diff options
author | Damien Miller <djm@mindrot.org> | 2012-12-03 10:12:13 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2012-12-03 10:12:13 +1100 |
commit | 771c43cee6343f757884030ff92f1156b2ef399f (patch) | |
tree | 89552a23852b3f75aaf31398bf05900504563266 /regress/keys-command.sh | |
parent | 6618e92509bc0362352de1386ee0d70e785a9bb5 (diff) | |
download | openssh-git-771c43cee6343f757884030ff92f1156b2ef399f.tar.gz |
- djm@cvs.openbsd.org 2012/11/22 22:49:30
[regress/Makefile regress/keys-command.sh]
regress for AuthorizedKeysCommand; hints from markus@
Diffstat (limited to 'regress/keys-command.sh')
-rw-r--r-- | regress/keys-command.sh | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/regress/keys-command.sh b/regress/keys-command.sh new file mode 100644 index 00000000..09f4db4b --- /dev/null +++ b/regress/keys-command.sh @@ -0,0 +1,33 @@ +# $OpenBSD: keys-command.sh,v 1.1 2012/11/22 22:49:30 djm Exp $ +# Placed in the Public Domain. + +tid="authorized keys from command" + +if test -z "$SUDO" ; then + echo "skipped (SUDO not set)" + echo "need SUDO to create file in /var/run, test won't work without" + exit 0 +fi + +# Establish a AuthorizedKeysCommand in /var/run where it will have +# acceptable directory permissions. +KEY_COMMAND="/var/run/keycommand_${LOGNAME}" +cat << _EOF | $SUDO sh -c "cat > '$KEY_COMMAND'" +#!/bin/sh +test "x\$1" -ne "x${LOGNAME}" && exit 1 +exec cat "$OBJ/authorized_keys_${LOGNAME}" +_EOF +$SUDO chmod 0755 "$KEY_COMMAND" + +cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak +( + grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak + echo AuthorizedKeysFile none + echo AuthorizedKeysCommand $KEY_COMMAND + echo AuthorizedKeysCommandUser ${LOGNAME} +) > $OBJ/sshd_proxy + +${SSH} -F $OBJ/ssh_proxy somehost true +if [ $? -ne 0 ]; then + fail "connect failed" +fi |