agent.sh revision 1.14
1# $OpenBSD: agent.sh,v 1.14 2019/01/28 00:12:36 dtucker Exp $ 2# Placed in the Public Domain. 3 4tid="simple agent test" 5 6SSH_AUTH_SOCK=/nonexistent ${SSHADD} -l > /dev/null 2>&1 7if [ $? -ne 2 ]; then 8 fail "ssh-add -l did not fail with exit code 2" 9fi 10 11trace "start agent" 12eval `${SSHAGENT} -s` > /dev/null 13r=$? 14if [ $r -ne 0 ]; then 15 fatal "could not start ssh-agent: exit code $r" 16fi 17 18${SSHADD} -l > /dev/null 2>&1 19if [ $? -ne 1 ]; then 20 fail "ssh-add -l did not fail with exit code 1" 21fi 22 23rm -f $OBJ/user_ca_key $OBJ/user_ca_key.pub 24${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key \ 25 || fatal "ssh-keygen failed" 26 27trace "overwrite authorized keys" 28printf '' > $OBJ/authorized_keys_$USER 29 30echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/ssh_proxy 31echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/sshd_proxy 32 33for t in ${SSH_KEYTYPES}; do 34 # generate user key for agent 35 rm -f $OBJ/$t-agent $OBJ/$t-agent.pub* 36 ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\ 37 fatal "ssh-keygen for $t-agent failed" 38 # Make a certificate for each too. 39 ${SSHKEYGEN} -qs $OBJ/user_ca_key -I "$t cert" \ 40 -n estragon $OBJ/$t-agent.pub || fatal "ca sign failed" 41 42 # add to authorized keys 43 cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER 44 # add privat key to agent 45 ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1 46 if [ $? -ne 0 ]; then 47 fail "ssh-add did succeed exit code 0" 48 fi 49 # Remove private key to ensure that we aren't accidentally using it. 50 rm -f $OBJ/$t-agent 51done 52 53# Remove explicit identity directives from ssh_proxy 54mv $OBJ/ssh_proxy $OBJ/ssh_proxy_bak 55grep -vi identityfile $OBJ/ssh_proxy_bak > $OBJ/ssh_proxy 56 57${SSHADD} -l > /dev/null 2>&1 58r=$? 59if [ $r -ne 0 ]; then 60 fail "ssh-add -l failed: exit code $r" 61fi 62# the same for full pubkey output 63${SSHADD} -L > /dev/null 2>&1 64r=$? 65if [ $r -ne 0 ]; then 66 fail "ssh-add -L failed: exit code $r" 67fi 68 69trace "simple connect via agent" 70${SSH} -F $OBJ/ssh_proxy somehost exit 52 71r=$? 72if [ $r -ne 52 ]; then 73 fail "ssh connect with failed (exit code $r)" 74fi 75 76for t in ${SSH_KEYTYPES}; do 77 trace "connect via agent using $t key" 78 ${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \ 79 somehost exit 52 80 r=$? 81 if [ $r -ne 52 ]; then 82 fail "ssh connect with failed (exit code $r)" 83 fi 84done 85 86trace "agent forwarding" 87${SSH} -A -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 88r=$? 89if [ $r -ne 0 ]; then 90 fail "ssh-add -l via agent fwd failed (exit code $r)" 91fi 92${SSH} -A -F $OBJ/ssh_proxy somehost \ 93 "${SSH} -F $OBJ/ssh_proxy somehost exit 52" 94r=$? 95if [ $r -ne 52 ]; then 96 fail "agent fwd failed (exit code $r)" 97fi 98 99(printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \ 100 > $OBJ/authorized_keys_$USER 101for t in ${SSH_KEYTYPES}; do 102 if [ "$t" != "ssh-dss" ]; then 103 trace "connect via agent using $t key" 104 ${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub \ 105 -oCertificateFile=$OBJ/$t-agent-cert.pub \ 106 -oIdentitiesOnly=yes somehost exit 52 107 r=$? 108 if [ $r -ne 52 ]; then 109 fail "ssh connect with failed (exit code $r)" 110 fi 111 fi 112done 113 114trace "delete all agent keys" 115${SSHADD} -D > /dev/null 2>&1 116r=$? 117if [ $r -ne 0 ]; then 118 fail "ssh-add -D failed: exit code $r" 119fi 120 121trace "kill agent" 122${SSHAGENT} -k > /dev/null 123