nixos/tests/openssh: Test configured auth keys.
So far the test only uses an authorized key that is copied over to the target machine instead of being set by the target's configuration. Now, we cover both cases. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
parent
48f2ca07f4
commit
865787ef32
1 changed files with 39 additions and 9 deletions
|
@ -1,4 +1,21 @@
|
|||
import ./make-test.nix ({ pkgs, ... }: {
|
||||
import ./make-test.nix ({ pkgs, ... }:
|
||||
|
||||
let
|
||||
snakeOilPrivateKey = pkgs.writeText "privkey.snakeoil" ''
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49
|
||||
AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN
|
||||
r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA==
|
||||
-----END EC PRIVATE KEY-----
|
||||
'';
|
||||
|
||||
snakeOilPublicKey = pkgs.lib.concatStrings [
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA"
|
||||
"yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa"
|
||||
"9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= sakeoil"
|
||||
];
|
||||
|
||||
in {
|
||||
|
||||
nodes = {
|
||||
|
||||
|
@ -9,6 +26,9 @@ import ./make-test.nix ({ pkgs, ... }: {
|
|||
services.openssh.enable = true;
|
||||
security.pam.services.sshd.limits =
|
||||
[ { domain = "*"; item = "memlock"; type = "-"; value = 1024; } ];
|
||||
users.extraUsers.root.openssh.authorizedKeys.keys = [
|
||||
snakeOilPublicKey
|
||||
];
|
||||
};
|
||||
|
||||
client =
|
||||
|
@ -23,15 +43,25 @@ import ./make-test.nix ({ pkgs, ... }: {
|
|||
|
||||
$server->waitForUnit("sshd");
|
||||
|
||||
$server->succeed("mkdir -m 700 /root/.ssh");
|
||||
$server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys");
|
||||
subtest "manual-authkey", sub {
|
||||
$server->succeed("mkdir -m 700 /root/.ssh");
|
||||
$server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys");
|
||||
|
||||
$client->succeed("mkdir -m 700 /root/.ssh");
|
||||
$client->copyFileFromHost("key", "/root/.ssh/id_dsa");
|
||||
$client->succeed("chmod 600 /root/.ssh/id_dsa");
|
||||
$client->succeed("mkdir -m 700 /root/.ssh");
|
||||
$client->copyFileFromHost("key", "/root/.ssh/id_dsa");
|
||||
$client->succeed("chmod 600 /root/.ssh/id_dsa");
|
||||
|
||||
$client->waitForUnit("network.target");
|
||||
$client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'echo hello world' >&2");
|
||||
$client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'ulimit -l' | grep 1024");
|
||||
$client->waitForUnit("network.target");
|
||||
$client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'echo hello world' >&2");
|
||||
$client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'ulimit -l' | grep 1024");
|
||||
};
|
||||
|
||||
subtest "configured-authkey", sub {
|
||||
$client->succeed("cat ${snakeOilPrivateKey} > privkey.snakeoil");
|
||||
$client->succeed("chmod 600 privkey.snakeoil");
|
||||
$client->succeed("ssh -o UserKnownHostsFile=/dev/null" .
|
||||
" -o StrictHostKeyChecking=no -i privkey.snakeoil" .
|
||||
" server true");
|
||||
};
|
||||
'';
|
||||
})
|
||||
|
|
Loading…
Reference in a new issue