summary refs log tree commit diff
path: root/nixos/tests/openssh.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/tests/openssh.nix')
-rw-r--r--nixos/tests/openssh.nix49
1 files changed, 40 insertions, 9 deletions
diff --git a/nixos/tests/openssh.nix b/nixos/tests/openssh.nix
index 0b9714c275da..692618c5a84d 100644
--- a/nixos/tests/openssh.nix
+++ b/nixos/tests/openssh.nix
@@ -1,4 +1,22 @@
-import ./make-test.nix ({ pkgs, ... }: {
+import ./make-test.nix ({ pkgs, ... }:
+
+let
+  snakeOilPrivateKey = pkgs.writeText "privkey.snakeoil" ''
+    -----BEGIN EC PRIVATE KEY-----
+    MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49
+    AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN
+    r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA==
+    -----END EC PRIVATE KEY-----
+  '';
+
+  snakeOilPublicKey = pkgs.lib.concatStrings [
+    "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA"
+    "yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa"
+    "9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= sakeoil"
+  ];
+
+in {
+  name = "openssh";
 
   nodes = {
 
@@ -9,6 +27,9 @@ import ./make-test.nix ({ pkgs, ... }: {
         services.openssh.enable = true;
         security.pam.services.sshd.limits =
           [ { domain = "*"; item = "memlock"; type = "-"; value = 1024; } ];
+        users.extraUsers.root.openssh.authorizedKeys.keys = [
+          snakeOilPublicKey
+        ];
       };
 
     client =
@@ -23,15 +44,25 @@ import ./make-test.nix ({ pkgs, ... }: {
 
     $server->waitForUnit("sshd");
 
-    $server->succeed("mkdir -m 700 /root/.ssh");
-    $server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys");
+    subtest "manual-authkey", sub {
+      $server->succeed("mkdir -m 700 /root/.ssh");
+      $server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys");
+
+      $client->succeed("mkdir -m 700 /root/.ssh");
+      $client->copyFileFromHost("key", "/root/.ssh/id_dsa");
+      $client->succeed("chmod 600 /root/.ssh/id_dsa");
 
-    $client->succeed("mkdir -m 700 /root/.ssh");
-    $client->copyFileFromHost("key", "/root/.ssh/id_dsa");
-    $client->succeed("chmod 600 /root/.ssh/id_dsa");
+      $client->waitForUnit("network.target");
+      $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'echo hello world' >&2");
+      $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'ulimit -l' | grep 1024");
+    };
 
-    $client->waitForUnit("network.target");
-    $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'echo hello world' >&2");
-    $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'ulimit -l' | grep 1024");
+    subtest "configured-authkey", sub {
+      $client->succeed("cat ${snakeOilPrivateKey} > privkey.snakeoil");
+      $client->succeed("chmod 600 privkey.snakeoil");
+      $client->succeed("ssh -o UserKnownHostsFile=/dev/null" .
+                       " -o StrictHostKeyChecking=no -i privkey.snakeoil" .
+                       " server true");
+    };
   '';
 })
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-04 20:59:58 +0000