Refactored pester based E2E test setup (#384)
- Set up dedicated test endpoint instead of tweaking main service configuration. - Got rid of redundant custom test configuration files. - Cleaned up pester tests directory. Moved test filed to dedicated directory - Revised TestDaemon start/stop routines to use "netstat" for host process identification. This gets rid of slight flakiness in previous approach.
This commit is contained in:
Manoj Ampalam
GitHub
parent
3d35b912a7
commit
1137942918
|
|
@ -15,7 +15,7 @@ $PubKeyUser = "sshtest_pubkeyuser"
|
|||
$PasswdUser = "sshtest_passwduser"
|
||||
$OpenSSHTestAccountsPassword = "P@ssw0rd_1"
|
||||
$OpenSSHTestAccounts = $Script:SSOUser, $Script:PubKeyUser, $Script:PasswdUser
|
||||
$OpenSSHConfigPath = Join-Path $env:ProgramData "ssh"
|
||||
$SSHDTestSvcName = "sshdTestSvc"
|
||||
|
||||
$Script:TestDataPath = "$env:SystemDrive\OpenSSHTests"
|
||||
$Script:SetupTestResultsFile = Join-Path $TestDataPath $SetupTestResultsFileName
|
||||
|
|
@ -24,6 +24,7 @@ $Script:E2ETestResultsFile = Join-Path $TestDataPath $E2ETestResultsFileName
|
|||
$Script:UnitTestResultsFile = Join-Path $TestDataPath $UnitTestResultsFileName
|
||||
$Script:TestSetupLogFile = Join-Path $TestDataPath $TestSetupLogFileName
|
||||
$Script:E2ETestDirectory = Join-Path $repositoryRoot.FullName -ChildPath "regress\pesterTests"
|
||||
$Script:E2ETestDataDirectory = Join-Path $Script:E2ETestDirectory data
|
||||
$Script:WindowsInBox = $false
|
||||
$Script:NoLibreSSL = $false
|
||||
$Script:EnableAppVerifier = $true
|
||||
|
|
@ -81,19 +82,11 @@ function Set-OpenSSHTestEnvironment
|
|||
}
|
||||
$Global:OpenSSHTestInfo.Add("PostmortemDebugging", $Script:PostmortemDebugging)
|
||||
|
||||
#start service if not already started
|
||||
Start-Service -Name sshd
|
||||
|
||||
$description = @"
|
||||
WARNING: Following changes will be made to OpenSSH configuration
|
||||
- sshd_config will be backed up as sshd_config.ori
|
||||
- will be replaced with a test sshd_config
|
||||
- $HOME\.ssh\known_hosts will be backed up as known_hosts.ori
|
||||
- will be replaced with a test known_hosts
|
||||
- $HOME\.ssh\config will be backed up as config.ori
|
||||
- will be replaced with a test config
|
||||
- $HOME\.ssh\known_hosts will be amended with test endpoint entries
|
||||
- $HOME\.ssh\config will be amended with test endpoint entries
|
||||
- sshd test listener will be on port 47002
|
||||
- $HOME\.ssh\known_hosts will be modified with test host key entry
|
||||
- test accounts - ssouser, pubkeyuser, and passwduser will be added
|
||||
- Setup single signon for ssouser
|
||||
- To cleanup - Run Clear-OpenSSHTestEnvironment
|
||||
|
|
@ -109,18 +102,61 @@ WARNING: Following changes will be made to OpenSSH configuration
|
|||
|
||||
Install-OpenSSHTestDependencies
|
||||
|
||||
$backupConfigPath = Join-Path $OpenSSHConfigPath sshd_config.ori
|
||||
$targetsshdConfig = Join-Path $OpenSSHConfigPath sshd_config
|
||||
#Backup existing OpenSSH configuration
|
||||
if ((Test-Path $targetsshdConfig -PathType Leaf) -and (-not (Test-Path $backupConfigPath -PathType Leaf))) {
|
||||
Copy-Item $targetsshdConfig $backupConfigPath -Force
|
||||
}
|
||||
# copy new sshd_config
|
||||
Copy-Item (Join-Path $Script:E2ETestDirectory sshd_config) $targetsshdConfig -Force
|
||||
if($DebugMode) {
|
||||
$con = (Get-Content $targetsshdConfig | Out-String).Replace("#SyslogFacility AUTH","SyslogFacility LOCAL0")
|
||||
Set-Content -Path $targetsshdConfig -Value "$con" -Force
|
||||
|
||||
##### START: install sshd test service
|
||||
#delete service if exists
|
||||
if (Get-Service $SSHDTestSvcName -ErrorAction SilentlyContinue)
|
||||
{
|
||||
Stop-Service $SSHDTestSvcName
|
||||
sc.exe delete $SSHDTestSvcName 1>$null
|
||||
}
|
||||
|
||||
#prepare config directory
|
||||
$testSvcConfigDir = Join-Path $Global:OpenSSHTestInfo["TestDataPath"] "serviceconfig"
|
||||
Remove-Item $testSvcConfigDir -Force -Recurse -ErrorAction SilentlyContinue
|
||||
New-Item -ItemType Directory -Path $testSvcConfigDir
|
||||
$Global:OpenSSHTestInfo["ServiceConfigDir"] = $testSvcConfigDir
|
||||
|
||||
#copy sshd_config
|
||||
$testSshdConfig = Join-Path $testSvcConfigDir sshd_config
|
||||
Copy-Item (Join-Path $Script:E2ETestDataDirectory sshd_config) $testSshdConfig -Force
|
||||
$con = (Get-Content $testSshdConfig | Out-String).Replace("___TEST_SERVICE_CONFIG_DIR___", $testSvcConfigDir)
|
||||
Set-Content -Path $testSshdConfig -Value "$con" -Force
|
||||
if($DebugMode) {
|
||||
$con = (Get-Content $testSshdConfig | Out-String).Replace("#SyslogFacility AUTH","SyslogFacility LOCAL0")
|
||||
Set-Content -Path $testSshdConfig -Value "$con" -Force
|
||||
}
|
||||
|
||||
#copy sshtest keys
|
||||
Copy-Item "$($Script:E2ETestDataDirectory)\sshtest*hostkey*" $testSvcConfigDir -Force
|
||||
|
||||
#copy ca pubkey to ssh config path
|
||||
Copy-Item "$($Script:E2ETestDataDirectory)\sshtest_ca_userkeys.pub" $testSvcConfigDir -Force
|
||||
|
||||
$acl = New-Object System.Security.AccessControl.DirectorySecurity
|
||||
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Administrators","FullControl","Allow")
|
||||
$acl.AddAccessRule($rule)
|
||||
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("System","FullControl","Allow")
|
||||
$acl.AddAccessRule($rule)
|
||||
$acl.SetAccessRuleProtection($true, $true)
|
||||
|
||||
Get-ChildItem $testSvcConfigDir | foreach {$acl | set-acl $_.FullName}
|
||||
|
||||
|
||||
$SSHDTestSvcNameCmdLine = (Join-Path $script:OpenSSHBinPath sshd) + " -f " + $testSshdConfig
|
||||
New-Service -Name $SSHDTestSvcName -DisplayName "OpenSSH SSH Test Server for E2E tests" -BinaryPathName $SSHDTestSvcNameCmdLine -StartupType Manual | Out-Null
|
||||
sc.exe privs $SSHDTestSvcName SeAssignPrimaryTokenPrivilege/SeTcbPrivilege/SeBackupPrivilege/SeRestorePrivilege/SeImpersonatePrivilege
|
||||
|
||||
Start-Service $SSHDTestSvcName
|
||||
##### END: install sshd test service
|
||||
|
||||
|
||||
#copy ca private key to test dir
|
||||
$ca_priv_key = (Join-Path $Global:OpenSSHTestInfo["TestDataPath"] sshtest_ca_userkeys)
|
||||
Copy-Item (Join-Path $Script:E2ETestDataDirectory sshtest_ca_userkeys) $ca_priv_key -Force
|
||||
Repair-UserSshConfigPermission -FilePath $ca_priv_key -confirm:$false
|
||||
$Global:OpenSSHTestInfo["CA_Private_Key"] = $ca_priv_key
|
||||
|
||||
$sshAgentSvc = Get-service ssh-agent
|
||||
if($sshAgentSvc.StartType -eq [System.ServiceProcess.ServiceStartMode]::Disabled)
|
||||
{
|
||||
|
|
@ -128,41 +164,34 @@ WARNING: Following changes will be made to OpenSSH configuration
|
|||
}
|
||||
Start-Service ssh-agent
|
||||
|
||||
#copy sshtest keys
|
||||
Copy-Item "$($Script:E2ETestDirectory)\sshtest*hostkey*" $OpenSSHConfigPath -Force
|
||||
Get-ChildItem "$($OpenSSHConfigPath)\sshtest*hostkey*" -Exclude *.pub| % {
|
||||
Repair-SshdHostKeyPermission -FilePath $_.FullName -confirm:$false
|
||||
}
|
||||
|
||||
#copy ca pubkey to ssh config path
|
||||
Copy-Item "$($Script:E2ETestDirectory)\sshtest_ca_userkeys.pub" $OpenSSHConfigPath -Force
|
||||
|
||||
#copy ca private key to test dir
|
||||
$ca_priv_key = (Join-Path $Global:OpenSSHTestInfo["TestDataPath"] sshtest_ca_userkeys)
|
||||
Copy-Item (Join-Path $Script:E2ETestDirectory sshtest_ca_userkeys) $ca_priv_key -Force
|
||||
Repair-UserSshConfigPermission -FilePath $ca_priv_key -confirm:$false
|
||||
$Global:OpenSSHTestInfo["CA_Private_Key"] = $ca_priv_key
|
||||
|
||||
Restart-Service sshd -Force
|
||||
|
||||
#Backup existing known_hosts and replace with test version
|
||||
#TODO - account for custom known_hosts locations
|
||||
|
||||
#Prepare user config - known_hosts and ssh_config
|
||||
$dotSshDirectoryPath = Join-Path $home .ssh
|
||||
$knowHostsFilePath = Join-Path $dotSshDirectoryPath known_hosts
|
||||
if(-not (Test-Path $dotSshDirectoryPath -PathType Container))
|
||||
{
|
||||
New-Item -ItemType Directory -Path $dotSshDirectoryPath -Force -ErrorAction SilentlyContinue | out-null
|
||||
}
|
||||
if ((Test-Path $knowHostsFilePath -PathType Leaf) -and (-not (Test-Path (Join-Path $dotSshDirectoryPath known_hosts.ori) -PathType Leaf))) {
|
||||
Copy-Item $knowHostsFilePath (Join-Path $dotSshDirectoryPath known_hosts.ori) -Force
|
||||
|
||||
$knowHostsFilePath = Join-Path $dotSshDirectoryPath known_hosts
|
||||
if (-not (Test-Path $knowHostsFilePath -PathType Leaf)) {
|
||||
Copy-Item (Join-Path $Script:E2ETestDataDirectory known_hosts) $knowHostsFilePath -Force
|
||||
}
|
||||
$con = Get-Content $knowHostsFilePath
|
||||
if (($con -eq $null) -or (-not($con.Contains("###OpenSSHE2ETests")))) {
|
||||
Get-Content (Join-Path $Script:E2ETestDataDirectory known_hosts) | Add-Content $knowHostsFilePath
|
||||
}
|
||||
Copy-Item (Join-Path $Script:E2ETestDirectory known_hosts) $knowHostsFilePath -Force
|
||||
|
||||
$sshConfigFilePath = Join-Path $dotSshDirectoryPath config
|
||||
if ((Test-Path $sshConfigFilePath -PathType Leaf) -and (-not (Test-Path (Join-Path $dotSshDirectoryPath config.ori) -PathType Leaf))) {
|
||||
Copy-Item $sshConfigFilePath (Join-Path $dotSshDirectoryPath config.ori) -Force
|
||||
if (-not (Test-Path (Join-Path $dotSshDirectoryPath config) -PathType Leaf)) {
|
||||
Copy-Item (Join-Path $Script:E2ETestDataDirectory ssh_config) $sshConfigFilePath -Force
|
||||
}
|
||||
Copy-Item (Join-Path $Script:E2ETestDirectory ssh_config) $sshConfigFilePath -Force
|
||||
