agent.sh revision 1.16
1# $OpenBSD: agent.sh,v 1.16 2019/11/26 23:43:10 djm Exp $ 2# Placed in the Public Domain. 3 4tid="simple agent test" 5 6SSH_AUTH_SOCK=/nonexistent ${SSHADD} -l > /dev/null 2>&1 7if [ $? -ne 2 ]; then 8 fail "ssh-add -l did not fail with exit code 2" 9fi 10 11trace "start agent, args ${EXTRA_AGENT_ARGS} -s" 12eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null 13r=$? 14if [ $r -ne 0 ]; then 15 fatal "could not start ssh-agent: exit code $r" 16fi 17 18${SSHADD} -l > /dev/null 2>&1 19if [ $? -ne 1 ]; then 20 fail "ssh-add -l did not fail with exit code 1" 21fi 22 23rm -f $OBJ/user_ca_key $OBJ/user_ca_key.pub 24${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key \ 25 || fatal "ssh-keygen failed" 26 27trace "overwrite authorized keys" 28printf '' > $OBJ/authorized_keys_$USER 29 30for t in ${SSH_KEYTYPES}; do 31 # generate user key for agent 32 rm -f $OBJ/$t-agent $OBJ/$t-agent.pub* 33 ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\ 34 fatal "ssh-keygen for $t-agent failed" 35 # Make a certificate for each too. 36 ${SSHKEYGEN} -qs $OBJ/user_ca_key -I "$t cert" \ 37 -n estragon $OBJ/$t-agent.pub || fatal "ca sign failed" 38 39 # add to authorized keys 40 cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER 41 # add privat key to agent 42 ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1 43 if [ $? -ne 0 ]; then 44 fail "ssh-add failed exit code $?" 45 fi 46 # Remove private key to ensure that we aren't accidentally using it. 47 rm -f $OBJ/$t-agent 48done 49 50# Remove explicit identity directives from ssh_proxy 51mv $OBJ/ssh_proxy $OBJ/ssh_proxy_bak 52grep -vi identityfile $OBJ/ssh_proxy_bak > $OBJ/ssh_proxy 53 54${SSHADD} -l > /dev/null 2>&1 55r=$? 56if [ $r -ne 0 ]; then 57 fail "ssh-add -l failed: exit code $r" 58fi 59# the same for full pubkey output 60${SSHADD} -L > /dev/null 2>&1 61r=$? 62if [ $r -ne 0 ]; then 63 fail "ssh-add -L failed: exit code $r" 64fi 65 66trace "simple connect via agent" 67${SSH} -F $OBJ/ssh_proxy somehost exit 52 68r=$? 69if [ $r -ne 52 ]; then 70 fail "ssh connect with failed (exit code $r)" 71fi 72 73for t in ${SSH_KEYTYPES}; do 74 trace "connect via agent using $t key" 75 if [ "$t" = "ssh-dss" ]; then 76 echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/ssh_proxy 77 echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/sshd_proxy 78 fi 79 ${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \ 80 somehost exit 52 81 r=$? 82 if [ $r -ne 52 ]; then 83 fail "ssh connect with failed (exit code $r)" 84 fi 85done 86 87trace "agent forwarding" 88${SSH} -A -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 89r=$? 90if [ $r -ne 0 ]; then 91 fail "ssh-add -l via agent fwd failed (exit code $r)" 92fi 93${SSH} -A -F $OBJ/ssh_proxy somehost \ 94 "${SSH} -F $OBJ/ssh_proxy somehost exit 52" 95r=$? 96if [ $r -ne 52 ]; then 97 fail "agent fwd failed (exit code $r)" 98fi 99 100(printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \ 101 > $OBJ/authorized_keys_$USER 102for t in ${SSH_KEYTYPES}; do 103 if [ "$t" != "ssh-dss" ]; then 104 trace "connect via agent using $t key" 105 ${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub \ 106 -oCertificateFile=$OBJ/$t-agent-cert.pub \ 107 -oIdentitiesOnly=yes somehost exit 52 108 r=$? 109 if [ $r -ne 52 ]; then 110 fail "ssh connect with failed (exit code $r)" 111 fi 112 fi 113done 114 115trace "delete all agent keys" 116${SSHADD} -D > /dev/null 2>&1 117r=$? 118if [ $r -ne 0 ]; then 119 fail "ssh-add -D failed: exit code $r" 120fi 121 122trace "kill agent" 123${SSHAGENT} -k > /dev/null 124