From: djm Date: Sat, 17 Jan 2015 18:54:30 +0000 (+0000) Subject: unit test for hostkeys in ssh-agent X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=bd411c73de1cdfd266037d3b9bb188639aa16a7a;p=openbsd unit test for hostkeys in ssh-agent --- diff --git a/regress/usr.bin/ssh/hostkey-agent.sh b/regress/usr.bin/ssh/hostkey-agent.sh new file mode 100644 index 00000000000..4562f42af8d --- /dev/null +++ b/regress/usr.bin/ssh/hostkey-agent.sh @@ -0,0 +1,55 @@ +# $OpenBSD: hostkey-agent.sh,v 1.1 2015/01/17 18:54:30 djm Exp $ +# Placed in the Public Domain. + +tid="hostkey agent" + +# Need full names here since they are used in HostKeyAlgorithms +HOSTKEY_TYPES="ecdsa-sha2-nistp256 ssh-ed25519 ssh-rsa ssh-dss" + +rm -f $OBJ/agent.* $OBJ/ssh_proxy.orig + +trace "start agent" +eval `${SSHAGENT} -s` > /dev/null +r=$? +[ $r -ne 0 ] && fatal "could not start ssh-agent: exit code $r" + +grep -vi 'hostkey' $OBJ/sshd_proxy > $OBJ/sshd_proxy.orig +echo "HostKeyAgent $SSH_AUTH_SOCK" >> $OBJ/sshd_proxy.orig +echo "LogLevel debug3" >> $OBJ/sshd_proxy.orig +rm $OBJ/known_hosts + +trace "load hostkeys" +for k in $HOSTKEY_TYPES ; do + ${SSHKEYGEN} -qt $k -f $OBJ/agent.$k -N '' || fatal "ssh-keygen $k" + ( + echo -n 'localhost-with-alias,127.0.0.1,::1 ' + cat $OBJ/agent.$k.pub + ) >> $OBJ/known_hosts + ${SSHADD} $OBJ/agent.$k >/dev/null 2>&1 || \ + fatal "couldn't load key $OBJ/agent.$k" + echo "Hostkey $OBJ/agent.${k}" >> sshd_proxy.orig + # Remove private key so the server can't use it. + rm $OBJ/agent.$k || fatal "couldn't rm $OBJ/agent.$k" +done + +unset SSH_AUTH_SOCK + +for ps in no yes; do + cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy + echo "UsePrivilegeSeparation $ps" >> $OBJ/sshd_proxy + for k in $HOSTKEY_TYPES ; do + verbose "key type $k privsep=$ps" + opts="-oHostKeyAlgorithms=$k -F $OBJ/ssh_proxy" + SSH_CONNECTION=`${SSH} $opts host 'echo $SSH_CONNECTION'` + if [ $? -ne 0 ]; then + fail "protocol $p privsep=$ps failed" + fi + if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then + fail "bad SSH_CONNECTION key type $k privsep=$ps" + fi + done +done + +trace "kill agent" +${SSHAGENT} -k > /dev/null + diff --git a/regress/usr.bin/ssh/test-exec.sh b/regress/usr.bin/ssh/test-exec.sh index b09a22fe5f5..f5ad2397530 100644 --- a/regress/usr.bin/ssh/test-exec.sh +++ b/regress/usr.bin/ssh/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.48 2014/07/06 07:42:03 djm Exp $ +# $OpenBSD: test-exec.sh,v 1.49 2015/01/17 18:54:30 djm Exp $ # Placed in the Public Domain. USER=`id -un` @@ -130,6 +130,19 @@ echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP chmod a+rx $OBJ/ssh-log-wrapper.sh SSH="$SSHLOGWRAP" +# Colourise output if we are attached to a tty +if tty >/dev/null 2>&1 ; then + _R=`tput setaf 8 2>/dev/null` + _G=`tput setaf 2 2>/dev/null` + _B=`tput bold 2>/dev/null` + _N=`tput sgr0 2>/dev/null` +else + _R="" + _G="" + _B="" + _N="" +fi + # Some test data. We make a copy because some tests will overwrite it. # The tests may assume that $DATA exists and is writable and $COPY does # not exist. Tests requiring larger data files can call increase_datafile_size @@ -216,19 +229,19 @@ verbose () fi } - fail () { save_debug_log "FAIL: $@" RESULT=1 - echo "$@" - + echo "${_B}$@${_N}" + cleanup + exit $RESULT } fatal () { save_debug_log "FATAL: $@" - printf "FATAL: " + printf "${_B}FATAL: $@${_N}" fail "$@" cleanup exit $RESULT @@ -243,6 +256,7 @@ trap fatal 3 2 cat << EOF > $OBJ/sshd_config Port $PORT Protocol 2,1 + LoginGraceTime 15m AddressFamily inet ListenAddress 127.0.0.1 #ListenAddress ::1 @@ -252,6 +266,7 @@ cat << EOF > $OBJ/sshd_config AcceptEnv _XXX_TEST_* AcceptEnv _XXX_TEST Subsystem sftp $SFTPSERVER + StrictModes no EOF if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then @@ -395,8 +410,8 @@ start_sshd () # kill sshd cleanup if [ $RESULT -eq 0 ]; then - verbose ok $tid + verbose ${_G}ok $tid${_N} else - echo failed $tid + echo ${_R}failed $tid${_N} fi exit $RESULT