agent.sh revision 1.14 
1#	$OpenBSD: agent.sh,v 1.14 2019/01/28 00:12:36 dtucker Exp $
2#	Placed in the Public Domain.
3
4tid="simple agent test"
5
6SSH_AUTH_SOCK=/nonexistent ${SSHADD} -l > /dev/null 2>&1
7if [ $? -ne 2 ]; then
8	fail "ssh-add -l did not fail with exit code 2"
9fi
10
11trace "start agent"
12eval `${SSHAGENT} -s` > /dev/null
13r=$?
14if [ $r -ne 0 ]; then
15	fatal "could not start ssh-agent: exit code $r"
16fi
17
18${SSHADD} -l > /dev/null 2>&1
19if [ $? -ne 1 ]; then
20	fail "ssh-add -l did not fail with exit code 1"
21fi
22
23rm -f $OBJ/user_ca_key $OBJ/user_ca_key.pub
24${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key \
25	|| fatal "ssh-keygen failed"
26
27trace "overwrite authorized keys"
28printf '' > $OBJ/authorized_keys_$USER
29
30echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/ssh_proxy
31echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/sshd_proxy
32
33for t in ${SSH_KEYTYPES}; do
34	# generate user key for agent
35	rm -f $OBJ/$t-agent $OBJ/$t-agent.pub*
36	${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\
37		 fatal "ssh-keygen for $t-agent failed"
38	# Make a certificate for each too.
39	${SSHKEYGEN} -qs $OBJ/user_ca_key -I "$t cert" \
40		-n estragon $OBJ/$t-agent.pub || fatal "ca sign failed"
41
42	# add to authorized keys
43	cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER
44	# add privat key to agent
45	${SSHADD} $OBJ/$t-agent > /dev/null 2>&1
46	if [ $? -ne 0 ]; then
47		fail "ssh-add did succeed exit code 0"
48	fi
49	# Remove private key to ensure that we aren't accidentally using it.
50	rm -f $OBJ/$t-agent
51done
52
53# Remove explicit identity directives from ssh_proxy
54mv $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
55grep -vi identityfile $OBJ/ssh_proxy_bak > $OBJ/ssh_proxy
56
57${SSHADD} -l > /dev/null 2>&1
58r=$?
59if [ $r -ne 0 ]; then
60	fail "ssh-add -l failed: exit code $r"
61fi
62# the same for full pubkey output
63${SSHADD} -L > /dev/null 2>&1
64r=$?
65if [ $r -ne 0 ]; then
66	fail "ssh-add -L failed: exit code $r"
67fi
68
69trace "simple connect via agent"
70${SSH} -F $OBJ/ssh_proxy somehost exit 52
71r=$?
72if [ $r -ne 52 ]; then
73	fail "ssh connect with failed (exit code $r)"
74fi
75
76for t in ${SSH_KEYTYPES}; do
77	trace "connect via agent using $t key"
78	${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \
79		somehost exit 52
80	r=$?
81	if [ $r -ne 52 ]; then
82		fail "ssh connect with failed (exit code $r)"
83	fi
84done
85
86trace "agent forwarding"
87${SSH} -A -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
88r=$?
89if [ $r -ne 0 ]; then
90	fail "ssh-add -l via agent fwd failed (exit code $r)"
91fi
92${SSH} -A -F $OBJ/ssh_proxy somehost \
93	"${SSH} -F $OBJ/ssh_proxy somehost exit 52"
94r=$?
95if [ $r -ne 52 ]; then
96	fail "agent fwd failed (exit code $r)"
97fi
98
99(printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \
100	> $OBJ/authorized_keys_$USER
101for t in ${SSH_KEYTYPES}; do
102    if [ "$t" != "ssh-dss" ]; then
103	trace "connect via agent using $t key"
104	${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub \
105		-oCertificateFile=$OBJ/$t-agent-cert.pub \
106		-oIdentitiesOnly=yes somehost exit 52
107	r=$?
108	if [ $r -ne 52 ]; then
109		fail "ssh connect with failed (exit code $r)"
110	fi
111    fi
112done
113
114trace "delete all agent keys"
115${SSHADD} -D > /dev/null 2>&1
116r=$?
117if [ $r -ne 0 ]; then
118	fail "ssh-add -D failed: exit code $r"
119fi
120
121trace "kill agent"
122${SSHAGENT} -k > /dev/null
123