diff options
author | Maximilian Bosch <maximilian@mbosch.me> | 2024-01-03 19:36:51 +0100 |
---|---|---|
committer | Maximilian Bosch <maximilian@mbosch.me> | 2024-01-03 19:42:45 +0100 |
commit | 7e45990c06adc32b7aaf196b36b20001c5f8ce42 (patch) | |
tree | 6196efb8d84cd1722f33ea050134fbcf02b7a8f2 /nixos/tests/openssh.nix | |
parent | cb274aea01fed6dc9a6f78b3c927f4e6f24c7876 (diff) |
nixos/sshd: fix socket activated ports when using ListenAddress
Noticed that issue while reviewing #275633: when declaring `ListenAddress host` without a port, all ports declared by `Port`/`cfg.ports` will be used with `host` according to `sshd_config(5)`. However, if this is done and socket activation is used, only a socket for port 22 is created instead of a sockets for each port from `Port`/`cfg.ports`. This patch corrects that behavior. Also added a regression test for this case.
Diffstat (limited to 'nixos/tests/openssh.nix')
-rw-r--r-- | nixos/tests/openssh.nix | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/nixos/tests/openssh.nix b/nixos/tests/openssh.nix index 799497477993b..8074fd2ed4838 100644 --- a/nixos/tests/openssh.nix +++ b/nixos/tests/openssh.nix @@ -34,6 +34,19 @@ in { ]; }; + server-lazy-socket = { + virtualisation.vlans = [ 1 2 ]; + services.openssh = { + enable = true; + startWhenNeeded = true; + ports = [ 2222 ]; + listenAddresses = [ { addr = "0.0.0.0"; } ]; + }; + users.users.root.openssh.authorizedKeys.keys = [ + snakeOilPublicKey + ]; + }; + server-localhost-only = { ... }: @@ -96,7 +109,9 @@ in { }; client = - { ... }: { }; + { ... }: { + virtualisation.vlans = [ 1 2 ]; + }; }; @@ -109,6 +124,7 @@ in { server_lazy.wait_for_unit("sshd.socket", timeout=30) server_localhost_only_lazy.wait_for_unit("sshd.socket", timeout=30) + server_lazy_socket.wait_for_unit("sshd.socket", timeout=30) with subtest("manual-authkey"): client.succeed("mkdir -m 700 /root/.ssh") @@ -145,6 +161,16 @@ in { timeout=30 ) + with subtest("socket activation on a non-standard port"): + client.succeed( + "cat ${snakeOilPrivateKey} > privkey.snakeoil" + ) + client.succeed("chmod 600 privkey.snakeoil") + client.succeed( + "ssh -p 2222 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil root@192.168.2.4 true", + timeout=30 + ) + with subtest("configured-authkey"): client.succeed( "cat ${snakeOilPrivateKey} > privkey.snakeoil" |