$con = Get-Content $sshConfigFilePath
|
||||
if (($con -eq $null) -or (-not($con.Contains("###OpenSSHE2ETests")))) {
|
||||
Get-Content (Join-Path $Script:E2ETestDataDirectory ssh_config) | Add-Content $sshConfigFilePath
|
||||
}
|
||||
|
||||
Copy-Item (Join-Path $Script:E2ETestDataDirectory ssh_config) $sshConfigFilePath -Force
|
||||
Repair-UserSshConfigPermission -FilePath $sshConfigFilePath -confirm:$false
|
||||
|
||||
# create test accounts
|
||||
|
|
@ -188,11 +217,11 @@ WARNING: Following changes will be made to OpenSSH configuration
|
|||
|
||||
New-Item -ItemType Directory -Path (Join-Path $ssouserProfile .ssh) -Force -ErrorAction SilentlyContinue | out-null
|
||||
$authorizedKeyPath = Join-Path $ssouserProfile .ssh\authorized_keys
|
||||
$testPubKeyPath = Join-Path $Script:E2ETestDirectory sshtest_userssokey_ed25519.pub
|
||||
$testPubKeyPath = Join-Path $Script:E2ETestDataDirectory sshtest_userssokey_ed25519.pub
|
||||
Copy-Item $testPubKeyPath $authorizedKeyPath -Force -ErrorAction SilentlyContinue
|
||||
Repair-AuthorizedKeyPermission -FilePath $authorizedKeyPath -confirm:$false
|
||||
|
||||
copy-item (Join-Path $Script:E2ETestDirectory sshtest_userssokey_ed25519) $Global:OpenSSHTestInfo["TestDataPath"]
|
||||
copy-item (Join-Path $Script:E2ETestDataDirectory sshtest_userssokey_ed25519) $Global:OpenSSHTestInfo["TestDataPath"]
|
||||
$testPriKeypath = Join-Path $Global:OpenSSHTestInfo["TestDataPath"] sshtest_userssokey_ed25519
|
||||
cmd /c "ssh-add -D 2>&1 >> $Script:TestSetupLogFile"
|
||||
Repair-UserKeyPermission -FilePath $testPriKeypath -confirm:$false
|
||||
|
|
@ -214,8 +243,6 @@ WARNING: Following changes will be made to OpenSSH configuration
|
|||
New-ItemProperty "HKLM:Software\Microsoft\Windows NT\CurrentVersion\AeDebug" -Name Auto -Type String -Value "1" -Force -ErrorAction SilentlyContinue | Out-Null
|
||||
}
|
||||
}
|
||||
|
||||
Backup-OpenSSHTestInfo
|
||||
}
|
||||
|
||||
function Set-BasicTestInfo
|
||||
|
|
@ -504,34 +531,14 @@ function Clear-OpenSSHTestEnvironment
|
|||
Remove-ItemProperty "HKLM:Software\Microsoft\Windows NT\CurrentVersion\AeDebug" -Name Debugger -ErrorAction SilentlyContinue -Force | Out-Null
|
||||
Remove-ItemProperty "HKLM:Software\Microsoft\Windows NT\CurrentVersion\AeDebug" -Name Auto -ErrorAction SilentlyContinue -Force | Out-Null
|
||||
}
|
||||
|
||||
Remove-Item "$OpenSSHConfigPath\sshtest*hostkey*" -Force -ErrorAction SilentlyContinue
|
||||
Remove-Item "$OpenSSHConfigPath\sshtest*ca_userkeys*" -Force -ErrorAction SilentlyContinue
|
||||
|
||||
#Restore sshd_config
|
||||
$backupConfigPath = Join-Path $OpenSSHConfigPath sshd_config.ori
|
||||
if (Test-Path $backupConfigPath -PathType Leaf) {
|
||||
Copy-Item $backupConfigPath (Join-Path $OpenSSHConfigPath sshd_config) -Force -ErrorAction SilentlyContinue
|
||||
Remove-Item (Join-Path $OpenSSHConfigPath sshd_config.ori) -Force -ErrorAction SilentlyContinue
|
||||
Restart-Service sshd
|
||||
|
||||
#delete service if exists
|
||||
if (Get-Service $SSHDTestSvcName -ErrorAction SilentlyContinue)
|
||||
{
|
||||
Stop-Service $SSHDTestSvcName
|
||||
sc.exe delete $SSHDTestSvcName 1>$null
|
||||
}
|
||||
|
||||
#Restore known_hosts
|
||||
$originKnowHostsPath = Join-Path $home .ssh\known_hosts.ori
|
||||
if (Test-Path $originKnowHostsPath)
|
||||
{
|
||||
Copy-Item $originKnowHostsPath (Join-Path $home .ssh\known_hosts) -Force -ErrorAction SilentlyContinue
|
||||
Remove-Item $originKnowHostsPath -Force -ErrorAction SilentlyContinue
|
||||
}
|
||||
|
||||
#Restore ssh_config
|
||||
$originConfigPath = Join-Path $home .ssh\config.ori
|
||||
if (Test-Path $originConfigPath)
|
||||
{
|
||||
Copy-Item $originConfigPath (Join-Path $home .ssh\config) -Force -ErrorAction SilentlyContinue
|
||||
Remove-Item $originConfigPath -Force -ErrorAction SilentlyContinue
|
||||
}
|
||||
|
||||
#Delete accounts
|
||||
foreach ($user in $OpenSSHTestAccounts)
|
||||
{
|
||||
|
|
@ -539,7 +546,7 @@ function Clear-OpenSSHTestEnvironment
|
|||
}
|
||||
|
||||
# remove registered keys
|
||||
cmd /c "ssh-add -d (Join-Path $Script:E2ETestDirectory sshtest_userssokey_ed25519) 2>&1 >> $Script:TestSetupLogFile"
|
||||
cmd /c "ssh-add -d (Join-Path $Script:E2ETestDataDirectory sshtest_userssokey_ed25519) 2>&1 >> $Script:TestSetupLogFile"
|
||||
|
||||
if($Global:OpenSSHTestInfo -ne $null)
|
||||
{
|
||||
|
|
@ -728,56 +735,6 @@ function Invoke-OpenSSHUnitTest
|
|||
$testfailed
|
||||
}
|
||||
|
||||
function Backup-OpenSSHTestInfo
|
||||
{
|
||||
param
|
||||
(
|
||||
[string] $BackupFile = $null
|
||||
)
|
||||
|
||||
if ($Global:OpenSSHTestInfo -eq $null) {
|
||||
Throw "`$OpenSSHTestInfo is null. Did you run Set-OpenSSHTestEnvironment yet?"
