1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
#!/bin/sh
# 20210511
# Jan Mojzis
# Public domain.
# change directory to $AUTOPKGTEST_TMP
cd "${AUTOPKGTEST_TMP}"
# we need tools from /usr/sbin
PATH="/usr/sbin:${PATH}"
export PATH
# backup ~/.ssh
rm -rf ~/.ssh.tinysshtest.bk
[ -d ~/.ssh ] && mv ~/.ssh ~/.ssh.tinysshtest.bk
mkdir -p ~/.ssh
chmod 700 ~/.ssh
# run tinysshd on port 10000
rm -rf sshkeydir
tinysshd-makekey -q sshkeydir
tcpserver -HRDl0 127.0.0.1 10000 tinysshd -v -- sshkeydir 2>tinysshd.log &
tcpserverpid=$!
# Give some extra time for tcpserver to start,
# to avoid flaky test failures on slower testbeds
sleep 1
cleanup() {
ex=$?
echo
echo "tinysshd.log:"
cat tinysshd.log
rm -rf ~/.ssh sshkeydir tinysshd.log ssh.log
[ -d ~/.ssh.tinysshtest.bk ] && mv ~/.ssh.tinysshtest.bk ~/.ssh
#kill tcpserver
kill -TERM "${tcpserverpid}" 1>/dev/null 2>/dev/null || :
kill -KILL "${tcpserverpid}" 1>/dev/null 2>/dev/null || :
exit "${ex}"
}
trap "cleanup" EXIT TERM INT
# create authorization keys
ssh-keygen -t ed25519 -q -N '' -f ~/.ssh/id_ed25519 || exit 10
cp -pr ~/.ssh/id_ed25519.pub ~/.ssh/authorized_keys || exit 11
# add server key to the known_hosts
ssh-keyscan -t ed25519 -H -p 10000 127.0.0.1 2>/dev/null > ~/.ssh/known_hosts
chmod 757 ~/.ssh
if ssh -p 10000 127.0.0.1 true 2>ssh.log; then
echo "tinysshd doesn't reject login when ~/.ssh is other writable, BAD !!!" >&2
else
echo "tinysshd rejects login when ~/.ssh is other writable"
fi
chmod 775 ~/.ssh
if ssh -p 10000 127.0.0.1 true 2>ssh.log; then
echo "tinysshd doesn't reject login when ~/.ssh is group writable, BAD !!!" >&2
else
echo "tinysshd rejects login when ~/.ssh is group writable"
fi
exit 0
|
