From 1137942918204a72af0b5f1fc2a96a2cfdccc26c Mon Sep 17 00:00:00 2001 From: Manoj Ampalam Date: Mon, 17 Jun 2019 22:46:33 -0700 Subject: [PATCH] Refactored pester based E2E test setup (#384) - Set up dedicated test endpoint instead of tweaking main service configuration. - Got rid of redundant custom test configuration files. - Cleaned up pester tests directory. Moved test filed to dedicated directory - Revised TestDaemon start/stop routines to use "netstat" for host process identification. This gets rid of slight flakiness in previous approach. --- contrib/win32/openssh/OpenSSHTestHelper.psm1 | 215 +++++++----------- .../Authorized_keys_fileperm.Tests.ps1 | 48 ++-- regress/pesterTests/Cfginclude.Tests.ps1 | 3 +- regress/pesterTests/CommonUtils.psm1 | 38 ++-- regress/pesterTests/SSHDConfig.tests.ps1 | 90 +++++--- regress/pesterTests/{ => data}/SSHD_Config | 10 +- regress/pesterTests/{ => data}/known_hosts | 5 + regress/pesterTests/{ => data}/ssh_config | 6 +- .../{ => data}/sshtest_ca_userkeys | 0 .../{ => data}/sshtest_ca_userkeys.pub | 0 .../{ => data}/sshtest_hostkey_dsa | 0 .../{ => data}/sshtest_hostkey_dsa.pub | 0 .../{ => data}/sshtest_hostkey_ecdsa | 0 .../{ => data}/sshtest_hostkey_ecdsa.pub | 0 .../{ => data}/sshtest_hostkey_ed25519 | 0 .../{ => data}/sshtest_hostkey_ed25519.pub | 0 .../{ => data}/sshtest_hostkey_rsa | 0 .../{ => data}/sshtest_hostkey_rsa.pub | 0 .../{ => data}/sshtest_userssokey_ed25519 | 0 .../{ => data}/sshtest_userssokey_ed25519.pub | 0 regress/pesterTests/testdata/SSHD_Config | 121 ---------- regress/pesterTests/testdata/ssh_config | 4 - .../testdata/sshtest_userPermTestkey_ed25519 | 8 - .../sshtest_userPermTestkey_ed25519.pub | 1 - regress/pesterTests/testdata/test_known_hosts | 1 - 25 files changed, 207 insertions(+), 343 deletions(-) rename regress/pesterTests/{ => data}/SSHD_Config (91%) rename regress/pesterTests/{ => data}/known_hosts (89%) rename regress/pesterTests/{ => data}/ssh_config (64%) rename regress/pesterTests/{ => data}/sshtest_ca_userkeys (100%) rename regress/pesterTests/{ => data}/sshtest_ca_userkeys.pub (100%) rename regress/pesterTests/{ => data}/sshtest_hostkey_dsa (100%) rename regress/pesterTests/{ => data}/sshtest_hostkey_dsa.pub (100%) rename regress/pesterTests/{ => data}/sshtest_hostkey_ecdsa (100%) rename regress/pesterTests/{ => data}/sshtest_hostkey_ecdsa.pub (100%) rename regress/pesterTests/{ => data}/sshtest_hostkey_ed25519 (100%) rename regress/pesterTests/{ => data}/sshtest_hostkey_ed25519.pub (100%) rename regress/pesterTests/{ => data}/sshtest_hostkey_rsa (100%) rename regress/pesterTests/{ => data}/sshtest_hostkey_rsa.pub (100%) rename regress/pesterTests/{ => data}/sshtest_userssokey_ed25519 (100%) rename regress/pesterTests/{ => data}/sshtest_userssokey_ed25519.pub (100%) delete mode 100644 regress/pesterTests/testdata/SSHD_Config delete mode 100644 regress/pesterTests/testdata/ssh_config delete mode 100644 regress/pesterTests/testdata/sshtest_userPermTestkey_ed25519 delete mode 100644 regress/pesterTests/testdata/sshtest_userPermTestkey_ed25519.pub delete mode 100644 regress/pesterTests/testdata/test_known_hosts diff --git a/contrib/win32/openssh/OpenSSHTestHelper.psm1 b/contrib/win32/openssh/OpenSSHTestHelper.psm1 index 19f558c3d..774a8d228 100644 --- a/contrib/win32/openssh/OpenSSHTestHelper.psm1 +++ b/contrib/win32/openssh/OpenSSHTestHelper.psm1 @@ -15,7 +15,7 @@ $PubKeyUser = "sshtest_pubkeyuser" $PasswdUser = "sshtest_passwduser" $OpenSSHTestAccountsPassword = "P@ssw0rd_1" $OpenSSHTestAccounts = $Script:SSOUser, $Script:PubKeyUser, $Script:PasswdUser -$OpenSSHConfigPath = Join-Path $env:ProgramData "ssh" +$SSHDTestSvcName = "sshdTestSvc" $Script:TestDataPath = "$env:SystemDrive\OpenSSHTests" $Script:SetupTestResultsFile = Join-Path $TestDataPath $SetupTestResultsFileName @@ -24,6 +24,7 @@ $Script:E2ETestResultsFile = Join-Path $TestDataPath $E2ETestResultsFileName $Script:UnitTestResultsFile = Join-Path $TestDataPath $UnitTestResultsFileName $Script:TestSetupLogFile = Join-Path $TestDataPath $TestSetupLogFileName $Script:E2ETestDirectory = Join-Path $repositoryRoot.FullName -ChildPath "regress\pesterTests" +$Script:E2ETestDataDirectory = Join-Path $Script:E2ETestDirectory data $Script:WindowsInBox = $false $Script:NoLibreSSL = $false $Script:EnableAppVerifier = $true @@ -81,19 +82,11 @@ function Set-OpenSSHTestEnvironment } $Global:OpenSSHTestInfo.Add("PostmortemDebugging", $Script:PostmortemDebugging) - #start service if not already started - Start-Service -Name sshd - $description = @" WARNING: Following changes will be made to OpenSSH configuration - - sshd_config will be backed up as sshd_config.ori - - will be replaced with a test sshd_config - - $HOME\.ssh\known_hosts will be backed up as known_hosts.ori - - will be replaced with a test known_hosts - - $HOME\.ssh\config will be backed up as config.ori - - will be replaced with a test config + - $HOME\.ssh\known_hosts will be amended with test endpoint entries + - $HOME\.ssh\config will be amended with test endpoint entries - sshd test listener will be on port 47002 - - $HOME\.ssh\known_hosts will be modified with test host key entry - test accounts - ssouser, pubkeyuser, and passwduser will be added - Setup single signon for ssouser - To cleanup - Run Clear-OpenSSHTestEnvironment @@ -109,18 +102,61 @@ WARNING: Following changes will be made to OpenSSH configuration Install-OpenSSHTestDependencies - $backupConfigPath = Join-Path $OpenSSHConfigPath sshd_config.ori - $targetsshdConfig = Join-Path $OpenSSHConfigPath sshd_config - #Backup existing OpenSSH configuration - if ((Test-Path $targetsshdConfig -PathType Leaf) -and (-not (Test-Path $backupConfigPath -PathType Leaf))) { - Copy-Item $targetsshdConfig $backupConfigPath -Force - } - # copy new sshd_config - Copy-Item (Join-Path $Script:E2ETestDirectory sshd_config) $targetsshdConfig -Force - if($DebugMode) { - $con = (Get-Content $targetsshdConfig | Out-String).Replace("#SyslogFacility AUTH","SyslogFacility LOCAL0") - Set-Content -Path $targetsshdConfig -Value "$con" -Force + + ##### START: install sshd test service + #delete service if exists + if (Get-Service $SSHDTestSvcName -ErrorAction SilentlyContinue) + { + Stop-Service $SSHDTestSvcName + sc.exe delete $SSHDTestSvcName 1>$null } + + #prepare config directory + $testSvcConfigDir = Join-Path $Global:OpenSSHTestInfo["TestDataPath"] "serviceconfig" + Remove-Item $testSvcConfigDir -Force -Recurse -ErrorAction SilentlyContinue + New-Item -ItemType Directory -Path $testSvcConfigDir + $Global:OpenSSHTestInfo["ServiceConfigDir"] = $testSvcConfigDir + + #copy sshd_config + $testSshdConfig = Join-Path $testSvcConfigDir sshd_config + Copy-Item (Join-Path $Script:E2ETestDataDirectory sshd_config) $testSshdConfig -Force + $con = (Get-Content $testSshdConfig | Out-String).Replace("___TEST_SERVICE_CONFIG_DIR___", $testSvcConfigDir) + Set-Content -Path $testSshdConfig -Value "$con" -Force + if($DebugMode) { + $con = (Get-Content $testSshdConfig | Out-String).Replace("#SyslogFacility AUTH","SyslogFacility LOCAL0") + Set-Content -Path $testSshdConfig -Value "$con" -Force + } + + #copy sshtest keys + Copy-Item "$($Script:E2ETestDataDirectory)\sshtest*hostkey*" $testSvcConfigDir -Force + + #copy ca pubkey to ssh config path + Copy-Item "$($Script:E2ETestDataDirectory)\sshtest_ca_userkeys.pub" $testSvcConfigDir -Force + + $acl = New-Object System.Security.AccessControl.DirectorySecurity + $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Administrators","FullControl","Allow") + $acl.AddAccessRule($rule) + $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("System","FullControl","Allow") + $acl.AddAccessRule($rule) + $acl.SetAccessRuleProtection($true, $true) + + Get-ChildItem $testSvcConfigDir | foreach {$acl | set-acl $_.FullName} + + + $SSHDTestSvcNameCmdLine = (Join-Path $script:OpenSSHBinPath sshd) + " -f " + $testSshdConfig + New-Service -Name $SSHDTestSvcName -DisplayName "OpenSSH SSH Test Server for E2E tests" -BinaryPathName $SSHDTestSvcNameCmdLine -StartupType Manual | Out-Null + sc.exe privs $SSHDTestSvcName SeAssignPrimaryTokenPrivilege/SeTcbPrivilege/SeBackupPrivilege/SeRestorePrivilege/SeImpersonatePrivilege + + Start-Service $SSHDTestSvcName + ##### END: install sshd test service + + + #copy ca private key to test dir + $ca_priv_key = (Join-Path $Global:OpenSSHTestInfo["TestDataPath"] sshtest_ca_userkeys) + Copy-Item (Join-Path $Script:E2ETestDataDirectory sshtest_ca_userkeys) $ca_priv_key -Force + Repair-UserSshConfigPermission -FilePath $ca_priv_key -confirm:$false + $Global:OpenSSHTestInfo["CA_Private_Key"] = $ca_priv_key + $sshAgentSvc = Get-service ssh-agent if($sshAgentSvc.StartType -eq [System.ServiceProcess.ServiceStartMode]::Disabled) { @@ -128,41 +164,34 @@ WARNING: Following changes will be made to OpenSSH configuration } Start-Service ssh-agent - #copy sshtest keys - Copy-Item "$($Script:E2ETestDirectory)\sshtest*hostkey*" $OpenSSHConfigPath -Force - Get-ChildItem "$($OpenSSHConfigPath)\sshtest*hostkey*" -Exclude *.pub| % { - Repair-SshdHostKeyPermission -FilePath $_.FullName -confirm:$false - } - #copy ca pubkey to ssh config path - Copy-Item "$($Script:E2ETestDirectory)\sshtest_ca_userkeys.pub" $OpenSSHConfigPath -Force - - #copy ca private key to test dir - $ca_priv_key = (Join-Path $Global:OpenSSHTestInfo["TestDataPath"] sshtest_ca_userkeys) - Copy-Item (Join-Path $Script:E2ETestDirectory sshtest_ca_userkeys) $ca_priv_key -Force - Repair-UserSshConfigPermission -FilePath $ca_priv_key -confirm:$false - $Global:OpenSSHTestInfo["CA_Private_Key"] = $ca_priv_key - - Restart-Service sshd -Force - - #Backup existing known_hosts and replace with test version - #TODO - account for custom known_hosts locations + + #Prepare user config - known_hosts and ssh_config $dotSshDirectoryPath = Join-Path $home .ssh - $knowHostsFilePath = Join-Path $dotSshDirectoryPath known_hosts if(-not (Test-Path $dotSshDirectoryPath -PathType Container)) { New-Item -ItemType Directory -Path $dotSshDirectoryPath -Force -ErrorAction SilentlyContinue | out-null } - if ((Test-Path $knowHostsFilePath -PathType Leaf) -and (-not (Test-Path (Join-Path $dotSshDirectoryPath known_hosts.ori) -PathType Leaf))) { - Copy-Item $knowHostsFilePath (Join-Path $dotSshDirectoryPath known_hosts.ori) -Force + + $knowHostsFilePath = Join-Path $dotSshDirectoryPath known_hosts + if (-not (Test-Path $knowHostsFilePath -PathType Leaf)) { + Copy-Item (Join-Path $Script:E2ETestDataDirectory known_hosts) $knowHostsFilePath -Force + } + $con = Get-Content $knowHostsFilePath + if (($con -eq $null) -or (-not($con.Contains("###OpenSSHE2ETests")))) { + Get-Content (Join-Path $Script:E2ETestDataDirectory known_hosts) | Add-Content $knowHostsFilePath } - Copy-Item (Join-Path $Script:E2ETestDirectory known_hosts) $knowHostsFilePath -Force $sshConfigFilePath = Join-Path $dotSshDirectoryPath config - if ((Test-Path $sshConfigFilePath -PathType Leaf) -and (-not (Test-Path (Join-Path $dotSshDirectoryPath config.ori) -PathType Leaf))) { - Copy-Item $sshConfigFilePath (Join-Path $dotSshDirectoryPath config.ori) -Force + if (-not (Test-Path (Join-Path $dotSshDirectoryPath config) -PathType Leaf)) { + Copy-Item (Join-Path $Script:E2ETestDataDirectory ssh_config) $sshConfigFilePath -Force } - Copy-Item (Join-Path $Script:E2ETestDirectory ssh_config) $sshConfigFilePath -Force + $con = Get-Content $sshConfigFilePath + if (($con -eq $null) -or (-not($con.Contains("###OpenSSHE2ETests")))) { + Get-Content (Join-Path $Script:E2ETestDataDirectory ssh_config) | Add-Content $sshConfigFilePath + } + + Copy-Item (Join-Path $Script:E2ETestDataDirectory ssh_config) $sshConfigFilePath -Force Repair-UserSshConfigPermission -FilePath $sshConfigFilePath -confirm:$false # create test accounts @@ -188,11 +217,11 @@ WARNING: Following changes will be made to OpenSSH configuration New-Item -ItemType Directory -Path (Join-Path $ssouserProfile .ssh) -Force -ErrorAction SilentlyContinue | out-null $authorizedKeyPath = Join-Path $ssouserProfile .ssh\authorized_keys - $testPubKeyPath = Join-Path $Script:E2ETestDirectory sshtest_userssokey_ed25519.pub + $testPubKeyPath = Join-Path $Script:E2ETestDataDirectory sshtest_userssokey_ed25519.pub Copy-Item $testPubKeyPath $authorizedKeyPath -Force -ErrorAction SilentlyContinue Repair-AuthorizedKeyPermission -FilePath $authorizedKeyPath -confirm:$false - copy-item (Join-Path $Script:E2ETestDirectory sshtest_userssokey_ed25519) $Global:OpenSSHTestInfo["TestDataPath"] + copy-item (Join-Path $Script:E2ETestDataDirectory sshtest_userssokey_ed25519) $Global:OpenSSHTestInfo["TestDataPath"] $testPriKeypath = Join-Path $Global:OpenSSHTestInfo["TestDataPath"] sshtest_userssokey_ed25519 cmd /c "ssh-add -D 2>&1 >> $Script:TestSetupLogFile" Repair-UserKeyPermission -FilePath $testPriKeypath -confirm:$false @@ -214,8 +243,6 @@ WARNING: Following changes will be made to OpenSSH configuration New-ItemProperty "HKLM:Software\Microsoft\Windows NT\CurrentVersion\AeDebug" -Name Auto -Type String -Value "1" -Force -ErrorAction SilentlyContinue | Out-Null } } - - Backup-OpenSSHTestInfo } function Set-BasicTestInfo @@ -504,34 +531,14 @@ function Clear-OpenSSHTestEnvironment Remove-ItemProperty "HKLM:Software\Microsoft\Windows NT\CurrentVersion\AeDebug" -Name Debugger -ErrorAction SilentlyContinue -Force | Out-Null Remove-ItemProperty "HKLM:Software\Microsoft\Windows NT\CurrentVersion\AeDebug" -Name Auto -ErrorAction SilentlyContinue -Force | Out-Null } - - Remove-Item "$OpenSSHConfigPath\sshtest*hostkey*" -Force -ErrorAction SilentlyContinue - Remove-Item "$OpenSSHConfigPath\sshtest*ca_userkeys*" -Force -ErrorAction SilentlyContinue - - #Restore sshd_config - $backupConfigPath = Join-Path $OpenSSHConfigPath sshd_config.ori - if (Test-Path $backupConfigPath -PathType Leaf) { - Copy-Item $backupConfigPath (Join-Path $OpenSSHConfigPath sshd_config) -Force -ErrorAction SilentlyContinue - Remove-Item (Join-Path $OpenSSHConfigPath sshd_config.ori) -Force -ErrorAction SilentlyContinue - Restart-Service sshd + + #delete service if exists + if (Get-Service $SSHDTestSvcName -ErrorAction SilentlyContinue) + { + Stop-Service $SSHDTestSvcName + sc.exe delete $SSHDTestSvcName 1>$null } - #Restore known_hosts - $originKnowHostsPath = Join-Path $home .ssh\known_hosts.ori - if (Test-Path $originKnowHostsPath) - { - Copy-Item $originKnowHostsPath (Join-Path $home .ssh\known_hosts) -Force -ErrorAction SilentlyContinue - Remove-Item $originKnowHostsPath -Force -ErrorAction SilentlyContinue - } - - #Restore ssh_config - $originConfigPath = Join-Path $home .ssh\config.ori - if (Test-Path $originConfigPath) - { - Copy-Item $originConfigPath (Join-Path $home .ssh\config) -Force -ErrorAction SilentlyContinue - Remove-Item $originConfigPath -Force -ErrorAction SilentlyContinue - } - #Delete accounts foreach ($user in $OpenSSHTestAccounts) { @@ -539,7 +546,7 @@ function Clear-OpenSSHTestEnvironment } # remove registered keys - cmd /c "ssh-add -d (Join-Path $Script:E2ETestDirectory sshtest_userssokey_ed25519) 2>&1 >> $Script:TestSetupLogFile" + cmd /c "ssh-add -d (Join-Path $Script:E2ETestDataDirectory sshtest_userssokey_ed25519) 2>&1 >> $Script:TestSetupLogFile" if($Global:OpenSSHTestInfo -ne $null) { @@ -728,56 +735,6 @@ function Invoke-OpenSSHUnitTest $testfailed } -function Backup-OpenSSHTestInfo -{ - param - ( - [string] $BackupFile = $null - ) - - if ($Global:OpenSSHTestInfo -eq $null) { - Throw "`$OpenSSHTestInfo is null. Did you run Set-OpenSSHTestEnvironment yet?" - } - - $testInfo = $Global:OpenSSHTestInfo - - if ([String]::IsNullOrEmpty($BackupFile)) { - $BackupFile = Join-Path $testInfo["TestDataPath"] "OpenSSHTestInfo_backup.txt" - } - - $null | Set-Content $BackupFile - - foreach ($key in $testInfo.Keys) { - $value = $testInfo[$key] - Add-Content $BackupFile "$key,$value" - } -} - -function Restore-OpenSSHTestInfo -{ - param - ( - [Parameter(Mandatory=$true)] - [ValidateNotNullOrEmpty()] - [string] $BackupFile - ) - - if($Global:OpenSSHTestInfo -ne $null) - { - $Global:OpenSSHTestInfo.Clear() - $Global:OpenSSHTestInfo = $null - } - - $Global:OpenSSHTestInfo = @{} - - $entries = Get-Content $BackupFile - - foreach ($entry in $entries) { - $data = $entry.Split(",") - $Global:OpenSSHTestInfo[$data[0]] = $data[1] - } -} - <# Write-Log #> @@ -799,4 +756,4 @@ function Write-Log } } -Export-ModuleMember -Function Set-BasicTestInfo, Set-OpenSSHTestEnvironment, Clear-OpenSSHTestEnvironment, Invoke-OpenSSHSetupTest, Invoke-OpenSSHUnitTest, Invoke-OpenSSHE2ETest, Invoke-OpenSSHUninstallTest, Backup-OpenSSHTestInfo, Restore-OpenSSHTestInfo +Export-ModuleMember -Function Set-BasicTestInfo, Set-OpenSSHTestEnvironment, Clear-OpenSSHTestEnvironment, Invoke-OpenSSHSetupTest, Invoke-OpenSSHUnitTest, Invoke-OpenSSHE2ETest, Invoke-OpenSSHUninstallTest \ No newline at end of file diff --git a/regress/pesterTests/Authorized_keys_fileperm.Tests.ps1 b/regress/pesterTests/Authorized_keys_fileperm.Tests.ps1 index 9bb838883..3577f2f9f 100644 --- a/regress/pesterTests/Authorized_keys_fileperm.Tests.ps1 +++ b/regress/pesterTests/Authorized_keys_fileperm.Tests.ps1 @@ -25,6 +25,7 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" { $PwdUser = $OpenSSHTestInfo["PasswdUser"] $ssouserProfile = $OpenSSHTestInfo["SSOUserProfile"] $opensshbinpath = $OpenSSHTestInfo['OpenSSHBinPath'] + $sshdconfig = Join-Path $Global:OpenSSHTestInfo["ServiceConfigDir"] sshd_config Remove-Item -Path (Join-Path $testDir "*$sshLogName") -Force -ErrorAction SilentlyContinue #skip when the task schedular (*-ScheduledTask) cmdlets does not exist @@ -61,12 +62,11 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" { } $authorizedkeyPath = Join-Path $ssouserProfile .testssh\authorized_keys $Source = Join-Path $ssouserProfile .ssh\authorized_keys - $testknownhosts = Join-path $PSScriptRoot testdata\test_known_hosts Copy-Item $Source $ssouserSSHProfilePath -Force -ErrorAction Stop Repair-AuthorizedKeyPermission -Filepath $authorizedkeyPath -confirm:$false if(-not $skip) { - Stop-SSHDTestDaemon + Stop-SSHDTestDaemon -Port $port } #add wrong password so ssh does not prompt password if failed with authorized keys @@ -92,7 +92,7 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" { $sshdlog = Join-Path $testDir "$tC.$tI.$sshdLogName" if(-not $skip) { - Stop-SSHDTestDaemon + Stop-SSHDTestDaemon -Port $port } } @@ -101,9 +101,9 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" { Repair-FilePermission -Filepath $authorizedkeyPath -Owners $objUserSid -FullAccessNeeded $adminsSid,$systemSid,$objUserSid -confirm:$false #Run - Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" - $o = ssh -p $port $ssouser@$server -o "UserKnownHostsFile $testknownhosts" echo 1234 - Stop-SSHDTestDaemon + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdconfig -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" -Port $port + $o = ssh -p $port $ssouser@$server echo 1234 + Stop-SSHDTestDaemon -Port $port $o | Should Be "1234" } @@ -112,10 +112,10 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" { Repair-FilePermission -Filepath $authorizedkeyPath -Owner $systemSid -FullAccessNeeded $adminsSid,$systemSid,$objUserSid -confirm:$false #Run - Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdconfig -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" -Port $port - $o = ssh -p $port $ssouser@$server -o "UserKnownHostsFile $testknownhosts" echo 1234 - Stop-SSHDTestDaemon + $o = ssh -p $port $ssouser@$server echo 1234 + Stop-SSHDTestDaemon -Port $port $o | Should Be "1234" } @@ -124,9 +124,9 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" { Repair-FilePermission -Filepath $authorizedkeyPath -Owner $adminsSid -FullAccessNeeded $adminsSid,$systemSid -confirm:$false #Run - Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" - $o = ssh -p $port $ssouser@$server -o "UserKnownHostsFile $testknownhosts" echo 1234 - Stop-SSHDTestDaemon + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdconfig -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" -Port $port + $o = ssh -p $port $ssouser@$server echo 1234 + Stop-SSHDTestDaemon -Port $port $o | Should Be "1234" } @@ -135,9 +135,9 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" { Repair-FilePermission -Filepath $authorizedkeyPath -Owner $adminsSid -FullAccessNeeded $adminsSid,$systemSid,$objUserSid -confirm:$false #Run - Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" - $o = ssh -p $port $ssouser@$server -o "UserKnownHostsFile $testknownhosts" echo 1234 - Stop-SSHDTestDaemon + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdconfig -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" -Port $port + $o = ssh -p $port $ssouser@$server echo 1234 + Stop-SSHDTestDaemon -Port $port $o | Should Be "1234" } @@ -146,10 +146,10 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" { Repair-FilePermission -Filepath $authorizedkeyPath -Owner $currentUserSid -FullAccessNeeded $adminsSid,$systemSid -confirm:$false #Run - Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" - ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $ssouser@$server echo 1234 + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdconfig -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" -Port $port + ssh -p $port -E $sshlog $ssouser@$server echo 1234 $LASTEXITCODE | Should Not Be 0 - Stop-SSHDTestDaemon + Stop-SSHDTestDaemon -Port $port $sshlog | Should Contain "Permission denied" $sshdlog | Should Contain "Authentication refused." } @@ -163,10 +163,10 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" { Set-FilePermission -FilePath $authorizedkeyPath -User $objPwdUserSid -Perm "Read" #Run - Start-SSHDTestDaemon -workDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" - ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $ssouser@$server echo 1234 + Start-SSHDTestDaemon -workDir $opensshbinpath -Arguments "-d -f $sshdconfig -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" -Port $port + ssh -p $port -E $sshlog $ssouser@$server echo 1234 $LASTEXITCODE | Should Not Be 0 - Stop-SSHDTestDaemon + Stop-SSHDTestDaemon -Port $port $sshlog | Should Contain "Permission denied" $sshdlog | Should Contain "Authentication refused." } @@ -177,10 +177,10 @@ Describe "Tests for authorized_keys file permission" -Tags "CI" { Repair-FilePermission -Filepath $authorizedkeyPath -Owner $objPwdUserSid -FullAccessNeeded $adminsSid,$systemSid,$objPwdUser -confirm:$false #Run - Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -p $port -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" - ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $ssouser@$server echo 1234 + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdconfig -o `"AuthorizedKeysFile .testssh/authorized_keys`" -E $sshdlog" -Port $port + ssh -p $port -E $sshlog $ssouser@$server echo 1234 $LASTEXITCODE | Should Not Be 0 - Stop-SSHDTestDaemon + Stop-SSHDTestDaemon -Port $port $sshlog | Should Contain "Permission denied" $sshdlog | Should Contain "Authentication refused." } diff --git a/regress/pesterTests/Cfginclude.Tests.ps1 b/regress/pesterTests/Cfginclude.Tests.ps1 index c0cc62791..0639e04e8 100644 --- a/regress/pesterTests/Cfginclude.Tests.ps1 +++ b/regress/pesterTests/Cfginclude.Tests.ps1 @@ -58,7 +58,8 @@ Describe "Tests for ssh config" -Tags "CI" { $userConfigFile = Join-Path $home ".ssh\config" if( -not (Test-path $userConfigFile) ) { - Copy-item "$PSScriptRoot\testdata\ssh_config" $userConfigFile -force + #prep sample config + Add-Content "PubkeyAcceptedKeyTypes ssh-ed25519*" $userConfigFile } Enable-Privilege SeRestorePrivilege | out-null $oldACL = Get-ACL $userConfigFile diff --git a/regress/pesterTests/CommonUtils.psm1 b/regress/pesterTests/CommonUtils.psm1 index 94e29c694..551966633 100644 --- a/regress/pesterTests/CommonUtils.psm1 +++ b/regress/pesterTests/CommonUtils.psm1 @@ -114,15 +114,16 @@ function Start-SSHDTestDaemon { param( [string] $Arguments, - [string] $Workdir) + [string] $Workdir, + [string] $Port) + $Arguments += " -p $Port" $ac = New-ScheduledTaskAction -Execute (join-path $workdir "sshd") -WorkingDirectory $workdir -Argument $Arguments $task = Register-ScheduledTask -TaskName $Taskname -User system -Action $ac -TaskPath $Taskfolder -Force Start-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname - $svcpid = ((tasklist /svc | select-string -Pattern ".+sshd").ToString() -split "\s+")[1] #sleep for 1 seconds for process to ready to listener $num = 0 - while((Get-Process sshd | Where-Object {$_.Id -ne $svcpid}) -eq $null) + while ((netstat -anop TCP | select-string -Pattern "0.0.0.0:$Port") -eq $null) { start-sleep 1 $num++ @@ -132,6 +133,9 @@ function Start-SSHDTestDaemon function Stop-SSHDTestDaemon { + param( + [string] $Port) + $task = Get-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname -ErrorAction SilentlyContinue if($task) { @@ -141,16 +145,24 @@ function Stop-SSHDTestDaemon } Unregister-ScheduledTask -TaskPath $Taskfolder -TaskName $Taskname -Confirm:$false } - #if still running, wait a little while for task to complete - #stop-scheduledTask does not wait for worker process to end. Kill it if still running. Logic below assume sshd service is running - $svcpid = ((tasklist /svc | select-string -Pattern ".+sshd").ToString() -split "\s+")[1] - Get-Process sshd -ErrorAction SilentlyContinue | Where-Object {$_.Id -ne $svcpid} | Stop-Process -Force -ErrorAction SilentlyContinue - $num = 0 - while((Get-Process sshd | Where-Object {$_.Id -ne $svcpid})) + + #kill process listening on $Port + $p = netstat -anop TCP | select-string -Pattern "0.0.0.0:$Port" + if (-not($p -eq $null)) { - # sshd process is still running; wait 1 more seconds" - start-sleep 1 - $num++ - if($num -gt 30) { break } + foreach ($ps in $p) { + $pss =$ps.ToString() -split "\s+"; + $pid = $pss[$pss.length -1] + Stop-Process -Id $pid -Force -ErrorAction SilentlyContinue + } + #if still running, wait a little while for task to complete + $num = 0 + while (-not((netstat -anop TCP | select-string -Pattern "0.0.0.0:$Port") -eq $null)) + { + start-sleep 1 + $num++ + if($num -gt 30) { break } + } } + } \ No newline at end of file diff --git a/regress/pesterTests/SSHDConfig.tests.ps1 b/regress/pesterTests/SSHDConfig.tests.ps1 index 8fe38be35..761b52003 100644 --- a/regress/pesterTests/SSHDConfig.tests.ps1 +++ b/regress/pesterTests/SSHDConfig.tests.ps1 @@ -27,7 +27,28 @@ Describe "Tests of sshd_config" -Tags "CI" { $ContextName = $env:COMPUTERNAME $ContextType = [System.DirectoryServices.AccountManagement.ContextType]::Machine $PrincipalContext = new-object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList @($ContextType, $ContextName) - $IdentityType = [System.DirectoryServices.AccountManagement.IdentityType]::SamAccountName + $IdentityType = [System.DirectoryServices.AccountManagement.IdentityType]::SamAccountName + + #prepare custom sshd_config + $sshdconfig_ori = Join-Path $Global:OpenSSHTestInfo["ServiceConfigDir"] sshd_config + $sshdconfig_custom = Join-Path $Global:OpenSSHTestInfo["ServiceConfigDir"] sshd_config_custom + if (Test-Path $sshdconfig_custom) { + Remove-Item $sshdconfig_custom -Force + } + Copy-Item $sshdconfig_ori $sshdconfig_custom + get-acl $sshdconfig_ori | set-acl $sshdconfig_custom + + Add-Content $sshdconfig_custom @" + +DenyUsers denyuser1 deny*2 denyuse?3, +AllowUsers allowuser1 allowu*r2 allow?se?3 allowuser4 localuser1 localu*r2 loc?lu?er3 localadmin matchuser +DenyGroups denygroup1 denygr*p2 deny?rou?3 +AllowGroups allowgroup1 allowg*2 allowg?ou?3 Adm* + +Match User matchuser + ForceCommand cmd.exe /c "whoami & set SSH_ORIGINAL_COMMAND" + +"@ function Add-LocalUser { @@ -118,7 +139,7 @@ Describe "Tests of sshd_config" -Tags "CI" { $skip = $ts -eq $null if(-not $skip) { - Stop-SSHDTestDaemon + Stop-SSHDTestDaemon -Port $port } if(($platform -eq [PlatformType]::Windows) -and ([Environment]::OSVersion.Version.Major -le 6)) { @@ -169,8 +190,7 @@ Describe "Tests of sshd_config" -Tags "CI" { $denyGroup1 = "denygroup1" $denyGroup2 = "denygroup2" $denyGroup3 = "denygroup3" - $sshdConfigPath = Join-Path $PSScriptRoot testdata\SSHD_Config - $testknownhosts = Join-path $PSScriptRoot testdata\test_known_hosts + $sshdConfigPath = $sshdconfig_custom #add wrong password so ssh does not prompt password if failed with authorized keys Add-PasswordSetting -Pass $password $tI=1 @@ -181,7 +201,7 @@ Describe "Tests of sshd_config" -Tags "CI" { $sshdlog = Join-Path $testDir "$tC.