Review comments.

README.md

@@ -140,11 +140,11 @@ Run the following:
 env OPENSSL_SYS_DIR=<PATH_TO_OPENSSL> ./oqs-scripts/build_openssh.sh
 ```
 
-`OPENSSL_SYS_DIR` does not have to be specified if OpenSSL is present under `usr/`.
+`OPENSSL_SYS_DIR` does not have to be specified if OpenSSL is present under `/usr`.
 
 As not all tests in the stock regression suite pass, run `oqs-test/run_tests.sh` instead of simply executing `make tests` to ensure the build was successful.
 
-To execute a connection test with a randomly chosen key-exchange and signature algorithm, run `python3 oqs-test/try_connection.py`. If it is desired that all such combinations should be tested, run `python3 oqs-test/try_connection.py all`. Be aware that this test can take a long time due to the number of algorithm combinations available.
+To execute a connection test with a randomly chosen key-exchange and signature algorithm, run `python3 oqs-test/try_connection.py`. If it is desired that each such combination be tested (exactly once), run `python3 oqs-test/try_connection.py all`. Be aware that the latter can take a long time due to the number of algorithm combinations available.
 
 ### Running OQS-OpenSSH
 
@@ -154,33 +154,41 @@ The following instructions explain how to establish an SSH connection that uses
 
 To setup quantum-safe authentication, the server (and optionally, the client) need to generate quantum-safe keys. To generate keys for all the OQS algorithms supported by fork, simply run `make tests -e LTESTS=""`.
 
+Keys for a particular `<SIG>` also be generated using the `ssh-keygen` command as follows:
+
+`<OPENSSH_SRC>/ssh-keygen -t ssh-<SIG> -f ~/ssh_client/id_<SIG>`
+
 #### Establishing a quantum-safe SSH connection
 
+Let `<OPENSSH_SRC>` denote the absolute path to the directory in which this source is present.
+
 In one terminal, run the ssh server:
 
-	<path-to-openssh>/sbin/sshd -D \
-	                            -f <absolute-path-to>/regress/sshd_config \
-	                            -o KexAlgorithms=<KEX> \
-	                            -o HostKeyAlgorithms=ssh-<SIG> \
-	                            -o PubkeyAcceptedKeyTypes=ssh-<SIG> \
-	                            -h <absolute-path-to>/regress/host.<SIG>
+	<OPENSSH_SRC>/sshd -D \
+	                   -f <OPENSSH_SRC>/regress/sshd_config \
+	                   -o KexAlgorithms=<KEX> \
+	                   -o HostKeyAlgorithms=ssh-<SIG> \
+	                   -o PubkeyAcceptedKeyTypes=ssh-<SIG> \
+	                   -h <OPENSSH_SRC>/regress/host.ssh-<SIG>
 
 `<KEX>` and `<SIG>` are respectively one of the key exchange and signature (PQ-only or hybrid) algorithms listed in the [Supported Algorithms](#supported-algorithms) section above.
 
 The `-o` options can also be added to the server/client configuration file instead of being specified on the command line.
 
 In another terminal, run the ssh client:
 
-	<path-to-openssh>/bin/ssh -F <absolute-path-to>/regress/ssh_config \
-	                          -o KexAlgorithms=<KEX> \
-	                          -o HostKeyAlgorithms=ssh-<SIG>\
-	                          -o PubkeyAcceptedKeyTypes=ssh-<SIG> \
-	                          -o PasswordAuthentication=no \
-	                          -i regress/<SIG> \
-                              somehost true
+	<OPENSSH_SRC>/ssh -F <OPENSSH_SRC>/regress/ssh_config \
+	                  -o KexAlgorithms=<KEX> \
+	                  -o HostKeyAlgorithms=ssh-<SIG>\
+	                  -o PubkeyAcceptedKeyTypes=ssh-<SIG> \
+	                  -o PasswordAuthentication=no \
+	                  -i regress/ssh-<SIG> \
+	                  somehost true
 
 The `PasswordAuthentication` option is used to ensure the test server does not fall back to password authentication if public key authentication fails for some reason.
 
+The -o options can also be added to the `regress/{ssh|sshd}_config` client/server configuration files instead of being specified on the command line.
+
 ## Contributing
 
 Contributions are gratefully welcomed. See our [Contributing Guide](https://github.com/open-quantum-safe/openssh-portable/wiki/Contributing-Guide) for more details.

oqs-scripts/build_openssh.sh

@@ -8,7 +8,7 @@
 
 set -exo pipefail
 
-PREFIX=${PREFIX:-"`pwd`/oqs-test/tmp"}
+INSTALL_PREFIX=${INSTALL_PREFIX:-"`pwd`/oqs-test/tmp"}
 WITH_OPENSSL=${WITH_OPENSSL:-"true"}
 
 case "$OSTYPE" in
@@ -24,9 +24,9 @@ else
 fi
 
 if [ "x${WITH_OPENSSL}" == "xtrue" ]; then
-    ./configure --prefix="${PREFIX}" --with-ldflags="-Wl,-rpath -Wl,${PREFIX}/lib" --with-libs=-lm --with-ssl-dir="${OPENSSL_SYS_DIR}" --with-liboqs-dir="`pwd`/oqs" --with-cflags="-Wno-implicit-function-declaration -I${PREFIX}/include" --sysconfdir="${PREFIX}"
+    ./configure --prefix="${INSTALL_PREFIX}" --with-ldflags="-Wl,-rpath -Wl,${INSTALL_PREFIX}/lib" --with-libs=-lm --with-ssl-dir="${OPENSSL_SYS_DIR}" --with-liboqs-dir="`pwd`/oqs" --with-cflags="-Wno-implicit-function-declaration -I${INSTALL_PREFIX}/include" --sysconfdir="${INSTALL_PREFIX}"
 else
-    ./configure --prefix="${PREFIX}" --with-ldflags="-Wl,-rpath -Wl,${PREFIX}/lib" --with-libs=-lm --without-openssl --with-liboqs-dir="`pwd`/oqs" --with-cflags="-I${PREFIX}/include" --sysconfdir="${PREFIX}"
+    ./configure --prefix="${INSTALL_PREFIX}" --with-ldflags="-Wl,-rpath -Wl,${INSTALL_PREFIX}/lib" --with-libs=-lm --without-openssl --with-liboqs-dir="`pwd`/oqs" --with-cflags="-I${INSTALL_PREFIX}/include" --sysconfdir="${INSTALL_PREFIX}"
 fi
 if [ "x${CIRCLECI}" == "xtrue" ] || [ "x${TRAVIS}" == "xtrue" ]; then
     make -j2