diff options
| author | aszlig <aszlig@redmoonstudios.org> | 2014-06-27 08:34:59 +0200 |
|---|---|---|
| committer | aszlig <aszlig@redmoonstudios.org> | 2014-06-27 08:52:03 +0200 |
| commit | 865787ef3273566fe5b979638e3a0bbf08836595 (patch) | |
| tree | bddeb6a85a2d0792c8d109a17162d5fdab20b400 /nixos/tests/openssh.nix | |
| parent | 48f2ca07f481e70204f760bff16f5699a309bdfa (diff) | |
| download | nixlib-865787ef3273566fe5b979638e3a0bbf08836595.tar nixlib-865787ef3273566fe5b979638e3a0bbf08836595.tar.gz nixlib-865787ef3273566fe5b979638e3a0bbf08836595.tar.bz2 nixlib-865787ef3273566fe5b979638e3a0bbf08836595.tar.lz nixlib-865787ef3273566fe5b979638e3a0bbf08836595.tar.xz nixlib-865787ef3273566fe5b979638e3a0bbf08836595.tar.zst nixlib-865787ef3273566fe5b979638e3a0bbf08836595.zip | |
nixos/tests/openssh: Test configured auth keys.
So far the test only uses an authorized key that is copied over to the target machine instead of being set by the target's configuration. Now, we cover both cases. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'nixos/tests/openssh.nix')
| -rw-r--r-- | nixos/tests/openssh.nix | 48 |
1 files changed, 39 insertions, 9 deletions
diff --git a/nixos/tests/openssh.nix b/nixos/tests/openssh.nix index 0b9714c275da..d4ce95e49f70 100644 --- a/nixos/tests/openssh.nix +++ b/nixos/tests/openssh.nix @@ -1,4 +1,21 @@ -import ./make-test.nix ({ pkgs, ... }: { +import ./make-test.nix ({ pkgs, ... }: + +let + snakeOilPrivateKey = pkgs.writeText "privkey.snakeoil" '' + -----BEGIN EC PRIVATE KEY----- + MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49 + AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN + r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA== + -----END EC PRIVATE KEY----- + ''; + + snakeOilPublicKey = pkgs.lib.concatStrings [ + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA" + "yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa" + "9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= sakeoil" + ]; + +in { nodes = { @@ -9,6 +26,9 @@ import ./make-test.nix ({ pkgs, ... }: { services.openssh.enable = true; security.pam.services.sshd.limits = [ { domain = "*"; item = "memlock"; type = "-"; value = 1024; } ]; + users.extraUsers.root.openssh.authorizedKeys.keys = [ + snakeOilPublicKey + ]; }; client = @@ -23,15 +43,25 @@ import ./make-test.nix ({ pkgs, ... }: { $server->waitForUnit("sshd"); - $server->succeed("mkdir -m 700 /root/.ssh"); - $server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys"); + subtest "manual-authkey", sub { + $server->succeed("mkdir -m 700 /root/.ssh"); + $server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys"); + + $client->succeed("mkdir -m 700 /root/.ssh"); + $client->copyFileFromHost("key", "/root/.ssh/id_dsa"); + $client->succeed("chmod 600 /root/.ssh/id_dsa"); - $client->succeed("mkdir -m 700 /root/.ssh"); - $client->copyFileFromHost("key", "/root/.ssh/id_dsa"); - $client->succeed("chmod 600 /root/.ssh/id_dsa"); + $client->waitForUnit("network.target"); + $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'echo hello world' >&2"); + $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'ulimit -l' | grep 1024"); + }; - $client->waitForUnit("network.target"); - $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'echo hello world' >&2"); - $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'ulimit -l' | grep 1024"); + subtest "configured-authkey", sub { + $client->succeed("cat ${snakeOilPrivateKey} > privkey.snakeoil"); + $client->succeed("chmod 600 privkey.snakeoil"); + $client->succeed("ssh -o UserKnownHostsFile=/dev/null" . + " -o StrictHostKeyChecking=no -i privkey.snakeoil" . + " server true"); + }; ''; }) |