$tI.$sshdLogName" if(-not $skip) { - Stop-SSHDTestDaemon + Stop-SSHDTestDaemon -Port $port } } @@ -192,12 +212,12 @@ Describe "Tests of sshd_config" -Tags "CI" { It "$tC.$tI-User with full name in the list of AllowUsers" -skip:$skip { #Run - Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port Add-UserToLocalGroup -UserName $allowUser1 -Password $password -GroupName $allowGroup1 - $o = ssh -p $port $allowUser1@$server -o "UserKnownHostsFile $testknownhosts" echo 1234 - Stop-SSHDTestDaemon + $o = ssh -p $port $allowUser1@$server echo 1234 + Stop-SSHDTestDaemon -Port $port $o | Should Be "1234" Remove-UserFromLocalGroup -UserName $allowUser1 -GroupName $allowGroup1 @@ -205,12 +225,12 @@ Describe "Tests of sshd_config" -Tags "CI" { It "$tC.$tI-User with * wildcard" -skip:$skip { #Run - Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port Add-UserToLocalGroup -UserName $allowUser2 -Password $password -GroupName $allowGroup1 - $o = ssh -p $port $allowUser2@$server -o "UserKnownHostsFile $testknownhosts" echo 1234 - Stop-SSHDTestDaemon + $o = ssh -p $port $allowUser2@$server echo 1234 + Stop-SSHDTestDaemon -Port $port $o | Should Be "1234" Remove-UserFromLocalGroup -UserName $allowUser2 -GroupName $allowGroup1 @@ -218,11 +238,11 @@ Describe "Tests of sshd_config" -Tags "CI" { It "$tC.$tI-User with ? wildcard" -skip:$skip { #Run - Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port Add-UserToLocalGroup -UserName $allowUser3 -Password $password -GroupName $allowGroup1 - $o = ssh -p $port $allowUser3@$server -o "UserKnownHostsFile $testknownhosts" echo 1234 - Stop-SSHDTestDaemon + $o = ssh -p $port $allowUser3@$server echo 1234 + Stop-SSHDTestDaemon -Port $port $o | Should Be "1234" Remove-UserFromLocalGroup -UserName $allowUser3 -GroupName $allowGroup1 @@ -230,13 +250,13 @@ Describe "Tests of sshd_config" -Tags "CI" { It "$tC.$tI-User with full name in the list of DenyUsers" -skip:$skip { #Run - Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port Add-UserToLocalGroup -UserName $denyUser1 -Password $password -GroupName $allowGroup1 - ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $denyUser1@$server echo 1234 + ssh -p $port -E $sshlog $denyUser1@$server echo 1234 $LASTEXITCODE | Should Not Be 0 - Stop-SSHDTestDaemon + Stop-SSHDTestDaemon -Port $port $sshdlog | Should Contain "not allowed because listed in DenyUsers" Remove-UserFromLocalGroup -UserName $denyUser1 -GroupName $allowGroup1 @@ -245,13 +265,13 @@ Describe "Tests of sshd_config" -Tags "CI" { It "$tC.$tI-User with * wildcard in the list of DenyUsers" -skip:$skip { #Run - Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port Add-UserToLocalGroup -UserName $denyUser2 -Password $password -GroupName $allowGroup1 - ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $denyUser2@$server echo 1234 + ssh -p $port -E $sshlog $denyUser2@$server echo 1234 $LASTEXITCODE | Should Not Be 0 - Stop-SSHDTestDaemon + Stop-SSHDTestDaemon -Port $port $sshdlog | Should Contain "not allowed because listed in DenyUsers" Remove-UserFromLocalGroup -UserName $denyUser2 -GroupName $allowGroup1 @@ -260,13 +280,13 @@ Describe "Tests of sshd_config" -Tags "CI" { It "$tC.$tI-User with ? wildcard in the list of DenyUsers" -skip:$skip { #Run - Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port Add-UserToLocalGroup -UserName $denyUser3 -Password $password -GroupName $allowGroup1 - ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $denyUser3@$server echo 1234 + ssh -p $port -E $sshlog $denyUser3@$server echo 1234 $LASTEXITCODE | Should Not Be 0 - Stop-SSHDTestDaemon + Stop-SSHDTestDaemon -Port $port $sshdlog | Should Contain "not allowed because not listed in AllowUsers" Remove-UserFromLocalGroup -UserName $denyUser3 -GroupName $allowGroup1 @@ -275,14 +295,14 @@ Describe "Tests of sshd_config" -Tags "CI" { It "$tC.$tI-User is listed in the list of AllowUsers but also in a full name DenyGroups and AllowGroups" -skip:$skip { #Run - Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port Add-UserToLocalGroup -UserName $localuser1 -Password $password -GroupName $allowGroup1 Add-UserToLocalGroup -UserName $localuser1 -Password $password -GroupName $denyGroup1 - ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $localuser1@$server echo 1234 + ssh -p $port -E $sshlog $localuser1@$server echo 1234 $LASTEXITCODE | Should Not Be 0 - Stop-SSHDTestDaemon + Stop-SSHDTestDaemon -Port $port $sshdlog | Should Contain "not allowed because a group is listed in DenyGroups" Remove-UserFromLocalGroup -UserName $localuser1 -GroupName $allowGroup1 @@ -292,13 +312,13 @@ Describe "Tests of sshd_config" -Tags "CI" { It "$tC.$tI-User is listed in the list of AllowUsers but also in a wildcard * DenyGroups" -skip:$skip { #Run - Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port Add-UserToLocalGroup -UserName $localuser2 -Password $password -GroupName $denyGroup2 - ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $localuser2@$server echo 1234 + ssh -p $port -E $sshlog $localuser2@$server echo 1234 $LASTEXITCODE | Should Not Be 0 - Stop-SSHDTestDaemon + Stop-SSHDTestDaemon -Port $port $sshdlog | Should Contain "not allowed because a group is listed in DenyGroups" Remove-UserFromLocalGroup -UserName $localuser2 -GroupName $denyGroup2 @@ -307,13 +327,13 @@ Describe "Tests of sshd_config" -Tags "CI" { It "$tC.