[PATCH 1/2] Add test to cover multiple server hostkeys with agent

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



From: Maxime Rey <maximejeanrey@xxxxxxxxx>

This tests the hostkey-prove mechanism in sshd when provided with multiple
host keys managed by the agent
---
 regress/hostkey-agent.sh | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/regress/hostkey-agent.sh b/regress/hostkey-agent.sh
index 222d424bd..3fa80655e 100644
--- a/regress/hostkey-agent.sh
+++ b/regress/hostkey-agent.sh
@@ -82,6 +82,37 @@ for k in $SSH_CERTTYPES ; do
 	fi
 done
 
+# Run sshd with multiple keys handeled by agent
+
+cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
+
+mv $OBJ/ssh_proxy $OBJ/ssh_proxy.orig
+grep -vi 'globalknownhostsfile' $OBJ/ssh_proxy.orig > $OBJ/ssh_proxy
+echo "UpdateHostkeys=yes" >> $OBJ/ssh_proxy
+echo "GlobalKnownHostsFile=none" >> $OBJ/ssh_proxy
+
+read -p "Doing the multiple keys (y/n)? " answer
+for k in $SSH_KEYTYPES ; do
+	verbose "Addkey type $k"
+	echo "Hostkey $OBJ/agent-key.${k}" >> $OBJ/sshd_proxy
+
+	( printf 'localhost-with-alias ' ;
+    cat $OBJ/agent-key.$k.pub) > $OBJ/known_hosts
+done
+
+opts="-oStrictHostKeyChecking=yes -F $OBJ/ssh_proxy"
+SSH_CONNECTION=`${SSH} $opts host 'echo $SSH_CONNECTION'`
+
+if [ $? -ne 0 ]; then
+	fail "Hostkeys-prove error. Unable to proceed"
+fi
+if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then
+	fail "bad SSH_CONNECTION key type $k"
+fi
+
+
+read -p "End (y/n)? " answer
+
 trace "kill agent"
 ${SSHAGENT} -k > /dev/null
 
-- 
2.47.0

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux