1 (* Module: Test_sshd *)
4 let accept_env = "Protocol 2
5 AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
6 AcceptEnv LC_IDENTIFICATION LC_ALL\n"
8 test Sshd.lns get accept_env =
13 { "3" = "LC_ADDRESS" }
14 { "4" = "LC_TELEPHONE" }
15 { "5" = "LC_MEASUREMENT" } }
17 { "6" = "LC_IDENTIFICATION" }
21 test Sshd.lns get "HostKey /etc/ssh/ssh_host_rsa_key
22 HostKey /etc/ssh/ssh_host_dsa_key\n" =
23 { "HostKey" = "/etc/ssh/ssh_host_rsa_key" }
24 { "HostKey" = "/etc/ssh/ssh_host_dsa_key" }
27 test Sshd.lns put accept_env after
31 set "X11Forwarding" "yes"
32 = "Protocol 1.5\nX11Forwarding yes\n"
34 test Sshd.lns get "AuthorizedKeysFile %h/.ssh/authorized_keys\n" =
35 { "AuthorizedKeysFile" = "%h/.ssh/authorized_keys" }
37 test Sshd.lns get "Subsystem sftp /usr/lib/openssh/sftp-server\n" =
39 { "sftp" = "/usr/lib/openssh/sftp-server" } }
41 test Sshd.lns get "Subsystem sftp-test /usr/lib/openssh/sftp-server\n" =
43 { "sftp-test" = "/usr/lib/openssh/sftp-server" } }
47 let match_blocks = "X11Forwarding yes
48 Match User sarko Group pres.*
49 Banner /etc/bienvenue.txt
51 Match User bush Group pres.* Host white.house.*
52 Banner /etc/welcome.txt
53 Match Group \"Domain users\"
56 test Sshd.lns get match_blocks =
57 { "X11Forwarding" = "yes"}
59 { "Condition" { "User" = "sarko" }
60 { "Group" = "pres.*" } }
61 { "Settings" { "Banner" = "/etc/bienvenue.txt" }
62 { "X11Forwarding" = "no" } } }
64 { "Condition" { "User" = "bush" }
65 { "Group" = "pres.*" }
66 { "Host" = "white.house.*" } }
67 { "Settings" { "Banner" = "/etc/welcome.txt" } } }
69 { "Condition" { "Group" = "Domain users" } }
70 { "Settings" { "X11Forwarding" = "yes" } } }
72 test Sshd.lns put match_blocks after
73 insb "Subsystem" "/Match[1]";
74 set "/Subsystem/sftp" "/usr/libexec/openssh/sftp-server"
76 Subsystem sftp /usr/libexec/openssh/sftp-server
77 Match User sarko Group pres.*
78 Banner /etc/bienvenue.txt
80 Match User bush Group pres.* Host white.house.*
81 Banner /etc/welcome.txt
82 Match Group \"Domain users\"
86 Indent when adding to a Match group *)
87 test Sshd.lns put match_blocks after
88 set "Match[1]/Settings/PermitRootLogin" "yes";
89 set "Match[1]/Settings/#comment" "a comment" =
91 Match User sarko Group pres.*
92 Banner /etc/bienvenue.txt
96 Match User bush Group pres.* Host white.house.*
97 Banner /etc/welcome.txt
98 Match Group \"Domain users\"
103 Parse Ciphers, KexAlgorithms, HostKeyAlgorithms as lists (GH issue #69)
104 Parse GSSAPIKexAlgorithms, PubkeyAcceptedKeyTypes, CASignatureAlgorithms as lists (GH PR #721)
105 Parse PubkeyAcceptedAlgorithms as a list (GH issue #804) *)
106 test Sshd.lns get "Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
107 KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
108 HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
109 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-
110 PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384
111 PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384
112 CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521\n" =
114 { "1" = "aes256-gcm@openssh.com" }
115 { "2" = "aes128-gcm@openssh.com" }
116 { "3" = "aes256-ctr" }
117 { "4" = "aes128-ctr" }
120 { "1" = "diffie-hellman-group-exchange-sha256" }
121 { "2" = "diffie-hellman-group14-sha1" }
122 { "3" = "diffie-hellman-group-exchange-sha1" }
124 { "HostKeyAlgorithms"
125 { "1" = "ssh-ed25519-cert-v01@openssh.com" }
126 { "2" = "ssh-rsa-cert-v01@openssh.com" }
127 { "3" = "ssh-ed25519" }
130 { "GSSAPIKexAlgorithms"
131 { "1" = "gss-curve25519-sha256-" }
132 { "2" = "gss-nistp256-sha256-" }
133 { "3" = "gss-group14-sha256-" }
135 { "PubkeyAcceptedKeyTypes"
136 { "1" = "ecdsa-sha2-nistp256" }
137 { "2" = "ecdsa-sha2-nistp256-cert-v01@openssh.com" }
138 { "3" = "ecdsa-sha2-nistp384" }
140 { "PubkeyAcceptedAlgorithms"
141 { "1" = "ecdsa-sha2-nistp256" }
142 { "2" = "ecdsa-sha2-nistp256-cert-v01@openssh.com" }
143 { "3" = "ecdsa-sha2-nistp384" }
145 { "CASignatureAlgorithms"
146 { "1" = "ecdsa-sha2-nistp256" }
147 { "2" = "ecdsa-sha2-nistp384" }
148 { "3" = "ecdsa-sha2-nistp521" }
152 Keys are case-insensitive *)
153 test Sshd.lns get "ciPheRs aes256-gcm@openssh.com,aes128-ctr
155 x11forwarding no\n" =
157 { "1" = "aes256-gcm@openssh.com" }
158 { "2" = "aes128-ctr" }
165 { "x11forwarding" = "no" }
170 Allow AllowGroups in Match groups (GH issue #75) *)
171 test Sshd.lns get "Match User foo
172 AllowGroups users\n" =
173 { "Match" { "Condition" { "User" = "foo" } }
174 { "Settings" { "AllowGroups" { "1" = "users" } } } }
177 Recognize quoted group names with spaces in AllowGroups and similar
179 test Sshd.lns get "Match User foo
180 AllowGroups math-domain-users \"access admins\"\n" =
181 { "Match" { "Condition" { "User" = "foo" } }
184 { "1" = "math-domain-users" }
185 { "2" = "access admins" } } } }
187 test Sshd.lns put "Match User foo\nAllowGroups users\n" after
188 set "/Match/Settings/AllowGroups/1" "all people" =
189 "Match User foo\nAllowGroups \"all people\"\n"
191 test Sshd.lns put "Match User foo\nAllowGroups users\n" after
192 set "/Match/Settings/AllowGroups/01" "all people" =
193 "Match User foo\nAllowGroups users \"all people\"\n"
195 test Sshd.lns put "Match User foo\nAllowGroups users\n" after
196 set "/Match/Settings/AllowGroups/01" "people" =
197 "Match User foo\nAllowGroups users people\n"
199 (* Local Variables: *)