$tI-User is listed in the list of AllowUsers but also in a wildcard ? DenyGroups" -skip:$skip { #Run - Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port Add-UserToLocalGroup -UserName $localuser3 -Password $password -GroupName $denyGroup3 - ssh -p $port -E $sshlog -o "UserKnownHostsFile $testknownhosts" $localuser3@$server echo 1234 + ssh -p $port -E $sshlog $localuser3@$server echo 1234 $LASTEXITCODE | Should Not Be 0 - Stop-SSHDTestDaemon + Stop-SSHDTestDaemon -Port $port $sshdlog | Should Contain "not allowed because a group is listed in DenyGroups" Remove-UserFromLocalGroup -UserName $localuser3 -GroupName $denyGroup3 @@ -321,16 +341,16 @@ Describe "Tests of sshd_config" -Tags "CI" { } It "$tC.$tI - Match User block with ForceCommand" -skip:$skip { - Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" + Start-SSHDTestDaemon -WorkDir $opensshbinpath -Arguments "-d -f $sshdConfigPath -E $sshdlog" -Port $port $matchuser = "matchuser" Add-UserToLocalGroup -UserName $matchuser -Password $password -GroupName $allowGroup1 - $o = ssh -p $port -T -o "UserKnownHostsFile $testknownhosts" $matchuser@$server randomcommand + $o = ssh -p $port -T $matchuser@$server randomcommand # Match block's ForceCommand returns output of "whoami & set SSH_ORIGINAL_COMMAND" $o[0].Contains($matchuser) | Should Be $true $o[1].Contains("randomcommand") | Should Be $true - Stop-SSHDTestDaemon + Stop-SSHDTestDaemon -Port $port Remove-UserFromLocalGroup -UserName $matchuser -GroupName $allowGroup1 } } diff --git a/regress/pesterTests/SSHD_Config b/regress/pesterTests/data/SSHD_Config similarity index 91% rename from regress/pesterTests/SSHD_Config rename to regress/pesterTests/data/SSHD_Config index bd03fb079..101202fab 100644 --- a/regress/pesterTests/SSHD_Config +++ b/regress/pesterTests/data/SSHD_Config @@ -21,10 +21,10 @@ Port 47002 # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 -HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_rsa -HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_dsa -HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_ecdsa -HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_ed25519 +HostKey ___TEST_SERVICE_CONFIG_DIR___\sshtest_hostkey_rsa +HostKey ___TEST_SERVICE_CONFIG_DIR___\sshtest_hostkey_dsa +HostKey ___TEST_SERVICE_CONFIG_DIR___\sshtest_hostkey_ecdsa +HostKey ___TEST_SERVICE_CONFIG_DIR___\sshtest_hostkey_ed25519 # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h @@ -126,4 +126,4 @@ PubkeyAcceptedKeyTypes ssh-ed25519* #AllowUsers allowuser1 allowu*r2 allow?se?3 allowuser4 localuser1 localu*r2 loc?lu?er3 localadmin #DenyGroups denygroup1 denygr*p2 deny?rou?3 #AllowGroups allowgroup1 allowg*2 allowg?ou?3 Adm* -TrustedUserCAKeys __PROGRAMDATA__\ssh\sshtest_ca_userkeys.pub +TrustedUserCAKeys ___TEST_SERVICE_CONFIG_DIR___\sshtest_ca_userkeys.pub diff --git a/regress/pesterTests/known_hosts b/regress/pesterTests/data/known_hosts similarity index 89% rename from regress/pesterTests/known_hosts rename to regress/pesterTests/data/known_hosts index 2fc8989df..5ff138c9a 100644 --- a/regress/pesterTests/known_hosts +++ b/regress/pesterTests/data/known_hosts @@ -1,4 +1,9 @@ + +###OpenSSHE2ETests [localhost]:47002 ssh-dss AAAAB3NzaC1kc3MAAACBAIyVGPwSzaCedtroufmFrwXGVPzYUMHPePvlduORG2+1VmLkP2Yw+U6MHRnaDyDriCulhnmwIueGxhH+t0HKbGK0j7XpGnwgmFOBIg5gJwQTDJ+gX+qC2ju55WB0Gkkwl+xktnAFSqmj8ttSzUBhh1ksh5A6oW+NKjwEVH8tQExFAAAAFQC0YldxCDQbTuDO04EVgA0OMpDIvwAAAIBXWRzpoyQWNoB18DGbY9zupGhfwuKGmnlj2mY0aYxY3qu1+9ciQOBrwYJlf4dEJbirwp2XmKzHZ6LFrkLQptVcD1wDkG/a/wMRvh+tbxlq45S3Eh0oNj1cobhUlFm9m5PM2HW1LccbOAEBUG/L4Vcj1Ag4n639H0fwDRL+rwOpjgAAAIBh/fSBidBGsQITgg45wwDszk7AAhngNm+jbiea8dbgYP6wpT6dJdg3pYwKT0V/PdXTSDi16kkoMkbUsMZyxyFJf/TtmCtBnon55yL9+H5dtcOBF8BXR7KzQX1E1n0eIL9jZ0Q4BspkB4LKQXhxRnrNJlv/oopxXua/GCMW17xxuA== sshtest_hostkey_dsa [localhost]:47002 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHF2eWwgnaUSLNNN0ilxiT916uMa6lusMB31AxfkDGArh4xCWL0e3F/gRifRephM0cD2dSh8Ji6VnjkhvZptjEw= sshtest_hostkey_ecdsa [localhost]:47002 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtJMxwn+iJU0X4+EC7PSj/cfcMbdP6ahhodtXx+6RHv sshtest_hostkey_ed25519 [localhost]:47002 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDU+NcQ5NuRutQJoZVjDmP/vE6IYZOaE59FTUjaoZkuPl4prdOPgqAnCwSy9XtnfzPm/oe62SyYIHgj8wRzhqjMU8g8aGqfv9ryF+hpNXZrFYXIdkdxnubzfb4e70RRRoTH8P5vuY8sAn0FIRlV/3EDkSKBFy2W3InMTO6l8gbkzzkgbn1GLvH06QJVdb2PcHksSn7dJBVHWASYi3TJWWu4muI+ZNfothujxAHqjKTJuJ9apDZIc0tnkPmlifRmolSUS4OAH2KWZ+5Gwaj7gsB8bk4QuA+QCT60OCcuzCcy4FBuXvvXkM9MBe/P2KZjVLAn86SriRtoE4RI+9R9S7DV sshtest_hostkey_rsa +[localhost]:47003 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtJMxwn+iJU0X4+EC7PSj/cfcMbdP6ahhodtXx+6RHv sshtest_hostkey_ed25519 +###OpenSSHE2ETests + diff --git a/regress/pesterTests/ssh_config b/regress/pesterTests/data/ssh_config similarity index 64% rename from regress/pesterTests/ssh_config rename to regress/pesterTests/data/ssh_config index 2b2347cdd..c95dcbfb8 100644 --- a/regress/pesterTests/ssh_config +++ b/regress/pesterTests/data/ssh_config @@ -1,5 +1,9 @@ -# host alias for OpenSSH E2E tests + +###OpenSSHE2ETests Host test_target HostName localhost Port 47002 User sshtest_ssouser +###OpenSSHE2ETests + + diff --git a/regress/pesterTests/sshtest_ca_userkeys b/regress/pesterTests/data/sshtest_ca_userkeys similarity index 100% rename from regress/pesterTests/sshtest_ca_userkeys rename to regress/pesterTests/data/sshtest_ca_userkeys diff --git a/regress/pesterTests/sshtest_ca_userkeys.pub b/regress/pesterTests/data/sshtest_ca_userkeys.pub similarity index 100% rename from regress/pesterTests/sshtest_ca_userkeys.pub rename to regress/pesterTests/data/sshtest_ca_userkeys.pub diff --git a/regress/pesterTests/sshtest_hostkey_dsa b/regress/pesterTests/data/sshtest_hostkey_dsa similarity index 100% rename from regress/pesterTests/sshtest_hostkey_dsa rename to regress/pesterTests/data/sshtest_hostkey_dsa diff --git a/regress/pesterTests/sshtest_hostkey_dsa.pub b/regress/pesterTests/data/sshtest_hostkey_dsa.pub