Stéphane Lesimple
1d9ae483da
chg: set ECDSA as default egress key algo for new installs
2024-12-24 14:46:36 +01:00
Stéphane Lesimple
545547de6d
chore: tests: no longer run consistency check by default
...
This is slow and almost never catched a bug, so consistency check is
still supported but will not run by default, as it is quite slow,
checking the system between each and every test. The option
--skip-consistency-check is now ignored, and a new option to enable
it has been added: --consistency-check
2024-12-24 14:46:36 +01:00
Stéphane Lesimple
4de9f88fe4
chore: faster tests by removing grant/revoke command dance
...
When restricted commands need to be used during tests,
we now use "account0" which has all these commands granted,
instead of granting/revoking commands every time with no added
value with respect to the tests.
This was previously required for OSes that have a limit to the
number of groups an account can be a member of, but these OSes
have now long been unsupported.
2024-12-24 14:46:36 +01:00
Stéphane Lesimple
ad54cc6aad
chore: speedup tests in 330-selfkeys.sh
2024-12-10 14:21:20 +01:00
Stéphane Lesimple
92bc512050
feat: add assetForgetHostKey
2024-12-10 14:21:20 +01:00
TomRicci
f599793c76
fix: protocol scpdownload scpupload in 395-mfa-scp-sftp-rsync.sh
2024-10-23 11:16:51 +02:00
Stéphane Lesimple
8cafbc854c
fix: allow ssh-as in connect.pl
2024-10-16 13:45:10 +02:00
Stéphane Lesimple
3ee9a5d896
fix: regression introduced by 932e72e
for stealth stdout in ssh
...
Before 932e72e
, plugin-scoped stealthStdout was ignored, which was
fixed by 932e72e
which in turn made ssh ignore the pattern-based egress ssh
stealthStdout option.
This fix ensures stealthStdout is honored for both plugins and egress ssh.
2024-09-25 11:53:51 +02:00
Stéphane Lesimple
accd50eea7
feat: add rsync support to --protocol
2024-09-17 14:44:28 +02:00
Stéphane Lesimple
f4de5957a3
feat: add groupSetServers
2024-08-12 13:42:51 +02:00
Stéphane Lesimple
2e96603300
feat: support wildcards in --user ( fix #461 )
2024-07-02 17:54:28 +02:00
Stéphane Lesimple
77ab1e2336
fix: tests: Ubuntu 24.04 adjustments
2024-07-02 16:08:46 +02:00
Stéphane Lesimple
7487597d61
fix: tests: don't test FIDO2 on unsupported distros
2024-04-10 10:51:01 +02:00
perrze
0b13371165
Adding tests for secure keys feature
2024-04-10 10:51:01 +02:00
Stéphane Lesimple
a1efcec582
feat: replace --wait by a tcp-based connection try
2024-04-09 18:23:17 +02:00
Stéphane Lesimple
4216795895
fix: tests: detect definition errors in modules
2024-04-09 17:26:39 +02:00
Stéphane Lesimple
c53f50ddf9
enh: remove nc dependency
2024-04-09 17:26:39 +02:00
Stéphane Lesimple
496fe94dd3
enh: allow @ as a valid remote user char ( fixes #437 )
2024-03-20 11:53:58 +01:00
Stéphane Lesimple
7423f6ad63
feat: add dnsSupportLevel option for systems with broken DNS ( fixes #397 )
2024-03-20 11:53:00 +01:00
Stéphane Lesimple
d8f9423e8f
fix: scp/sftp: correctly bypass JIT MFA if asked to, when old helpers are used
2024-02-21 15:15:06 +01:00
Stéphane Lesimple
8625b74307
fix: tests for FreeBSD
2024-02-20 17:41:53 +01:00
Stéphane Lesimple
345a1f951f
fix: don't exit with fping host is unreachable
...
As ping can return unknown exit codes for unknown cases,
just never bail out to avoid taking bad decisions,
as we retry each second maximum, there's no DoS risk
2023-12-05 10:02:52 +01:00
Stéphane Lesimple
59b04ab761
tests: add tests for MFA with scp/sftp
2023-11-08 13:21:20 +01:00
Stéphane Lesimple
b48463076f
feat: osh.pl: jit mfa for plugins
2023-11-08 13:21:20 +01:00
Stéphane Lesimple
ac5eb9b636
enh: tests: more mfa tests
2023-11-08 13:21:20 +01:00
Stéphane Lesimple
027521b875
chore: fix FreeBSD GitHub Action
2023-11-07 12:16:49 +01:00
Stéphane Lesimple
d3ece7b9f4
enh: add tests for multiple gpg keys setup
2023-10-27 17:26:23 +02:00
Stéphane Lesimple
213bd28616
fix: scp: adapt wrapper and tests to new scp versions
2023-09-20 16:39:29 +02:00
Stéphane Lesimple
a6a25fd53b
feat: add type8 and type9 password hashes
...