|
||||
}
|
||||
|
||||
$testInfo = $Global:OpenSSHTestInfo
|
||||
|
||||
if ([String]::IsNullOrEmpty($BackupFile)) {
|
||||
$BackupFile = Join-Path $testInfo["TestDataPath"] "OpenSSHTestInfo_backup.txt"
|
||||
}
|
||||
|
||||
$null | Set-Content $BackupFile
|
||||
|
||||
foreach ($key in $testInfo.Keys) {
|
||||
$value = $testInfo[$key]
|
||||
Add-Content $BackupFile "$key,$value"
|
||||
}
|
||||
}
|
||||
|
||||
function Restore-OpenSSHTestInfo
|
||||
{
|
||||
param
|
||||
(
|
||||
[Parameter(Mandatory=$true)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string] $BackupFile
|
||||
)
|
||||
|
||||
if($Global:OpenSSHTestInfo -ne $null)
|
||||
{
|
||||
$Global:OpenSSHTestInfo.Clear()
|
||||
$Global:OpenSSHTestInfo = $null
|
||||
}
|
||||
|
||||
$Global:OpenSSHTestInfo = @{}
|
||||
|
||||
$entries = Get-Content $BackupFile
|
||||
|
||||
foreach ($entry in $entries) {
|
||||
$data = $entry.Split(",")
|
||||
$Global:OpenSSHTestInfo[$data[0]] = $data[1]
|
||||
}
|
||||
}
|
||||
|
||||
<#
|
||||
Write-Log
|
||||
#>
|
||||
|
|
@ -799,4 +756,4 @@ function Write-Log
|
|||
}
|
||||
}
|
||||
|
||||
Export-ModuleMember -Function Set-BasicTestInfo, Set-OpenSSHTestEnvironment, Clear-OpenSSHTestEnvironment, Invoke-OpenSSHSetupTest, Invoke-OpenSSHUnitTest, Invoke-OpenSSHE2ETest, Invoke-OpenSSHUninstallTest, Backup-OpenSSHTestInfo, Restore-OpenSSHTestInfo
|
||||
Export-ModuleMember -Function Set-BasicTestInfo, Set-OpenSSHTestEnvironment, Clear-OpenSSHTestEnvironment, Invoke-OpenSSHSetupTest, Invoke-OpenSSHUnitTest, Invoke-OpenSSHE2ETest, Invoke-OpenSSHUninstallTest
|
||||
|
|
@ -25,6 +25,7 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" {
|
|||
$PwdUser = $OpenSSHTestInfo["PasswdUser"]
|
||||
$ssouserProfile = $OpenSSHTestInfo["SSOUserProfile"]
|
||||
$opensshbinpath = $OpenSSHTestInfo['OpenSSHBinPath']
|
||||
$sshdconfig = Join-Path $Global:OpenSSHTestInfo["ServiceConfigDir"] sshd_config
|
||||
Remove-Item -Path (Join-Path $testDir "*$sshLogName") -Force -ErrorAction SilentlyContinue
|
||||
|
||||
#skip when the task schedular (*-ScheduledTask) cmdlets does not exist
|
||||
|
|
@ -61,12 +62,11 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" {
|
|||
}
|
||||
$authorizedkeyPath = Join-Path $ssouserProfile .testssh\authorized_keys
|
||||
$Source = Join-Path $ssouserProfile .ssh\authorized_keys
|
||||
$testknownhosts = Join-path $PSScriptRoot testdata\test_known_hosts
|
||||
Copy-Item $Source $ssouserSSHProfilePath -Force -ErrorAction Stop
|
||||
Repair-AuthorizedKeyPermission -Filepath $authorizedkeyPath -confirm:$false
|
||||
if(-not $skip)
|
||||
{
|
||||
Stop-SSHDTestDaemon
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
}
|
||||
|
||||
#add wrong password so ssh does not prompt password if failed with authorized keys
|
||||
|
|
@ -92,7 +92,7 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" {
|
|||
$sshdlog = Join-Path $testDir "$tC.$tI.$sshdLogName"
|
||||
if(-not $skip)
|
||||
{
|
||||
Stop-SSHDTestDaemon
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -101,9 +101,9 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" {
|
|||
Repair-FilePermission -Filepath $authorizedkeyPath -Owners $objUserSid -FullAccessNeeded $adminsSid,$systemSid,$objUserSid -confirm:$false
|
||||
|
||||
#Run
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog"
|
||||
$o = ssh -p $port $ssouser@$server -o "UserKnownHostsFile $testknownhosts" echo 1234
|
||||
Stop-SSHDTestDaemon
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdconfig -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" -Port $port
|
||||
$o = ssh -p $port $ssouser@$server echo 1234
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
$o | Should Be "1234"
|
||||
}
|
||||
|
||||
|
|
@ -112,10 +112,10 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" {
|
|||
Repair-FilePermission -Filepath $authorizedkeyPath -Owner $systemSid -FullAccessNeeded $adminsSid,$systemSid,$objUserSid -confirm:$false
|
||||
|
||||
#Run
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog"
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdconfig -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" -Port $port
|
||||
|
||||
$o = ssh -p $port $ssouser@$server -o "UserKnownHostsFile $testknownhosts" echo 1234
|
||||
Stop-SSHDTestDaemon
|
||||
$o = ssh -p $port $ssouser@$server echo 1234
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
$o | Should Be "1234"
|
||||
}
|
||||
|
||||
|
|
@ -124,9 +124,9 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" {
|
|||
Repair-FilePermission -Filepath $authorizedkeyPath -Owner $adminsSid -FullAccessNeeded $adminsSid,$systemSid -confirm:$false
|
||||
|
||||
#Run
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog"
|
||||
$o = ssh -p $port $ssouser@$server -o "UserKnownHostsFile $testknownhosts" echo 1234
|
||||
Stop-SSHDTestDaemon
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdconfig -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" -Port $port
|
||||
$o = ssh -p $port $ssouser@$server echo 1234
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
$o | Should Be "1234"
|
||||
}
|
||||
|
||||
|
|
@ -135,9 +135,9 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" {
|
|||
Repair-FilePermission -Filepath $authorizedkeyPath -Owner $adminsSid -FullAccessNeeded $adminsSid,$systemSid,$objUserSid -confirm:$false
|
||||
|
||||
#Run
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog"
|
||||
$o = ssh -p $port $ssouser@$server -o "UserKnownHostsFile $testknownhosts" echo 1234
|
||||
Stop-SSHDTestDaemon
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdconfig -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" -Port $port
|
||||
$o = ssh -p $port $ssouser@$server echo 1234
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
$o | Should Be "1234"
|
||||
}
|
||||
|
||||
|
|
@ -146,10 +146,10 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" {
|
|||
Repair-FilePermission -Filepath $authorizedkeyPath -Owner $currentUserSid -FullAccessNeeded $adminsSid,$systemSid -confirm:$false
|
||||
|
||||
#Run
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog"
|
||||
ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $ssouser@$server echo 1234
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdconfig -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" -Port $port
|
||||
ssh -p $port -E $sshlog $ssouser@$server echo 1234
|
||||
$LASTEXITCODE | Should Not Be 0
|
||||
Stop-SSHDTestDaemon
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
$sshlog | Should Contain "Permission denied"
|
||||
$sshdlog | Should Contain "Authentication refused."
|
||||
}
|
||||
|
|
@ -163,10 +163,10 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" {
|
|||
Set-FilePermission -FilePath $authorizedkeyPath -User $objPwdUserSid -Perm "Read"
|
||||
|
||||
#Run
|
||||
Start-SSHDTestDaemon -workDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog"
|
||||
ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $ssouser@$server echo 1234
|
||||
Start-SSHDTestDaemon -workDir $opensshbinpath -Arguments "-d -f $sshdconfig -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" -Port $port
|
||||
ssh -p $port -E $sshlog $ssouser@$server echo 1234
|
||||
$LASTEXITCODE | Should Not Be 0
|
||||
Stop-SSHDTestDaemon
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
$sshlog | Should Contain "Permission denied"
|
||||
$sshdlog | Should Contain "Authentication refused."
|
||||
}
|
||||
|
|
@ -177,10 +177,10 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" {
|
|||
Repair-FilePermission -Filepath $authorizedkeyPath -Owner $objPwdUserSid -FullAccessNeeded $adminsSid,$systemSid,$objPwdUser -confirm:$false
|
||||
|
||||
#Run
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog"
|
||||
ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $ssouser@$server echo 1234
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdconfig -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" -Port $port
|
||||
ssh -p $port -E $sshlog $ssouser@$server echo 1234
|
||||
$LASTEXITCODE | Should Not Be 0
|
||||
Stop-SSHDTestDaemon
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
$sshlog | Should Contain "Permission denied"
|
||||
$sshdlog | Should Contain "Authentication refused."