similarity index 100% rename from regress/pesterTests/sshtest_hostkey_dsa.pub rename to regress/pesterTests/data/sshtest_hostkey_dsa.pub diff --git a/regress/pesterTests/sshtest_hostkey_ecdsa b/regress/pesterTests/data/sshtest_hostkey_ecdsa similarity index 100% rename from regress/pesterTests/sshtest_hostkey_ecdsa rename to regress/pesterTests/data/sshtest_hostkey_ecdsa diff --git a/regress/pesterTests/sshtest_hostkey_ecdsa.pub b/regress/pesterTests/data/sshtest_hostkey_ecdsa.pub similarity index 100% rename from regress/pesterTests/sshtest_hostkey_ecdsa.pub rename to regress/pesterTests/data/sshtest_hostkey_ecdsa.pub diff --git a/regress/pesterTests/sshtest_hostkey_ed25519 b/regress/pesterTests/data/sshtest_hostkey_ed25519 similarity index 100% rename from regress/pesterTests/sshtest_hostkey_ed25519 rename to regress/pesterTests/data/sshtest_hostkey_ed25519 diff --git a/regress/pesterTests/sshtest_hostkey_ed25519.pub b/regress/pesterTests/data/sshtest_hostkey_ed25519.pub similarity index 100% rename from regress/pesterTests/sshtest_hostkey_ed25519.pub rename to regress/pesterTests/data/sshtest_hostkey_ed25519.pub diff --git a/regress/pesterTests/sshtest_hostkey_rsa b/regress/pesterTests/data/sshtest_hostkey_rsa similarity index 100% rename from regress/pesterTests/sshtest_hostkey_rsa rename to regress/pesterTests/data/sshtest_hostkey_rsa diff --git a/regress/pesterTests/sshtest_hostkey_rsa.pub b/regress/pesterTests/data/sshtest_hostkey_rsa.pub similarity index 100% rename from regress/pesterTests/sshtest_hostkey_rsa.pub rename to regress/pesterTests/data/sshtest_hostkey_rsa.pub diff --git a/regress/pesterTests/sshtest_userssokey_ed25519 b/regress/pesterTests/data/sshtest_userssokey_ed25519 similarity index 100% rename from regress/pesterTests/sshtest_userssokey_ed25519 rename to regress/pesterTests/data/sshtest_userssokey_ed25519 diff --git a/regress/pesterTests/sshtest_userssokey_ed25519.pub b/regress/pesterTests/data/sshtest_userssokey_ed25519.pub similarity index 100% rename from regress/pesterTests/sshtest_userssokey_ed25519.pub rename to regress/pesterTests/data/sshtest_userssokey_ed25519.pub diff --git a/regress/pesterTests/testdata/SSHD_Config b/regress/pesterTests/testdata/SSHD_Config deleted file mode 100644 index 089ce7d4e..000000000 --- a/regress/pesterTests/testdata/SSHD_Config +++ /dev/null @@ -1,121 +0,0 @@ -# test usage of sshd_config - -Port 47003 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -# The default requires explicit activation of protocol 1 -#Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 -HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_rsa -HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_dsa -HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_ecdsa -HostKey __PROGRAMDATA__\ssh\sshtest_hostkey_ed25519 - -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - -# Logging -# obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH -LogLevel DEBUG3 - -# Authentication: - -#LoginGraceTime 2m -#PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#RSAAuthentication yes -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -#UsePAM no - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PrintMotd yes -#PrintLastLog yes -#TCPKeepAlive yes -#UseLogin no -#UsePrivilegeSeparation yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS yes -#PidFile /var/run/sshd.pid -#MaxStartups 10 -#PermitTunnel no -#ChrootDirectory none - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp sftp-server.exe -l DEBUG3 - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# ForceCommand cvs server -PubkeyAcceptedKeyTypes ssh-ed25519* - -DenyUsers denyuser1 deny*2 denyuse?3, -AllowUsers allowuser1 allowu*r2 allow?se?3 allowuser4 localuser1 localu*r2 loc?lu?er3 localadmin matchuser -DenyGroups denygroup1 denygr*p2 deny?rou?3 -AllowGroups allowgroup1 allowg*2 allowg?ou?3 Adm* - -Match User matchuser - ForceCommand cmd.exe /c "whoami & set SSH_ORIGINAL_COMMAND" diff --git a/regress/pesterTests/testdata/ssh_config b/regress/pesterTests/testdata/ssh_config deleted file mode 100644 index 4c499e423..000000000 --- a/regress/pesterTests/testdata/ssh_config +++ /dev/null @@ -1,4 +0,0 @@ -# test usage of ssh_config - -PubkeyAcceptedKeyTypes ssh-ed25519* - diff --git a/regress/pesterTests/testdata/sshtest_userPermTestkey_ed25519 b/regress/pesterTests/testdata/sshtest_userPermTestkey_ed25519 deleted file mode 100644 index 0b15bf991..000000000 --- a/regress/pesterTests/testdata/sshtest_userPermTestkey_ed25519 +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW -QyNTUxOQAAACAN1tdRDiL3ZAZMPT3c3/3Gg/XbWPK3M0gAZPhIFHivHgAAALBPa9N1T2vT -dQAAAAtzc2gtZWQyNTUxOQAAACAN1tdRDiL3ZAZMPT3c3/3Gg/XbWPK3M0gAZPhIFHivHg -AAAEAkxz77KuyYDchGmc6owF2ykq2rMzRqqQaEpJgyTrsLVA3W11EOIvdkBkw9Pdzf/caD -9dtY8rczSABk+EgUeK8eAAAAJm5ld2xvZ2luQFlBTkJJTkdXMksxMlIyQFlhbmJpbmd3Mm -sxMnIyAQIDBAUGBw== ------END OPENSSH PRIVATE KEY----- diff --git a/regress/pesterTests/testdata/sshtest_userPermTestkey_ed25519.pub b/regress/pesterTests/testdata/sshtest_userPermTestkey_ed25519.pub deleted file mode 100644 index 9e5377d5f..000000000 --- a/regress/pesterTests/testdata/sshtest_userPermTestkey_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3W11EOIvdkBkw9Pdzf/caD9dtY8rczSABk+EgUeK8e newlogin@YANBINGW2K12R2@Yanbingw2k12r2 diff --git a/regress/pesterTests/testdata/test_known_hosts b/regress/pesterTests/testdata/test_known_hosts deleted file mode 100644 index 7689cdaf2..000000000 --- a/regress/pesterTests/testdata/test_known_hosts +++ /dev/null @@ -1 +0,0 @@ -[localhost]:47003 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtJMxwn+iJU0X4+EC7PSj/cfcMbdP6ahhodtXx+6RHv sshtest_hostkey_ed25519