openbsd/src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2026-04-25 06:35:46 +00:00
Code Issues Projects Releases Wiki Activity

Add special handling of TEST_SSH_HOSTBASED_AUTH=setupandrun.

Browse Source 
This will MODIFY THE CONFIG OF THE SYSTEM IT IS RUNNING ON to enable
hostbased authentication to/from itself and run the hostbased tests.  It
won't undo these changes, so don't do this on a system where this matters.
This commit is contained in:
dtucker
2026-03-23 09:09:36 +00:00
parent 2f8889346b
commit 5c3052f12c
1 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
regress/usr.bin/ssh/hostbased.sh
View File

@@ -1,8 +1,8 @@
# $OpenBSD: hostbased.sh,v 1.5 2025/05/06 06:05:48 djm Exp $
# $OpenBSD: hostbased.sh,v 1.6 2026/03/23 09:09:36 dtucker Exp $
# Placed in the Public Domain.
# This test requires external setup and thus is skipped unless
# TEST_SSH_HOSTBASED_AUTH and SUDO are set to "yes".
# TEST_SSH_HOSTBASED_AUTH and SUDO are set.
# Since ssh-keysign has key paths hard coded, unlike the other tests it
# needs to use the real host keys. It requires:
# - ssh-keysign must be installed and setuid.
@@ -10,12 +10,31 @@
# - the system's own real FQDN the system-wide shosts.equiv.
# - the system's real public key fingerprints must be in global ssh_known_hosts.
#
# Setting TEST_SSH_HOSTBASED_AUTH to the special value "setupandrun" will,
# if run with SUDO, perform this setup and run the test. Note that this will
# modify the global config to enable HostbasedAuthentication and leave it
# enabled, so do not do this on a system that matters.
#
tid="hostbased"
if [ -z "${TEST_SSH_HOSTBASED_AUTH}" ]; then
skip "TEST_SSH_HOSTBASED_AUTH not set."
elif [ -z "${SUDO}" ]; then
skip "SUDO not set"
elif [ "${TEST_SSH_HOSTBASED_AUTH}" = "setupandrun" ]; then
verbose "setting up system for hostbased auth"
knownhosts=`$SSH -G localhost | \
awk '$1=="globalknownhostsfile" {print $2}'`
sshconf=`dirname $knownhosts`
hostname | $SUDO tee $sshconf/shosts.equiv >/dev/null
if ! grep "^EnableSSHKeysign yes" $sshconf/ssh_config >/dev/null; then
echo "EnableSSHKeysign yes" | \
$SUDO tee -a $sshconf/ssh_config >/dev/null
fi
for pubkey in $sshconf/ssh_host*key*.pub; do
echo `hostname` `cat $pubkey` | \
$SUDO tee -a $knownhosts >/dev/null
done
fi
# Enable all supported hostkey algos (but no others)