diff options
author | aszlig <aszlig@redmoonstudios.org> | 2014-06-27 08:34:59 +0200 |
---|---|---|
committer | aszlig <aszlig@redmoonstudios.org> | 2014-06-27 08:52:03 +0200 |
commit | 865787ef3273566fe5b979638e3a0bbf08836595 (patch) | |
tree | bddeb6a85a2d0792c8d109a17162d5fdab20b400 /nixos/tests/openssh.nix | |
parent | 48f2ca07f481e70204f760bff16f5699a309bdfa (diff) |
nixos/tests/openssh: Test configured auth keys.
So far the test only uses an authorized key that is copied over to the target machine instead of being set by the target's configuration. Now, we cover both cases. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'nixos/tests/openssh.nix')
-rw-r--r-- | nixos/tests/openssh.nix | 48 |
1 files changed, 39 insertions, 9 deletions
diff --git a/nixos/tests/openssh.nix b/nixos/tests/openssh.nix index 0b9714c275da3..d4ce95e49f704 100644 --- a/nixos/tests/openssh.nix +++ b/nixos/tests/openssh.nix @@ -1,4 +1,21 @@ -import ./make-test.nix ({ pkgs, ... }: { +import ./make-test.nix ({ pkgs, ... }: + +let + snakeOilPrivateKey = pkgs.writeText "privkey.snakeoil" '' + -----BEGIN EC PRIVATE KEY----- + MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49 + AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN + r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA== + -----END EC PRIVATE KEY----- + ''; + + snakeOilPublicKey = pkgs.lib.concatStrings [ + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA" + "yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa" + "9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= sakeoil" + ]; + +in { nodes = { @@ -9,6 +26,9 @@ import ./make-test.nix ({ pkgs, ... }: { services.openssh.enable = true; security.pam.services.sshd.limits = [ { domain = "*"; item = "memlock"; type = "-"; value = 1024; } ]; + users.extraUsers.root.openssh.authorizedKeys.keys = [ + snakeOilPublicKey + ]; }; client = @@ -23,15 +43,25 @@ import ./make-test.nix ({ pkgs, ... }: { $server->waitForUnit("sshd"); - $server->succeed("mkdir -m 700 /root/.ssh"); - $server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys"); + subtest "manual-authkey", sub { + $server->succeed("mkdir -m 700 /root/.ssh"); + $server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys"); + + $client->succeed("mkdir -m 700 /root/.ssh"); + $client->copyFileFromHost("key", "/root/.ssh/id_dsa"); + $client->succeed("chmod 600 /root/.ssh/id_dsa"); - $client->succeed("mkdir -m 700 /root/.ssh"); - $client->copyFileFromHost("key", "/root/.ssh/id_dsa"); - $client->succeed("chmod 600 /root/.ssh/id_dsa"); + $client->waitForUnit("network.target"); + $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'echo hello world' >&2"); + $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'ulimit -l' | grep 1024"); + }; - $client->waitForUnit("network.target"); - $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'echo hello world' >&2"); - $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'ulimit -l' | grep 1024"); + subtest "configured-authkey", sub { + $client->succeed("cat ${snakeOilPrivateKey} > privkey.snakeoil"); + $client->succeed("chmod 600 privkey.snakeoil"); + $client->succeed("ssh -o UserKnownHostsFile=/dev/null" . + " -o StrictHostKeyChecking=no -i privkey.snakeoil" . + " server true"); + }; ''; }) |