|
||||
}
|
||||
|
|
|
|||
|
|
@ -58,7 +58,8 @@ Describe "Tests for ssh config" -Tags "CI" {
|
|||
|
||||
$userConfigFile = Join-Path $home ".ssh\config"
|
||||
if( -not (Test-path $userConfigFile) ) {
|
||||
Copy-item "$PSScriptRoot\testdata\ssh_config" $userConfigFile -force
|
||||
#prep sample config
|
||||
Add-Content "PubkeyAcceptedKeyTypes ssh-ed25519*" $userConfigFile
|
||||
}
|
||||
Enable-Privilege SeRestorePrivilege | out-null
|
||||
$oldACL = Get-ACL $userConfigFile
|
||||
|
|
|
|||
|
|
@ -114,15 +114,16 @@ function Start-SSHDTestDaemon
|
|||
{
|
||||
param(
|
||||
[string] $Arguments,
|
||||
[string] $Workdir)
|
||||
[string] $Workdir,
|
||||
[string] $Port)
|
||||
|
||||
$Arguments += " -p $Port"
|
||||
$ac = New-ScheduledTaskAction -Execute (join-path $workdir "sshd") -WorkingDirectory $workdir -Argument $Arguments
|
||||
$task = Register-ScheduledTask -TaskName $Taskname -User system -Action $ac -TaskPath $Taskfolder -Force
|
||||
Start-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname
|
||||
$svcpid = ((tasklist /svc | select-string -Pattern ".+sshd").ToString() -split "\s+")[1]
|
||||
#sleep for 1 seconds for process to ready to listener
|
||||
$num = 0
|
||||
while((Get-Process sshd | Where-Object {$_.Id -ne $svcpid}) -eq $null)
|
||||
while ((netstat -anop TCP | select-string -Pattern "0.0.0.0:$Port") -eq $null)
|
||||
{
|
||||
start-sleep 1
|
||||
$num++
|
||||
|
|
@ -132,6 +133,9 @@ function Start-SSHDTestDaemon
|
|||
|
||||
function Stop-SSHDTestDaemon
|
||||
{
|
||||
param(
|
||||
[string] $Port)
|
||||
|
||||
$task = Get-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname -ErrorAction SilentlyContinue
|
||||
if($task)
|
||||
{
|
||||
|
|
@ -141,16 +145,24 @@ function Stop-SSHDTestDaemon
|
|||
}
|
||||
Unregister-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname -Confirm:$false
|
||||
}
|
||||
#if still running, wait a little while for task to complete
|
||||
#stop-scheduledTask does not wait for worker process to end. Kill it if still running. Logic below assume sshd service is running
|
||||
$svcpid = ((tasklist /svc | select-string -Pattern ".+sshd").ToString() -split "\s+")[1]
|
||||
Get-Process sshd -ErrorAction SilentlyContinue | Where-Object {$_.Id -ne $svcpid} | Stop-Process -Force -ErrorAction SilentlyContinue
|
||||
$num = 0
|
||||
while((Get-Process sshd | Where-Object {$_.Id -ne $svcpid}))
|
||||
|
||||
#kill process listening on $Port
|
||||
$p = netstat -anop TCP | select-string -Pattern "0.0.0.0:$Port"
|
||||
if (-not($p -eq $null))
|
||||
{
|
||||
# sshd process is still running; wait 1 more seconds"
|
||||
start-sleep 1
|
||||
$num++
|
||||
if($num -gt 30) { break }
|
||||
foreach ($ps in $p) {
|
||||
$pss =$ps.ToString() -split "\s+";
|
||||
$pid = $pss[$pss.length -1]
|
||||
Stop-Process -Id $pid -Force -ErrorAction SilentlyContinue
|
||||
}
|
||||
#if still running, wait a little while for task to complete
|
||||
$num = 0
|
||||
while (-not((netstat -anop TCP | select-string -Pattern "0.0.0.0:$Port") -eq $null))
|
||||
{
|
||||
start-sleep 1
|
||||
$num++
|
||||
if($num -gt 30) { break }
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -27,7 +27,28 @@ Describe "Tests of sshd_config" -Tags "CI" {
|
|||
$ContextName = $env:COMPUTERNAME
|
||||
$ContextType = [System.DirectoryServices.AccountManagement.ContextType]::Machine
|
||||
$PrincipalContext = new-object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList @($ContextType, $ContextName)
|
||||
$IdentityType = [System.DirectoryServices.AccountManagement.IdentityType]::SamAccountName
|
||||
$IdentityType = [System.DirectoryServices.AccountManagement.IdentityType]::SamAccountName
|
||||
|
||||
#prepare custom sshd_config
|
||||
$sshdconfig_ori = Join-Path $Global:OpenSSHTestInfo["ServiceConfigDir"] sshd_config
|
||||
$sshdconfig_custom = Join-Path $Global:OpenSSHTestInfo["ServiceConfigDir"] sshd_config_custom
|
||||
if (Test-Path $sshdconfig_custom) {
|
||||
Remove-Item $sshdconfig_custom -Force
|
||||
}
|
||||
Copy-Item $sshdconfig_ori $sshdconfig_custom
|
||||
get-acl $sshdconfig_ori | set-acl $sshdconfig_custom
|
||||
|
||||
Add-Content $sshdconfig_custom @"
|
||||
|
||||
DenyUsers denyuser1 deny*2 denyuse?3,
|
||||
AllowUsers allowuser1 allowu*r2 allow?se?3 allowuser4 localuser1 localu*r2 loc?lu?er3 localadmin matchuser
|
||||
DenyGroups denygroup1 denygr*p2 deny?rou?3
|
||||
AllowGroups allowgroup1 allowg*2 allowg?ou?3 Adm*
|
||||
|
||||
Match User matchuser
|
||||
ForceCommand cmd.exe /c "whoami & set SSH_ORIGINAL_COMMAND"
|
||||
|
||||
"@
|
||||
|
||||
function Add-LocalUser
|
||||
{
|
||||
|
|
@ -118,7 +139,7 @@ Describe "Tests of sshd_config" -Tags "CI" {
|
|||
$skip = $ts -eq $null
|
||||
if(-not $skip)
|
||||
{
|
||||
Stop-SSHDTestDaemon
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
}
|
||||
if(($platform -eq [PlatformType]::Windows) -and ([Environment]::OSVersion.Version.Major -le 6))
|
||||
{
|
||||
|
|
@ -169,8 +190,7 @@ Describe "Tests of sshd_config" -Tags "CI" {
|
|||
$denyGroup1 = "denygroup1"
|
||||
$denyGroup2 = "denygroup2"
|
||||
$denyGroup3 = "denygroup3"
|
||||
$sshdConfigPath = Join-Path $PSScriptRoot testdata\SSHD_Config
|
||||
$testknownhosts = Join-path $PSScriptRoot testdata\test_known_hosts
|
||||
$sshdConfigPath = $sshdconfig_custom
|
||||
#add wrong password so ssh does not prompt password if failed with authorized keys
|
||||
Add-PasswordSetting -Pass $password
|
||||
