tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-31 01:35:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

upstream commit

Browse Source 
explicitly test all key types and their certificate
counterparts

refactor a little

OpenBSD-Regress-ID: e9ecd5580821b9ef8b7106919c6980d8e45ca8c4
This commit is contained in:
djm@openbsd.org 2017-12-19 00:49:30 +00:00 committed by Damien Miller
parent f689adb7a3
commit c5a6cbdb79
1 changed files with 93 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
regress/agent.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: agent.sh,v 1.12 2017/04/30 23:34:55 djm Exp $ # $OpenBSD: agent.sh,v 1.13 2017/12/19 00:49:30 djm Exp $
# Placed in the Public Domain. # Placed in the Public Domain.
tid="simple agent test" tid="simple agent test"
@ -12,19 +12,30 @@ trace "start agent"
eval `${SSHAGENT} -s` > /dev/null eval `${SSHAGENT} -s` > /dev/null
r=$? r=$?
if [ $r -ne 0 ]; then if [ $r -ne 0 ]; then
fail "could not start ssh-agent: exit code $r" fatal "could not start ssh-agent: exit code $r"
else fi
${SSHADD} -l > /dev/null 2>&1 ${SSHADD} -l > /dev/null 2>&1
if [ $? -ne 1 ]; then if [ $? -ne 1 ]; then
fail "ssh-add -l did not fail with exit code 1" fail "ssh-add -l did not fail with exit code 1"
fi fi
rm -f $OBJ/user_ca_key $OBJ/user_ca_key.pub
${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key \
|| fatal "ssh-keygen failed"
trace "overwrite authorized keys" trace "overwrite authorized keys"
printf '' > $OBJ/authorized_keys_$USER printf '' > $OBJ/authorized_keys_$USER
for t in ${SSH_KEYTYPES}; do for t in ${SSH_KEYTYPES}; do
# generate user key for agent # generate user key for agent
rm -f $OBJ/$t-agent rm -f $OBJ/$t-agent $OBJ/$t-agent.pub*
${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\ ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\
fail "ssh-keygen for $t-agent failed" fatal "ssh-keygen for $t-agent failed"
# Make a certificate for each too.
${SSHKEYGEN} -qs $OBJ/user_ca_key -I "$t cert" \
-n estragon $OBJ/$t-agent.pub || fatal "ca sign failed"
# add to authorized keys # add to authorized keys
cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER
# add privat key to agent # add privat key to agent
@ -32,7 +43,14 @@ else
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
fail "ssh-add did succeed exit code 0" fail "ssh-add did succeed exit code 0"
fi fi
# Remove private key to ensure that we aren't accidentally using it.
rm -f $OBJ/$t-agent
done done
# Remove explicit identity directives from ssh_proxy
mv $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
grep -vi identityfile $OBJ/ssh_proxy_bak > $OBJ/ssh_proxy
${SSHADD} -l > /dev/null 2>&1 ${SSHADD} -l > /dev/null 2>&1
r=$? r=$?
if [ $r -ne 0 ]; then if [ $r -ne 0 ]; then
@ -52,6 +70,16 @@ else
fail "ssh connect with failed (exit code $r)" fail "ssh connect with failed (exit code $r)"
fi fi
for t in ${SSH_KEYTYPES}; do
trace "connect via agent using $t key"
${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \
somehost exit 52
r=$?
if [ $r -ne 52 ]; then
fail "ssh connect with failed (exit code $r)"
fi
done
trace "agent forwarding" trace "agent forwarding"
${SSH} -A -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 ${SSH} -A -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
r=$? r=$?
@ -65,6 +93,19 @@ else
fail "agent fwd failed (exit code $r)" fail "agent fwd failed (exit code $r)"
fi fi
(printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \
> $OBJ/authorized_keys_$USER
for t in ${SSH_KEYTYPES}; do
trace "connect via agent using $t key"
${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub \
-oCertificateFile=$OBJ/$t-agent-cert.pub \
-oIdentitiesOnly=yes somehost exit 52
r=$?
if [ $r -ne 52 ]; then
fail "ssh connect with failed (exit code $r)"
fi
done
trace "delete all agent keys" trace "delete all agent keys"
${SSHADD} -D > /dev/null 2>&1 ${SSHADD} -D > /dev/null 2>&1
r=$? r=$?
@ -74,4 +115,3 @@ else
trace "kill agent" trace "kill agent"
${SSHAGENT} -k > /dev/null ${SSHAGENT} -k > /dev/null
fi