- djm@cvs.openbsd.org 2012/11/22 22:49:30
[regress/Makefile regress/keys-command.sh]
regress for AuthorizedKeysCommand; hints from markus@
This commit is contained in:
Damien Miller
parent
6618e92509
commit
771c43cee6
|
|
@ -24,6 +24,9 @@
|
||||||
- djm@cvs.openbsd.org 2012/10/19 05:10:42
|
- djm@cvs.openbsd.org 2012/10/19 05:10:42
|
||||||
[regress/cert-userkey.sh]
|
[regress/cert-userkey.sh]
|
||||||
include a serial number when generating certs
|
include a serial number when generating certs
|
||||||
|
- djm@cvs.openbsd.org 2012/11/22 22:49:30
|
||||||
|
[regress/Makefile regress/keys-command.sh]
|
||||||
|
regress for AuthorizedKeysCommand; hints from markus@
|
||||||
|
|
||||||
20121114
|
20121114
|
||||||
- (djm) OpenBSD CVS Sync
|
- (djm) OpenBSD CVS Sync
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
# $OpenBSD: Makefile,v 1.58 2011/01/06 22:46:21 djm Exp $
|
# $OpenBSD: Makefile,v 1.59 2012/11/22 22:49:30 djm Exp $
|
||||||
|
|
||||||
REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec
|
REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec
|
||||||
tests: $(REGRESS_TARGETS)
|
tests: $(REGRESS_TARGETS)
|
||||||
|
|
@ -57,7 +57,8 @@ LTESTS= connect \
|
||||||
kextype \
|
kextype \
|
||||||
cert-hostkey \
|
cert-hostkey \
|
||||||
cert-userkey \
|
cert-userkey \
|
||||||
host-expand
|
host-expand \
|
||||||
|
keys-command
|
||||||
|
|
||||||
INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
|
INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
|
||||||
#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
|
#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,33 @@
|
||||||
|
# $OpenBSD: keys-command.sh,v 1.1 2012/11/22 22:49:30 djm Exp $
|
||||||
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
|
tid="authorized keys from command"
|
||||||
|
|
||||||
|
if test -z "$SUDO" ; then
|
||||||
|
echo "skipped (SUDO not set)"
|
||||||
|
echo "need SUDO to create file in /var/run, test won't work without"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Establish a AuthorizedKeysCommand in /var/run where it will have
|
||||||
|
# acceptable directory permissions.
|
||||||
|
KEY_COMMAND="/var/run/keycommand_${LOGNAME}"
|
||||||
|
cat << _EOF | $SUDO sh -c "cat > '$KEY_COMMAND'"
|
||||||
|
#!/bin/sh
|
||||||
|
test "x\$1" -ne "x${LOGNAME}" && exit 1
|
||||||
|
exec cat "$OBJ/authorized_keys_${LOGNAME}"
|
||||||
|
_EOF
|
||||||
|
$SUDO chmod 0755 "$KEY_COMMAND"
|
||||||
|
|
||||||
|
cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak
|
||||||
|
(
|
||||||
|
grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak
|
||||||
|
echo AuthorizedKeysFile none
|
||||||
|
echo AuthorizedKeysCommand $KEY_COMMAND
|
||||||
|
echo AuthorizedKeysCommandUser ${LOGNAME}
|
||||||
|
) > $OBJ/sshd_proxy
|
||||||
|
|
||||||
|
${SSH} -F $OBJ/ssh_proxy somehost true
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
fail "connect failed"
|
||||||
|
fi
|
||||||
Loading…
Reference in New Issue