$tI=1
|
||||
|
|
@ -181,7 +201,7 @@ Describe "Tests of sshd_config" -Tags "CI" {
|
|||
$sshdlog = Join-Path $testDir "$tC.$tI.$sshdLogName"
|
||||
if(-not $skip)
|
||||
{
|
||||
Stop-SSHDTestDaemon
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -192,12 +212,12 @@ Describe "Tests of sshd_config" -Tags "CI" {
|
|||
|
||||
It "$tC.$tI-User with full name in the list of AllowUsers" -skip:$skip {
|
||||
#Run
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port
|
||||
|
||||
Add-UserToLocalGroup -UserName $allowUser1 -Password $password -GroupName $allowGroup1
|
||||
|
||||
$o = ssh -p $port $allowUser1@$server -o "UserKnownHostsFile $testknownhosts" echo 1234
|
||||
Stop-SSHDTestDaemon
|
||||
$o = ssh -p $port $allowUser1@$server echo 1234
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
$o | Should Be "1234"
|
||||
Remove-UserFromLocalGroup -UserName $allowUser1 -GroupName $allowGroup1
|
||||
|
||||
|
|
@ -205,12 +225,12 @@ Describe "Tests of sshd_config" -Tags "CI" {
|
|||
|
||||
It "$tC.$tI-User with * wildcard" -skip:$skip {
|
||||
#Run
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port
|
||||
|
||||
Add-UserToLocalGroup -UserName $allowUser2 -Password $password -GroupName $allowGroup1
|
||||
|
||||
$o = ssh -p $port $allowUser2@$server -o "UserKnownHostsFile $testknownhosts" echo 1234
|
||||
Stop-SSHDTestDaemon
|
||||
$o = ssh -p $port $allowUser2@$server echo 1234
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
$o | Should Be "1234"
|
||||
Remove-UserFromLocalGroup -UserName $allowUser2 -GroupName $allowGroup1
|
||||
|
||||
|
|
@ -218,11 +238,11 @@ Describe "Tests of sshd_config" -Tags "CI" {
|
|||
|
||||
It "$tC.$tI-User with ? wildcard" -skip:$skip {
|
||||
#Run
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port
|
||||
Add-UserToLocalGroup -UserName $allowUser3 -Password $password -GroupName $allowGroup1
|
||||
|
||||
$o = ssh -p $port $allowUser3@$server -o "UserKnownHostsFile $testknownhosts" echo 1234
|
||||
Stop-SSHDTestDaemon
|
||||
$o = ssh -p $port $allowUser3@$server echo 1234
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
$o | Should Be "1234"
|
||||
Remove-UserFromLocalGroup -UserName $allowUser3 -GroupName $allowGroup1
|
||||
|
||||
|
|
@ -230,13 +250,13 @@ Describe "Tests of sshd_config" -Tags "CI" {
|
|||
|
||||
It "$tC.$tI-User with full name in the list of DenyUsers" -skip:$skip {
|
||||
#Run
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port
|
||||
|
||||
Add-UserToLocalGroup -UserName $denyUser1 -Password $password -GroupName $allowGroup1
|
||||
|
||||
ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $denyUser1@$server echo 1234
|
||||
ssh -p $port -E $sshlog $denyUser1@$server echo 1234
|
||||
$LASTEXITCODE | Should Not Be 0
|
||||
Stop-SSHDTestDaemon
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
$sshdlog | Should Contain "not allowed because listed in DenyUsers"
|
||||
|
||||
Remove-UserFromLocalGroup -UserName $denyUser1 -GroupName $allowGroup1
|
||||
|
|
@ -245,13 +265,13 @@ Describe "Tests of sshd_config" -Tags "CI" {
|
|||
|
||||
It "$tC.$tI-User with * wildcard in the list of DenyUsers" -skip:$skip {
|
||||
#Run
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port
|
||||
|
||||
Add-UserToLocalGroup -UserName $denyUser2 -Password $password -GroupName $allowGroup1
|
||||
|
||||
ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $denyUser2@$server echo 1234
|
||||
ssh -p $port -E $sshlog $denyUser2@$server echo 1234
|
||||
$LASTEXITCODE | Should Not Be 0
|
||||
Stop-SSHDTestDaemon
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
$sshdlog | Should Contain "not allowed because listed in DenyUsers"
|
||||
|
||||
Remove-UserFromLocalGroup -UserName $denyUser2 -GroupName $allowGroup1
|
||||
|
|
@ -260,13 +280,13 @@ Describe "Tests of sshd_config" -Tags "CI" {
|
|||
|
||||
It "$tC.$tI-User with ? wildcard in the list of DenyUsers" -skip:$skip {
|
||||
#Run
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port
|
||||
|
||||
Add-UserToLocalGroup -UserName $denyUser3 -Password $password -GroupName $allowGroup1
|
||||
|
||||
ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $denyUser3@$server echo 1234
|
||||
ssh -p $port -E $sshlog $denyUser3@$server echo 1234
|
||||
$LASTEXITCODE | Should Not Be 0
|
||||
Stop-SSHDTestDaemon
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
$sshdlog | Should Contain "not allowed because not listed in AllowUsers"
|
||||
|
||||
Remove-UserFromLocalGroup -UserName $denyUser3 -GroupName $allowGroup1
|
||||
|
|
@ -275,14 +295,14 @@ Describe "Tests of sshd_config" -Tags "CI" {
|
|||
|
||||
It "$tC.$tI-User is listed in the list of AllowUsers but also in a full name DenyGroups and AllowGroups" -skip:$skip {
|
||||
#Run
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port
|
||||
|
||||
Add-UserToLocalGroup -UserName $localuser1 -Password $password -GroupName $allowGroup1
|
||||
Add-UserToLocalGroup -UserName $localuser1 -Password $password -GroupName $denyGroup1
|
||||
|
||||
ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $localuser1@$server echo 1234
|
||||
ssh -p $port -E $sshlog $localuser1@$server echo 1234
|
||||
$LASTEXITCODE | Should Not Be 0
|
||||
Stop-SSHDTestDaemon
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
$sshdlog | Should Contain "not allowed because a group is listed in DenyGroups"
|
||||
|
||||
Remove-UserFromLocalGroup -UserName $localuser1 -GroupName $allowGroup1
|
