dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
865787ef32
nixpkgs/nixos/tests/openssh.nix
aszlig 865787ef32
nixos/tests/openssh: Test configured auth keys. 
So far the test only uses an authorized key that is copied over to the
target machine instead of being set by the target's configuration.

Now, we cover both cases.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-06-27 08:52:03 +02:00

68 lines
2.1 KiB
Nix
Raw Blame History

import ./make-test.nix ({ pkgs, ... }:
let
snakeOilPrivateKey = pkgs.writeText "privkey.snakeoil" ''
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49
AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN
r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA==
-----END EC PRIVATE KEY-----
'';
snakeOilPublicKey = pkgs.lib.concatStrings [
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA"
"yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa"
"9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= sakeoil"
];
in {
nodes = {
server =
{ config, pkgs, ... }:
{
services.openssh.enable = true;
security.pam.services.sshd.limits =
[ { domain = "*"; item = "memlock"; type = "-"; value = 1024; } ];
users.extraUsers.root.openssh.authorizedKeys.keys = [
snakeOilPublicKey
];
};
client =
{ config, pkgs, ... }: { };
};
testScript = ''
startAll;
my $key=`${pkgs.openssh}/bin/ssh-keygen -t dsa -f key -N ""`;
$server->waitForUnit("sshd");
subtest "manual-authkey", sub {
$server->succeed("mkdir -m 700 /root/.ssh");
$server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys");
$client->succeed("mkdir -m 700 /root/.ssh");
$client->copyFileFromHost("key", "/root/.ssh/id_dsa");
$client->succeed("chmod 600 /root/.ssh/id_dsa");
$client->waitForUnit("network.target");
$client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'echo hello world' >&2");
$client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'ulimit -l' | grep 1024");
};
subtest "configured-authkey", sub {
$client->succeed("cat ${snakeOilPrivateKey} > privkey.snakeoil");
$client->succeed("chmod 600 privkey.snakeoil");
$client->succeed("ssh -o UserKnownHostsFile=/dev/null" .
" -o StrictHostKeyChecking=no -i privkey.snakeoil" .
" server true");
};
'';
})
Reference in New Issue View Git Blame Copy Permalink