From 7b89ff760a2c7119916eaa8fd6a62afbd15fc3ad Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Fri, 9 Aug 2024 11:30:15 +0200 Subject: [PATCH] test: Workaround the new OpenSSH failure rate limiting The new OpenSSH rate limits the failed authentication attempts per source address and drops connection when the amount is reached, which is happening in our testsuite. By whitelisting the IP address of the client on the socket wrapper, this allows the tests to pass. https://man.openbsd.org/sshd_config.5#PerSourcePenaltyExemptList Signed-off-by: Jakub Jelen Reviewed-by: Andreas Schneider --- tests/torture.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/torture.c b/tests/torture.c index c832dfa6..ad0a7836 100644 --- a/tests/torture.c +++ b/tests/torture.c @@ -755,6 +755,9 @@ static void torture_setup_create_sshd_config(void **state, bool pam) "HostKeyAlgorithms " OPENSSH_KEYS "\n" #if OPENSSH_VERSION_MAJOR == 8 && OPENSSH_VERSION_MINOR >= 2 "CASignatureAlgorithms " OPENSSH_KEYS "\n" +#endif +#if (OPENSSH_VERSION_MAJOR == 9 && OPENSSH_VERSION_MINOR >= 8) || OPENSSH_VERSION_MAJOR > 9 + "PerSourcePenaltyExemptList 127.0.0.21\n" #endif "Ciphers " OPENSSH_CIPHERS "\n" "KexAlgorithms " OPENSSH_KEX "\n" @@ -786,6 +789,9 @@ static void torture_setup_create_sshd_config(void **state, bool pam) "%s\n" /* Here comes UsePam */ "%s" /* The space for test-specific options */ "\n" +#if (OPENSSH_VERSION_MAJOR == 9 && OPENSSH_VERSION_MINOR >= 8) || OPENSSH_VERSION_MAJOR > 9 + "PerSourcePenaltyExemptList 127.0.0.21\n" +#endif "Ciphers " "aes256-gcm@openssh.com,aes256-ctr,aes256-cbc," "aes128-gcm@openssh.com,aes128-ctr,aes128-cbc" -- 2.46.0