||||
|
|
@ -292,13 +312,13 @@ Describe "Tests of sshd_config" -Tags "CI" {
|
|||
|
||||
It "$tC.$tI-User is listed in the list of AllowUsers but also in a wildcard * DenyGroups" -skip:$skip {
|
||||
#Run
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port
|
||||
|
||||
Add-UserToLocalGroup -UserName $localuser2 -Password $password -GroupName $denyGroup2
|
||||
|
||||
ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $localuser2@$server echo 1234
|
||||
ssh -p $port -E $sshlog $localuser2@$server echo 1234
|
||||
$LASTEXITCODE | Should Not Be 0
|
||||
Stop-SSHDTestDaemon
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
$sshdlog | Should Contain "not allowed because a group is listed in DenyGroups"
|
||||
|
||||
Remove-UserFromLocalGroup -UserName $localuser2 -GroupName $denyGroup2
|
||||
|
|
@ -307,13 +327,13 @@ Describe "Tests of sshd_config" -Tags "CI" {
|
|||
|
||||
It "$tC.$tI-User is listed in the list of AllowUsers but also in a wildcard ? DenyGroups" -skip:$skip {
|
||||
#Run
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port
|
||||
|
||||
Add-UserToLocalGroup -UserName $localuser3 -Password $password -GroupName $denyGroup3
|
||||
|
||||
ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $localuser3@$server echo 1234
|
||||
ssh -p $port -E $sshlog $localuser3@$server echo 1234
|
||||
$LASTEXITCODE | Should Not Be 0
|
||||
Stop-SSHDTestDaemon
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
$sshdlog | Should Contain "not allowed because a group is listed in DenyGroups"
|
||||
|
||||
Remove-UserFromLocalGroup -UserName $localuser3 -GroupName $denyGroup3
|
||||
|
|
@ -321,16 +341,16 @@ Describe "Tests of sshd_config" -Tags "CI" {
|
|||
}
|
||||
|
||||
It "$tC.$tI - Match User block with ForceCommand" -skip:$skip {
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog"
|
||||
Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port
|
||||
$matchuser = "matchuser"
|
||||
Add-UserToLocalGroup -UserName $matchuser -Password $password -GroupName $allowGroup1
|
||||
|
||||
$o = ssh -p $port -T -o "UserKnownHostsFile $testknownhosts" $matchuser@$server randomcommand
|
||||
$o = ssh -p $port -T $matchuser@$server randomcommand
|
||||
# Match block's ForceCommand returns output of "whoami & set SSH_ORIGINAL_COMMAND"
|
||||
$o[0].Contains($matchuser) | Should Be $true
|
||||
$o[1].Contains("randomcommand") | Should Be $true
|
||||
|
||||
Stop-SSHDTestDaemon
|
||||
Stop-SSHDTestDaemon -Port $port
|
||||
Remove-UserFromLocalGroup -UserName $matchuser -GroupName $allowGroup1
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,10 +21,10 @@ Port 47002
|
|||
# HostKey for protocol version 1
|
||||
#HostKey /etc/ssh/ssh_host_key
|
||||
# HostKeys for protocol version 2
|
||||
HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_rsa
|
||||
HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_dsa
|
||||
HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_ecdsa
|
||||
HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_ed25519
|
||||
HostKey ___TEST_SERVICE_CONFIG_DIR___\sshtest_hostkey_rsa
|
||||
HostKey ___TEST_SERVICE_CONFIG_DIR___\sshtest_hostkey_dsa
|
||||
HostKey ___TEST_SERVICE_CONFIG_DIR___\sshtest_hostkey_ecdsa
|
||||
HostKey ___TEST_SERVICE_CONFIG_DIR___\sshtest_hostkey_ed25519
|
||||
|
||||
# Lifetime and size of ephemeral version 1 server key
|
||||
#KeyRegenerationInterval 1h
|
||||
|
|
@ -126,4 +126,4 @@ PubkeyAcceptedKeyTypes ssh-ed25519*
|
|||
#AllowUsers allowuser1 allowu*r2 allow?se?3 allowuser4 localuser1 localu*r2 loc?lu?er3 localadmin
|
||||
#DenyGroups denygroup1 denygr*p2 deny?rou?3
|
||||
#AllowGroups allowgroup1 allowg*2 allowg?ou?3 Adm*
|
||||
TrustedUserCAKeys __PROGRAMDATA__\ssh\sshtest_ca_userkeys.pub
|
||||
TrustedUserCAKeys ___TEST_SERVICE_CONFIG_DIR___\sshtest_ca_userkeys.pub
|
||||
|
|
@ -1,4 +1,9 @@
|
|||
|
||||
###OpenSSHE2ETests
|
||||
[localhost]:47002 ssh-dss AAAAB3NzaC1kc3MAAACBAIyVGPwSzaCedtroufmFrwXGVPzYUMHPePvlduORG2+1VmLkP2Yw+U6MHRnaDyDriCulhnmwIueGxhH+t0HKbGK0j7XpGnwgmFOBIg5gJwQTDJ+gX+qC2ju55WB0Gkkwl+xktnAFSqmj8ttSzUBhh1ksh5A6oW+NKjwEVH8tQExFAAAAFQC0YldxCDQbTuDO04EVgA0OMpDIvwAAAIBXWRzpoyQWNoB18DGbY9zupGhfwuKGmnlj2mY0aYxY3qu1+9ciQOBrwYJlf4dEJbirwp2XmKzHZ6LFrkLQptVcD1wDkG/a/wMRvh+tbxlq45S3Eh0oNj1cobhUlFm9m5PM2HW1LccbOAEBUG/L4Vcj1Ag4n639H0fwDRL+rwOpjgAAAIBh/fSBidBGsQITgg45wwDszk7AAhngNm+jbiea8dbgYP6wpT6dJdg3pYwKT0V/PdXTSDi16kkoMkbUsMZyxyFJf/TtmCtBnon55yL9+H5dtcOBF8BXR7KzQX1E1n0eIL9jZ0Q4BspkB4LKQXhxRnrNJlv/oopxXua/GCMW17xxuA== sshtest_hostkey_dsa
|
||||
[localhost]:47002 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHF2eWwgnaUSLNNN0ilxiT916uMa6lusMB31AxfkDGArh4xCWL0e3F/gRifRephM0cD2dSh8Ji6VnjkhvZptjEw= sshtest_hostkey_ecdsa
|
||||
[localhost]:47002 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtJMxwn+iJU0X4+EC7PSj/cfcMbdP6ahhodtXx+6RHv sshtest_hostkey_ed25519
|
||||
[localhost]:47002 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDU+NcQ5NuRutQJoZVjDmP/vE6IYZOaE59FTUjaoZkuPl4prdOPgqAnCwSy9XtnfzPm/oe62SyYIHgj8wRzhqjMU8g8aGqfv9ryF+hpNXZrFYXIdkdxnubzfb4e70RRRoTH8P5vuY8sAn0FIRlV/3EDkSKBFy2W3InMTO6l8gbkzzkgbn1GLvH06QJVdb2PcHksSn7dJBVHWASYi3TJWWu4muI+ZNfothujxAHqjKTJuJ9apDZIc0tnkPmlifRmolSUS4OAH2KWZ+5Gwaj7gsB8bk4QuA+QCT60OCcuzCcy4FBuXvvXkM9MBe/P2KZjVLAn86SriRtoE4RI+9R9S7DV sshtest_hostkey_rsa
|
||||
[localhost]:47003 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtJMxwn+iJU0X4+EC7PSj/cfcMbdP6ahhodtXx+6RHv sshtest_hostkey_ed25519
|
||||
###OpenSSHE2ETests
