diff options
author | Tom Fitzhenry <tom@tom-fitzhenry.me.uk> | 2024-04-21 22:51:02 +1000 |
---|---|---|
committer | Tom Fitzhenry <tom@tom-fitzhenry.me.uk> | 2024-04-23 22:40:58 +1000 |
commit | 2e51a2fd03972819ef4e3fb8001a7e286a2469bb (patch) | |
tree | 9e95edaad787cb28b4a538b9833741807585d661 /nixos/tests/openssh.nix | |
parent | 41911ed9d2ce9bc43fa32d796a62697bc62641b9 (diff) |
nixos/ssh: allow UsePAM to be disabled
Diffstat (limited to 'nixos/tests/openssh.nix')
-rw-r--r-- | nixos/tests/openssh.nix | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/nixos/tests/openssh.nix b/nixos/tests/openssh.nix index f71b0a22fe63d..a039986621cab 100644 --- a/nixos/tests/openssh.nix +++ b/nixos/tests/openssh.nix @@ -108,6 +108,23 @@ in { }; }; + server-no-pam = + { pkgs, ... }: + { + programs.ssh.package = pkgs.opensshPackages.openssh.override { + withPAM = false; + }; + services.openssh = { + enable = true; + settings = { + UsePAM = false; + }; + }; + users.users.root.openssh.authorizedKeys.keys = [ + snakeOilPublicKey + ]; + }; + client = { ... }: { virtualisation.vlans = [ 1 2 ]; @@ -122,6 +139,7 @@ in { server_allowed_users.wait_for_unit("sshd", timeout=30) server_localhost_only.wait_for_unit("sshd", timeout=30) server_match_rule.wait_for_unit("sshd", timeout=30) + server_no_pam.wait_for_unit("sshd", timeout=30) server_lazy.wait_for_unit("sshd.socket", timeout=30) server_localhost_only_lazy.wait_for_unit("sshd.socket", timeout=30) @@ -211,5 +229,15 @@ in { "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil carol@server-allowed-users true", timeout=30 ) + + with subtest("no-pam"): + client.succeed( + "cat ${snakeOilPrivateKey} > privkey.snakeoil" + ) + client.succeed("chmod 600 privkey.snakeoil") + client.succeed( + "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil server-no-pam true", + timeout=30 + ) ''; }) |