFTPSERVER="${TEST_SSH_SFTPSERVER}"
 fi
+if [ "x$TEST_SSH_SCP" != "x" ]; then
+	SCP="${TEST_SSH_SCP}"
+fi
+
+# Path to sshd must be absolute for rexec
+SSHD=`which sshd`
 
 # these should be used in tests
-export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER
-#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER
+export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
+#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
 
 # helper
 echon()
@@ -156,15 +168,23 @@ trap fatal 3 2
 
 # create server config
 cat << EOF > $OBJ/sshd_config
+	StrictModes		no
 	Port			$PORT
 	ListenAddress		127.0.0.1
 	#ListenAddress		::1
 	PidFile			$PIDFILE
 	AuthorizedKeysFile	$OBJ/authorized_keys_%u
 	LogLevel		QUIET
-	StrictModes		no
+	AcceptEnv		_XXX_TEST_*
+	AcceptEnv		_XXX_TEST
+	Subsystem	sftp	$SFTPSERVER
 EOF
 
+if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
+	trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
+	echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
+fi
+
 # server config for proxy connects
 cp $OBJ/sshd_config $OBJ/sshd_proxy
 
@@ -190,6 +210,11 @@ Host *
 	StrictHostKeyChecking	yes
 EOF
 
+if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
+	trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS"
+	echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config
+fi
+
 rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
 
 trace "generate keys"
diff --git a/crypto/openssh/regress/try-ciphers.sh b/crypto/openssh/regress/try-ciphers.sh
index 15827e2..c6e1b91 100644
--- a/crypto/openssh/regress/try-ciphers.sh
+++ b/crypto/openssh/regress/try-ciphers.sh
@@ -29,8 +29,10 @@ for c in $ciphers; do
 	fi
 done
 
-if ! ${SSH} -oCiphers=acss@openssh.org 2>&1 | grep "Bad SSH2 cipher" >/dev/null
+if ${SSH} -oCiphers=acss@openssh.org 2>&1 | grep "Bad SSH2 cipher" >/dev/null
 then
+	:
+else
 
 echo "Ciphers acss@openssh.org" >> $OBJ/sshd_proxy
 c=acss@openssh.org