File: 05authorizedkeys

package info (click to toggle)
tinyssh 20250501-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 3,388 kB
  • sloc: ansic: 20,245; sh: 1,582; python: 1,449; makefile: 913
file content (105 lines) | stat: -rw-r--r-- 2,812 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
 
#!/bin/sh
# 20181028
# Jan Mojzis
# Public domain.

# change directory to $AUTOPKGTEST_TMP
cd "${AUTOPKGTEST_TMP}"

# we need tools from /usr/sbin
PATH="/usr/sbin:${PATH}"
export PATH

# backup ~/.ssh
rm -rf ~/.ssh.tinysshtest.bk
[ -d ~/.ssh ] && mv ~/.ssh ~/.ssh.tinysshtest.bk
mkdir -p ~/.ssh
chmod 700 ~/.ssh

# run tinysshd on port 10000
rm -rf sshkeydir
tinysshd-makekey -q sshkeydir
tcpserver -HRDl0 127.0.0.1 10000 tinysshd -- sshkeydir 2>tinysshd.log &
tcpserverpid=$!
# Give some extra time for tcpserver to start,
# to avoid flaky test failures on slower testbeds
sleep 1

cleanup() {
  ex=$?
  #kill tcpserver
  kill -TERM "${tcpserverpid}" 1>/dev/null 2>/dev/null || :
  kill -KILL "${tcpserverpid}" 1>/dev/null 2>/dev/null || :
  if [ ${ex} -gt 0 ]; then
    (
      echo "homedir:"
      ls -ld ~ ~/.ssh
      echo "tinysshd.log:"
      cat tinysshd.log
    ) >&2
  fi
  rm -rf ~/.ssh sshkeydir tinysshd.log ssh.log
  [ -d ~/.ssh.tinysshtest.bk ] && mv ~/.ssh.tinysshtest.bk ~/.ssh
  exit "${ex}"
}
trap "cleanup" EXIT TERM INT

# create authorization keys
ssh-keygen -t ed25519 -q -N '' -f ~/.ssh/id_ed25519 || exit 10

# add server key to the known_hosts
ssh-keyscan -t ed25519 -H -p 10000 127.0.0.1 2>/dev/null > ~/.ssh/known_hosts

KEYTYPE=`cut -d ' ' -f1 < ~/.ssh/id_ed25519.pub`
KEY=`cut -d ' ' -f2 < ~/.ssh/id_ed25519.pub`
REST=`cut -d ' ' -f3- < ~/.ssh/id_ed25519.pub`

# Create ~/.ssh/authorized_keys with proper permissions/umask (LP: #2016597)
UMASK=$(umask)
umask 22
# now create malformed lines in authorization_keys
# login MUST FAIL
(
  #extra space before key-type
  echo " ${KEYTYPE} ${KEY} ${REST}"
  #extra space after key-type
  echo "${KEYTYPE}  ${KEY} ${REST}"
  #extra character before key-type
  echo "a${KEYTYPE} ${KEY} ${REST}"
  #extra character after key-type
  echo "${KEYTYPE}a ${KEY} ${REST}"
  #extra character before key
  echo "${KEYTYPE} a${KEY} ${REST}"
  #extra character after key
  echo "${KEYTYPE} ${KEY}a ${REST}"
) > ~/.ssh/authorized_keys
(
  echo "malformed authorization_keys:"
  cat ~/.ssh/authorized_keys
  echo
)

ssh -p 10000 127.0.0.1 'exit 0' >ssh.log 2>&1
exitcode=$?
if [ "${exitcode}" -eq 0 ]; then
  echo "ssh 127.0.0.1:10000 login using malformed authorized_keys succeeded, too bad" >&2
  cat ssh.log
  exit 3
else
  echo "ssh 127.0.0.1:10000 login using malformed authorized_keys failed, this is correct behavior"
fi

# now add correct line to authorized_keys
echo "${KEYTYPE} ${KEY}" >> ~/.ssh/authorized_keys
umask $UMASK  # restore original umask

ssh -p 10000 127.0.0.1 'exit 0'
exitcode=$?
if [ ! "${exitcode}" -eq 0 ]; then
  echo "ssh 127.0.0.1:10000 login using correct authorized_keys failed, too bad" >&2
  exit 4
else
  echo "ssh 127.0.0.1:10000 login using correct authorized_keys succeeded, this is correct behavior"
fi

exit 0