|
||||
|
||||
|
|
@ -1,5 +1,9 @@
|
|||
# host alias for OpenSSH E2E tests
|
||||
|
||||
###OpenSSHE2ETests
|
||||
Host test_target
|
||||
HostName localhost
|
||||
Port 47002
|
||||
User sshtest_ssouser
|
||||
###OpenSSHE2ETests
|
||||
|
||||
|
||||
|
|
@ -1,121 +0,0 @@
|
|||
# test usage of sshd_config
|
||||
|
||||
Port 47003
|
||||
#AddressFamily any
|
||||
#ListenAddress 0.0.0.0
|
||||
#ListenAddress ::
|
||||
|
||||
# The default requires explicit activation of protocol 1
|
||||
#Protocol 2
|
||||
|
||||
# HostKey for protocol version 1
|
||||
#HostKey /etc/ssh/ssh_host_key
|
||||
# HostKeys for protocol version 2
|
||||
HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_rsa
|
||||
HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_dsa
|
||||
HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_ecdsa
|
||||
HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_ed25519
|
||||
|
||||
# Lifetime and size of ephemeral version 1 server key
|
||||
#KeyRegenerationInterval 1h
|
||||
#ServerKeyBits 1024
|
||||
|
||||
# Logging
|
||||
# obsoletes QuietMode and FascistLogging
|
||||
#SyslogFacility AUTH
|
||||
LogLevel DEBUG3
|
||||
|
||||
# Authentication:
|
||||
|
||||
#LoginGraceTime 2m
|
||||
#PermitRootLogin yes
|
||||
#StrictModes yes
|
||||
#MaxAuthTries 6
|
||||
#MaxSessions 10
|
||||
|
||||
#RSAAuthentication yes
|
||||
#PubkeyAuthentication yes
|
||||
|
||||
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
|
||||
# but this is overridden so installations will only check .ssh/authorized_keys
|
||||
AuthorizedKeysFile .ssh/authorized_keys
|
||||
|
||||
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
|
||||
#RhostsRSAAuthentication no
|
||||
# similar for protocol version 2
|
||||
#HostbasedAuthentication no
|
||||
# Change to yes if you don't trust ~/.ssh/known_hosts for
|
||||
# RhostsRSAAuthentication and HostbasedAuthentication
|
||||
#IgnoreUserKnownHosts no
|
||||
# Don't read the user's ~/.rhosts and ~/.shosts files
|
||||
#IgnoreRhosts yes
|
||||
|
||||
# To disable tunneled clear text passwords, change to no here!
|
||||
#PasswordAuthentication yes
|
||||
#PermitEmptyPasswords no
|
||||
|
||||
# Change to no to disable s/key passwords
|
||||
#ChallengeResponseAuthentication yes
|
||||
|
||||
# Kerberos options
|
||||
#KerberosAuthentication no
|
||||
#KerberosOrLocalPasswd yes
|
||||
#KerberosTicketCleanup yes
|
||||
#KerberosGetAFSToken no
|
||||
|
||||
# GSSAPI options
|
||||
#GSSAPIAuthentication no
|
||||
#GSSAPICleanupCredentials yes
|
||||
|
||||
# Set this to 'yes' to enable PAM authentication, account processing,
|
||||
# and session processing. If this is enabled, PAM authentication will
|
||||
# be allowed through the ChallengeResponseAuthentication and
|
||||
# PasswordAuthentication. Depending on your PAM configuration,
|
||||
# PAM authentication via ChallengeResponseAuthentication may bypass
|
||||
# the setting of "PermitRootLogin without-password".
|
||||
# If you just want the PAM account and session checks to run without
|
||||
# PAM authentication, then enable this but set PasswordAuthentication
|
||||
# and ChallengeResponseAuthentication to 'no'.
|
||||
#UsePAM no
|
||||
|
||||
#AllowAgentForwarding yes
|
||||
#AllowTcpForwarding yes
|
||||
#GatewayPorts no
|
||||
#X11Forwarding no
|
||||
#X11DisplayOffset 10
|
||||
#X11UseLocalhost yes
|
||||
#PrintMotd yes
|
||||
#PrintLastLog yes
|
||||
#TCPKeepAlive yes
|
||||
#UseLogin no
|
||||
#UsePrivilegeSeparation yes
|
||||
#PermitUserEnvironment no
|
||||
#Compression delayed
|
||||
#ClientAliveInterval 0
|
||||
#ClientAliveCountMax 3
|
||||
#UseDNS yes
|
||||
#PidFile /var/run/sshd.pid
|
||||
#MaxStartups 10
|
||||
#PermitTunnel no
|
||||
#ChrootDirectory none
|
||||
|
||||
# no default banner path
|
||||
#Banner none
|
||||
|
||||
# override default of no subsystems
|
||||
Subsystem sftp sftp-server.exe -l DEBUG3
|
||||
|
||||
# Example of overriding settings on a per-user basis
|
||||
#Match User anoncvs
|
||||
# X11Forwarding no
|
||||
# AllowTcpForwarding no
|
||||
# ForceCommand cvs server
|
||||
PubkeyAcceptedKeyTypes ssh-ed25519*
|
||||
|
||||
DenyUsers denyuser1 deny*2 denyuse?3,
|
||||
AllowUsers allowuser1 allowu*r2 allow?se?3 allowuser4 localuser1 localu*r2 loc?lu?er3 localadmin matchuser
|
||||
DenyGroups denygroup1 denygr*p2 deny?rou?3
|
||||
AllowGroups allowgroup1 allowg*2 allowg?ou?3 Adm*
|
||||
|
||||
Match User matchuser
|
||||
ForceCommand cmd.exe /c "whoami & set SSH_ORIGINAL_COMMAND"
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
# test usage of ssh_config
|
||||
|
||||
PubkeyAcceptedKeyTypes ssh-ed25519*
|
||||
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
||||
QyNTUxOQAAACAN1tdRDiL3ZAZMPT3c3/3Gg/XbWPK3M0gAZPhIFHivHgAAALBPa9N1T2vT
|
||||
dQAAAAtzc2gtZWQyNTUxOQAAACAN1tdRDiL3ZAZMPT3c3/3Gg/XbWPK3M0gAZPhIFHivHg
|
||||
AAAEAkxz77KuyYDchGmc6owF2ykq2rMzRqqQaEpJgyTrsLVA3W11EOIvdkBkw9Pdzf/caD
|
||||
9dtY8rczSABk+EgUeK8eAAAAJm5ld2xvZ2luQFlBTkJJTkdXMksxMlIyQFlhbmJpbmd3Mm
|
||||
sxMnIyAQIDBAUGBw==
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
|
|
@ -1 +0,0 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3W11EOIvdkBkw9Pdzf/caD9dtY8rczSABk+EgUeK8e newlogin@YANBINGW2K12R2@Yanbingw2k12r2
|
||||
|
|
@ -1 +0,0 @@
|
|||
[localhost]:47003 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtJMxwn+iJU0X4+EC7PSj/cfcMbdP6ahhodtXx+6RHv sshtest_hostkey_ed25519
|
||||
Loading…
Reference in New Issue