nixos/tests/tmate-ssh-server.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

import ./make-test-python.nix ({ pkgs, lib, ... }:
let
  inherit (import ./ssh-keys.nix pkgs)
    snakeOilPrivateKey snakeOilPublicKey;

  setUpPrivateKey = name: ''
    ${name}.succeed(
        "mkdir -p /root/.ssh",
        "chown 700 /root/.ssh",
        "cat '${snakeOilPrivateKey}' > /root/.ssh/id_snakeoil",
        "chown 600 /root/.ssh/id_snakeoil",
    )
    ${name}.wait_for_file("/root/.ssh/id_snakeoil")
  '';

  sshOpts = "-oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oIdentityFile=/root/.ssh/id_snakeoil";

in
{
  name = "tmate-ssh-server";
  nodes =
    {
      server = { ... }: {
        services.tmate-ssh-server = {
          enable = true;
          port = 2223;
        };
      };
      client = { ... }: {
        environment.systemPackages = [ pkgs.tmate ];
        services.openssh.enable = true;
        users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ];
      };
      client2 = { ... }: {
        environment.systemPackages = [ pkgs.openssh ];
      };
    };
  testScript = ''
    start_all()

    server.wait_for_unit("tmate-ssh-server.service")
    server.wait_for_open_port(2223)
    server.wait_for_file("/etc/tmate-ssh-server-keys/ssh_host_ed25519_key.pub")
    server.wait_for_file("/etc/tmate-ssh-server-keys/ssh_host_rsa_key.pub")
    server.succeed("tmate-client-config > /tmp/tmate.conf")
    server.wait_for_file("/tmp/tmate.conf")

    ${setUpPrivateKey "server"}
    client.wait_for_unit("sshd.service")
    client.wait_for_open_port(22)
    server.succeed("scp ${sshOpts} /tmp/tmate.conf client:/tmp/tmate.conf")

    client.wait_for_file("/tmp/tmate.conf")
    client.send_chars("root\n")
    client.sleep(2)
    client.send_chars("tmate -f /tmp/tmate.conf\n")
    client.sleep(2)
    client.send_chars("q")
    client.sleep(2)
    client.send_chars("tmate display -p '#{tmate_ssh}' > /tmp/ssh_command\n")
    client.wait_for_file("/tmp/ssh_command")
    ssh_cmd = client.succeed("cat /tmp/ssh_command")

    client2.succeed("mkdir -p ~/.ssh; ssh-keyscan -p 2223 server > ~/.ssh/known_hosts")
    client2.send_chars("root\n")
    client2.sleep(2)
    client2.send_chars(ssh_cmd.strip() + "\n")
    client2.sleep(2)
    client2.send_chars("touch /tmp/client_2\n")

    client.wait_for_file("/tmp/client_2")
  '';
})