upstream: penalty test is still a bit racy

OpenBSD-Regress-ID: 90c9ac224db454637baf1ebee5857e007321e824

regress/penalty.sh

@@ -25,14 +25,17 @@ verbose "penalty for authentication failure"
 cat /dev/null > $OBJ/authorized_keys_${USER}
 ${SSH} -F $OBJ/ssh_config somehost true && fatal "noauth connect succeeded"
 cp $OBJ/authorized_keys_${USER}.bak $OBJ/authorized_keys_${USER}
+sleep 2
 
 # Should be below penalty threshold
 ${SSH} -F $OBJ/ssh_config somehost true || fatal "authfail not expired"
+sleep 2
 
 # Fail authentication again; penalty should activate
 cat /dev/null > $OBJ/authorized_keys_${USER}
 ${SSH} -F $OBJ/ssh_config somehost true && fatal "noauth connect succeeded"
 cp $OBJ/authorized_keys_${USER}.bak $OBJ/authorized_keys_${USER}
+sleep 2
 
 # These should be refused by the active penalty
 ${SSH} -F $OBJ/ssh_config somehost true && fail "authfail not rejected"
@@ -42,6 +45,7 @@ conf "noauth:100s"
 ${SSH} -F $OBJ/ssh_config somehost true || fatal "basic connect failed"
 verbose "penalty for no authentication"
 ${SSHKEYSCAN} -t ssh-ed25519 -p $PORT 127.0.0.1 >/dev/null || fatal "keyscan failed"
+sleep 2
 
 # Repeat attempt should be penalised
 ${SSHKEYSCAN} -t ssh-ed25519 -p $PORT 127.0.0.1 >/dev/null 2>&1 && fail "keyscan not rejected"