agent.sh revision 1.16 
1#	$OpenBSD: agent.sh,v 1.16 2019/11/26 23:43:10 djm Exp $
2#	Placed in the Public Domain.
3
4tid="simple agent test"
5
6SSH_AUTH_SOCK=/nonexistent ${SSHADD} -l > /dev/null 2>&1
7if [ $? -ne 2 ]; then
8	fail "ssh-add -l did not fail with exit code 2"
9fi
10
11trace "start agent, args ${EXTRA_AGENT_ARGS} -s"
12eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null
13r=$?
14if [ $r -ne 0 ]; then
15	fatal "could not start ssh-agent: exit code $r"
16fi
17
18${SSHADD} -l > /dev/null 2>&1
19if [ $? -ne 1 ]; then
20	fail "ssh-add -l did not fail with exit code 1"
21fi
22
23rm -f $OBJ/user_ca_key $OBJ/user_ca_key.pub
24${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key \
25	|| fatal "ssh-keygen failed"
26
27trace "overwrite authorized keys"
28printf '' > $OBJ/authorized_keys_$USER
29
30for t in ${SSH_KEYTYPES}; do
31	# generate user key for agent
32	rm -f $OBJ/$t-agent $OBJ/$t-agent.pub*
33	${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\
34		 fatal "ssh-keygen for $t-agent failed"
35	# Make a certificate for each too.
36	${SSHKEYGEN} -qs $OBJ/user_ca_key -I "$t cert" \
37		-n estragon $OBJ/$t-agent.pub || fatal "ca sign failed"
38
39	# add to authorized keys
40	cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER
41	# add privat key to agent
42	${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1
43	if [ $? -ne 0 ]; then
44		fail "ssh-add failed exit code $?"
45	fi
46	# Remove private key to ensure that we aren't accidentally using it.
47	rm -f $OBJ/$t-agent
48done
49
50# Remove explicit identity directives from ssh_proxy
51mv $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
52grep -vi identityfile $OBJ/ssh_proxy_bak > $OBJ/ssh_proxy
53
54${SSHADD} -l > /dev/null 2>&1
55r=$?
56if [ $r -ne 0 ]; then
57	fail "ssh-add -l failed: exit code $r"
58fi
59# the same for full pubkey output
60${SSHADD} -L > /dev/null 2>&1
61r=$?
62if [ $r -ne 0 ]; then
63	fail "ssh-add -L failed: exit code $r"
64fi
65
66trace "simple connect via agent"
67${SSH} -F $OBJ/ssh_proxy somehost exit 52
68r=$?
69if [ $r -ne 52 ]; then
70	fail "ssh connect with failed (exit code $r)"
71fi
72
73for t in ${SSH_KEYTYPES}; do
74	trace "connect via agent using $t key"
75	if [ "$t" = "ssh-dss" ]; then
76		echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/ssh_proxy
77		echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/sshd_proxy
78	fi
79	${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \
80		somehost exit 52
81	r=$?
82	if [ $r -ne 52 ]; then
83		fail "ssh connect with failed (exit code $r)"
84	fi
85done
86
87trace "agent forwarding"
88${SSH} -A -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
89r=$?
90if [ $r -ne 0 ]; then
91	fail "ssh-add -l via agent fwd failed (exit code $r)"
92fi
93${SSH} -A -F $OBJ/ssh_proxy somehost \
94	"${SSH} -F $OBJ/ssh_proxy somehost exit 52"
95r=$?
96if [ $r -ne 52 ]; then
97	fail "agent fwd failed (exit code $r)"
98fi
99
100(printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \
101	> $OBJ/authorized_keys_$USER
102for t in ${SSH_KEYTYPES}; do
103    if [ "$t" != "ssh-dss" ]; then
104	trace "connect via agent using $t key"
105	${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub \
106		-oCertificateFile=$OBJ/$t-agent-cert.pub \
107		-oIdentitiesOnly=yes somehost exit 52
108	r=$?
109	if [ $r -ne 52 ]; then
110		fail "ssh connect with failed (exit code $r)"
111	fi
112    fi
113done
114
115trace "delete all agent keys"
116${SSHADD} -D > /dev/null 2>&1
117r=$?
118if [ $r -ne 0 ]; then
119	fail "ssh-add -D failed: exit code $r"
120fi
121
122trace "kill agent"
123${SSHAGENT} -k > /dev/null
124