warpgate/tests/test_ssh_user_auth_pubkey.py

126 lines
3.7 KiB
Python
Raw Permalink Normal View History

2022-08-14 18:36:49 +08:00
from pathlib import Path
from textwrap import dedent
from .conftest import ProcessManager
from .util import wait_port
class Test:
def test_ed25519(
2022-09-02 17:30:27 +08:00
self, processes: ProcessManager, wg_c_ed25519_pubkey: Path, timeout
2022-08-14 18:36:49 +08:00
):
ssh_port = processes.start_ssh_server(
trusted_keys=[wg_c_ed25519_pubkey.read_text()]
)
_, wg_ports = processes.start_wg(
dedent(
f'''\
targets:
- name: ssh
allow_roles: [role]
ssh:
host: localhost
port: {ssh_port}
users:
- username: user
roles: [role]
credentials:
- type: publickey
key: {open('ssh-keys/id_ed25519.pub').read().strip()}
'''
),
)
wait_port(ssh_port)
wait_port(wg_ports['ssh'])
ssh_client = processes.start_ssh_client(
'user:ssh@localhost',
'-p',
str(wg_ports['ssh']),
'-o',
'IdentityFile=ssh-keys/id_ed25519',
'-o',
'PreferredAuthentications=publickey',
2022-08-23 05:30:55 +08:00
# 'sh', '-c', '"ls /bin/sh;sleep 1"',
2022-08-14 18:36:49 +08:00
'ls',
'/bin/sh',
)
2022-09-02 17:30:27 +08:00
assert ssh_client.communicate(timeout=timeout)[0] == b'/bin/sh\n'
2022-08-14 18:36:49 +08:00
assert ssh_client.returncode == 0
ssh_client = processes.start_ssh_client(
'user:ssh@localhost',
'-p',
str(wg_ports['ssh']),
'-o',
'IdentityFile=ssh-keys/id_rsa',
'-o',
'PreferredAuthentications=publickey',
'ls',
'/bin/sh',
)
2022-09-02 17:30:27 +08:00
assert ssh_client.communicate(timeout=timeout)[0] == b''
2022-08-14 18:36:49 +08:00
assert ssh_client.returncode != 0
def test_rsa(
2022-09-02 17:30:27 +08:00
self, processes: ProcessManager, wg_c_ed25519_pubkey: Path, timeout
2022-08-14 18:36:49 +08:00
):
ssh_port = processes.start_ssh_server(
trusted_keys=[wg_c_ed25519_pubkey.read_text()]
)
_, wg_ports = processes.start_wg(
dedent(
f'''\
targets:
- name: ssh
allow_roles: [role]
ssh:
host: localhost
port: {ssh_port}
users:
- username: user
roles: [role]
credentials:
- type: publickey
key: {open('ssh-keys/id_rsa.pub').read().strip()}
'''
),
)
wait_port(ssh_port)
wait_port(wg_ports['ssh'])
ssh_client = processes.start_ssh_client(
'user:ssh@localhost',
2022-08-21 06:55:30 +08:00
'-v',
2022-08-14 18:36:49 +08:00
'-p',
str(wg_ports['ssh']),
'-o',
'IdentityFile=ssh-keys/id_rsa',
'-o',
'PreferredAuthentications=publickey',
2022-08-21 06:55:30 +08:00
'-o', 'PubkeyAcceptedKeyTypes=+ssh-rsa',
2022-08-14 18:36:49 +08:00
'ls',
'/bin/sh',
)
2022-09-02 17:30:27 +08:00
assert ssh_client.communicate(timeout=timeout)[0] == b'/bin/sh\n'
2022-08-14 18:36:49 +08:00
assert ssh_client.returncode == 0
ssh_client = processes.start_ssh_client(
'user:ssh@localhost',
'-p',
str(wg_ports['ssh']),
'-o',
'IdentityFile=ssh-keys/id_ed25519',
'-o',
'PreferredAuthentications=publickey',
2022-08-21 06:55:30 +08:00
'-o', 'PubkeyAcceptedKeyTypes=+ssh-rsa',
2022-08-14 18:36:49 +08:00
'ls',
'/bin/sh',
)
2022-09-02 17:30:27 +08:00
assert ssh_client.communicate(timeout=timeout)[0] == b''
2022-08-14 18:36:49 +08:00
assert ssh_client.returncode != 0