test: Workaround the new OpenSSH failure rate limiting

The new OpenSSH rate limits the failed authentication attempts per source address and drops connection when the amount is reached, which is happening in our testsuite. By whitelisting the IP address of the client on the socket wrapper, this allows the tests to pass. https://man.openbsd.org/sshd_config.5#PerSourcePenaltyExemptList Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2026-02-04 12:20:42 +09:00 · 2024-08-09 11:30:15 +02:00
parent 362ab3a684
commit 7b89ff760a
1 changed files with 6 additions and 0 deletions
--- a/tests/torture.c
+++ b/tests/torture.c
@@ -755,6 +755,9 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
             "HostKeyAlgorithms " OPENSSH_KEYS "\n"
 #if OPENSSH_VERSION_MAJOR == 8 && OPENSSH_VERSION_MINOR >= 2
             "CASignatureAlgorithms " OPENSSH_KEYS "\n"
+#endif
+#if (OPENSSH_VERSION_MAJOR == 9 && OPENSSH_VERSION_MINOR >= 8) || OPENSSH_VERSION_MAJOR > 9
+             "PerSourcePenaltyExemptList 127.0.0.21\n"
 #endif
             "Ciphers " OPENSSH_CIPHERS "\n"
             "KexAlgorithms " OPENSSH_KEX "\n"
@@ -786,6 +789,9 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
             "%s\n" /* Here comes UsePam */
             "%s" /* The space for test-specific options */
             "\n"
+#if (OPENSSH_VERSION_MAJOR == 9 && OPENSSH_VERSION_MINOR >= 8) || OPENSSH_VERSION_MAJOR > 9
+             "PerSourcePenaltyExemptList 127.0.0.21\n"
+#endif
             "Ciphers "
                "aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,"
                "aes128-gcm@openssh.com,aes128-ctr,aes128-cbc"