nixos/tests/openssh.nix at 18.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / openssh.nix
at 18.09-beta 2.7 kB view raw
 1import ./make-test.nix ({ pkgs, ... }:
 2
 3let inherit (import ./ssh-keys.nix pkgs)
 4      snakeOilPrivateKey snakeOilPublicKey;
 5in {
 6  name = "openssh";
 7  meta = with pkgs.stdenv.lib.maintainers; {
 8    maintainers = [ aszlig eelco chaoflow ];
 9  };
10
11  nodes = {
12
13    server =
14      { ... }:
15
16      {
17        services.openssh.enable = true;
18        security.pam.services.sshd.limits =
19          [ { domain = "*"; item = "memlock"; type = "-"; value = 1024; } ];
20        users.users.root.openssh.authorizedKeys.keys = [
21          snakeOilPublicKey
22        ];
23      };
24
25    server_lazy =
26      { ... }:
27
28      {
29        services.openssh = { enable = true; startWhenNeeded = true; };
30        security.pam.services.sshd.limits =
31          [ { domain = "*"; item = "memlock"; type = "-"; value = 1024; } ];
32        users.users.root.openssh.authorizedKeys.keys = [
33          snakeOilPublicKey
34        ];
35      };
36
37    client =
38      { ... }: { };
39
40  };
41
42  testScript = ''
43    startAll;
44
45    my $key=`${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f key -N ""`;
46
47    $server->waitForUnit("sshd");
48
49    subtest "manual-authkey", sub {
50      $server->succeed("mkdir -m 700 /root/.ssh");
51      $server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys");
52      $server_lazy->succeed("mkdir -m 700 /root/.ssh");
53      $server_lazy->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys");
54
55      $client->succeed("mkdir -m 700 /root/.ssh");
56      $client->copyFileFromHost("key", "/root/.ssh/id_ed25519");
57      $client->succeed("chmod 600 /root/.ssh/id_ed25519");
58
59      $client->waitForUnit("network.target");
60      $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'echo hello world' >&2");
61      $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'ulimit -l' | grep 1024");
62
63      $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server_lazy 'echo hello world' >&2");
64      $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server_lazy 'ulimit -l' | grep 1024");
65
66    };
67
68    subtest "configured-authkey", sub {
69      $client->succeed("cat ${snakeOilPrivateKey} > privkey.snakeoil");
70      $client->succeed("chmod 600 privkey.snakeoil");
71      $client->succeed("ssh -o UserKnownHostsFile=/dev/null" .
72                       " -o StrictHostKeyChecking=no -i privkey.snakeoil" .
73                       " server true");
74
75      $client->succeed("ssh -o UserKnownHostsFile=/dev/null" .
76                       " -o StrictHostKeyChecking=no -i privkey.snakeoil" .
77                       " server_lazy true");
78
79    };
80  '';
81})