1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
//go:build !integration
// +build !integration
package ssh_test
import (
"fmt"
"io/ioutil"
"os"
"path/filepath"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"gitlab.com/gitlab-org/gitlab-runner/helpers/ssh"
)
func TestStrictHostCheckingWithKnownHostsFile(t *testing.T) {
user, pass := "testuser", "testpass"
s, _ := ssh.NewStubServer(user, pass)
defer s.Stop()
tempDir, err := ioutil.TempDir("", "ssh-stub-server")
require.NoError(t, err)
defer func() {
os.RemoveAll(tempDir)
}()
knownHostsFile := filepath.Join(tempDir, "known-hosts-file")
require.NoError(t, ioutil.WriteFile(
knownHostsFile,
[]byte(fmt.Sprintf("[127.0.0.1]:%s %s\n", s.Port(), ssh.TestSSHKeyPair.PublicKey)),
0644,
))
missingEntryKnownHostsFile := filepath.Join(tempDir, "missing-entry-known-hosts-file")
require.NoError(t, ioutil.WriteFile(
missingEntryKnownHostsFile,
[]byte(knownHostsWithGitlabOnly),
0644,
))
testCases := map[string]struct {
disableHostChecking bool
knownHostsFileLocation string
expectErr bool
}{
"strict host checking with valid known hosts file": {
disableHostChecking: false,
knownHostsFileLocation: knownHostsFile,
expectErr: false,
},
"strict host checking with missing known hosts file": {
disableHostChecking: false,
knownHostsFileLocation: missingEntryKnownHostsFile,
expectErr: true,
},
"no strict host checking with missing known hosts file": {
disableHostChecking: true,
knownHostsFileLocation: missingEntryKnownHostsFile,
expectErr: false,
},
"strict host checking without provided known hosts file": {
disableHostChecking: false,
expectErr: true,
},
}
for tn, tc := range testCases {
t.Run(tn, func(t *testing.T) {
c := s.Client()
c.Config.DisableStrictHostKeyChecking = &tc.disableHostChecking
c.Config.KnownHostsFile = tc.knownHostsFileLocation
err = c.Connect()
defer c.Cleanup()
if tc.expectErr {
assert.Error(t, err, "should not succeed in connecting")
} else {
assert.NoError(t, err, "should succeed in connecting")
}
})
}
}
//nolint:lll
var knownHostsWithGitlabOnly = `gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf`
|