This requires the-bastion-mkhash-helper v1.1.0+
2023-09-19 17:12:48 +02:00
Stéphane Lesimple
5dc50b3e57
feat: add stealth_stderr/stdout ttyrec support, enable it for scp ( #413 )
2023-09-19 15:27:00 +02:00
Stéphane Lesimple
a50224a99d
chore: tests: ensure test modules don't pollute the caller's env
2023-07-28 11:09:36 +02:00
Stéphane Lesimple
cf405badfb
feat: add 2 configurable knobs to (self|account)AddPersonalAccess
...
widest_v4_prefix (maximum allowed prefix to add in a single ACL),
and self_remote_user_only (only allow ACLs where the remote user
is the same than the bastion account name)
2023-06-01 11:52:39 +02:00
Stéphane Lesimple
84687256a8
fix: --force-key wasn't working for groups
...
Fixes #259
2023-04-07 10:44:14 +02:00
Stéphane Lesimple
a0d361b8da
fix: tests: race condition after sshd reload
2023-04-07 10:44:05 +02:00
Stéphane Lesimple
52d44ba993
chore: remove Debian openssh-blacklist logic
...
All Debian versions supporting this are EOL by now.
2023-04-07 10:44:05 +02:00
Stéphane Lesimple
6f13149093
chore: bump OpenSUSE Leap tests from 15.3 to 15.4
2023-04-07 10:44:05 +02:00
Stéphane Lesimple
7a825aeec4
feat: add --all to groupInfo and accountInfo
2023-03-23 14:37:45 +01:00
Stéphane Lesimple
f4abfc1ba8
feat: add sftp support
2023-03-16 13:45:42 +01:00
Stéphane Lesimple
a7c0b5ec23
fix: typo in a func name in an error code path
...
Fixes #372
2023-03-14 13:33:45 +01:00
Cédric Roussel
4d56c32853
fix: invalid suffixed account creation
2023-01-31 12:03:13 +01:00
Stéphane Lesimple
036f921c40
feat: add accountFreeze/accountUnfreeze
2022-12-30 17:53:08 +01:00
Stéphane Lesimple
521836b17b
fix: rare race condition introduced by b7f4909
...
Under some specific conditions, the execute() call could get deadlocked with the program it started,
both waiting for each other to read or write data. This is easier to reproduce with the `scp` plugin,
where the transfer would just stall. Introduce an additional intermediate buffer to avoid this race condition.
2022-11-15 17:34:47 +01:00
Stéphane Lesimple
97b20c7ffe
tests: higher tolerance for TTL tests
2022-09-13 13:21:18 +02:00
Stéphane Lesimple
8c82c3441b
fix: accountInfo wasn't showing TTL account expiration #329
2022-09-09 17:14:25 +02:00
Stéphane Lesimple
73b6a625f5
feat: add support and tests for Ubuntu 22.04 LTS
2022-07-04 11:06:34 +02:00
Stéphane Lesimple
3956dc587b
fix: ttyrec cmdline: don't add --warn-before-* when no --idle-*-timeout is specified
2022-07-01 15:33:44 +02:00
Stéphane Lesimple
46a01a546a
feat: groupModify: add --idle-lock-timeout and --idle-kill-timeout for group-specific timeouts
2022-07-01 15:33:44 +02:00
Stéphane Lesimple
e040afb074
chore: new perltidy rules
2022-07-01 10:21:19 +02:00
Stéphane Lesimple
e71aa7b975
feat: add osh-cleanup-guest-key-access.pl script
...
This script removes system-level access to group keys to old guests
of groups that no longer have any active access to servers of that group.
This only happens when the last access to be removed from them had a TTL.
2022-02-09 14:31:33 +01:00
Stéphane Lesimple
2c2064a484
feat: osh-encrypt-rsync: handle sqlite and user logs along with ttyrec files
2022-02-09 14:31:33 +01:00