agent.sh revision 1.17
1# $OpenBSD: agent.sh,v 1.17 2019/12/21 02:33:07 djm Exp $ 2# Placed in the Public Domain. 3 4tid="simple agent test" 5 6SSH_AUTH_SOCK=/nonexistent ${SSHADD} -l > /dev/null 2>&1 7if [ $? -ne 2 ]; then 8 fail "ssh-add -l did not fail with exit code 2" 9fi 10 11trace "start agent, args ${EXTRA_AGENT_ARGS} -s" 12eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null 13r=$? 14if [ $r -ne 0 ]; then 15 fatal "could not start ssh-agent: exit code $r" 16fi 17 18eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s | sed 's/SSH_/FW_SSH_/g'` > /dev/null 19r=$? 20if [ $r -ne 0 ]; then 21 fatal "could not start second ssh-agent: exit code $r" 22fi 23 24${SSHADD} -l > /dev/null 2>&1 25if [ $? -ne 1 ]; then 26 fail "ssh-add -l did not fail with exit code 1" 27fi 28 29rm -f $OBJ/user_ca_key $OBJ/user_ca_key.pub 30${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key \ 31 || fatal "ssh-keygen failed" 32 33trace "overwrite authorized keys" 34printf '' > $OBJ/authorized_keys_$USER 35 36for t in ${SSH_KEYTYPES}; do 37 # generate user key for agent 38 rm -f $OBJ/$t-agent $OBJ/$t-agent.pub* 39 ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\ 40 fatal "ssh-keygen for $t-agent failed" 41 # Make a certificate for each too. 42 ${SSHKEYGEN} -qs $OBJ/user_ca_key -I "$t cert" \ 43 -n estragon $OBJ/$t-agent.pub || fatal "ca sign failed" 44 45 # add to authorized keys 46 cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER 47 # add private key to agent 48 ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1 49 if [ $? -ne 0 ]; then 50 fail "ssh-add failed exit code $?" 51 fi 52 # add private key to second agent 53 SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1 54 if [ $? -ne 0 ]; then 55 fail "ssh-add failed exit code $?" 56 fi 57 # Remove private key to ensure that we aren't accidentally using it. 58 rm -f $OBJ/$t-agent 59done 60 61# Remove explicit identity directives from ssh_proxy 62mv $OBJ/ssh_proxy $OBJ/ssh_proxy_bak 63grep -vi identityfile $OBJ/ssh_proxy_bak > $OBJ/ssh_proxy 64 65${SSHADD} -l > /dev/null 2>&1 66r=$? 67if [ $r -ne 0 ]; then 68 fail "ssh-add -l failed: exit code $r" 69fi 70# the same for full pubkey output 71${SSHADD} -L > /dev/null 2>&1 72r=$? 73if [ $r -ne 0 ]; then 74 fail "ssh-add -L failed: exit code $r" 75fi 76 77trace "simple connect via agent" 78${SSH} -F $OBJ/ssh_proxy somehost exit 52 79r=$? 80if [ $r -ne 52 ]; then 81 fail "ssh connect with failed (exit code $r)" 82fi 83 84for t in ${SSH_KEYTYPES}; do 85 trace "connect via agent using $t key" 86 if [ "$t" = "ssh-dss" ]; then 87 echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/ssh_proxy 88 echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/sshd_proxy 89 fi 90 ${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \ 91 somehost exit 52 92 r=$? 93 if [ $r -ne 52 ]; then 94 fail "ssh connect with failed (exit code $r)" 95 fi 96done 97 98trace "agent forwarding" 99${SSH} -A -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 100r=$? 101if [ $r -ne 0 ]; then 102 fail "ssh-add -l via agent fwd failed (exit code $r)" 103fi 104${SSH} "-oForwardAgent=$SSH_AUTH_SOCK" -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 105r=$? 106if [ $r -ne 0 ]; then 107 fail "ssh-add -l via agent path fwd failed (exit code $r)" 108fi 109${SSH} -A -F $OBJ/ssh_proxy somehost \ 110 "${SSH} -F $OBJ/ssh_proxy somehost exit 52" 111r=$? 112if [ $r -ne 52 ]; then 113 fail "agent fwd failed (exit code $r)" 114fi 115 116trace "agent forwarding different agent" 117${SSH} "-oForwardAgent=$FW_SSH_AUTH_SOCK" -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 118r=$? 119if [ $r -ne 0 ]; then 120 fail "ssh-add -l via agent path fwd of different agent failed (exit code $r)" 121fi 122${SSH} '-oForwardAgent=$FW_SSH_AUTH_SOCK' -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 123r=$? 124if [ $r -ne 0 ]; then 125 fail "ssh-add -l via agent path env fwd of different agent failed (exit code $r)" 126fi 127 128# Remove keys from forwarded agent, ssh-add on remote machine should now fail. 129SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} -D > /dev/null 2>&1 130r=$? 131if [ $r -ne 0 ]; then 132 fail "ssh-add -D failed: exit code $r" 133fi 134${SSH} '-oForwardAgent=$FW_SSH_AUTH_SOCK' -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 135r=$? 136if [ $r -ne 1 ]; then 137 fail "ssh-add -l with different agent did not fail with exit code 1 (exit code $r)" 138fi 139 140(printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \ 141 > $OBJ/authorized_keys_$USER 142for t in ${SSH_KEYTYPES}; do 143 if [ "$t" != "ssh-dss" ]; then 144 trace "connect via agent using $t key" 145 ${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub \ 146 -oCertificateFile=$OBJ/$t-agent-cert.pub \ 147 -oIdentitiesOnly=yes somehost exit 52 148 r=$? 149 if [ $r -ne 52 ]; then 150 fail "ssh connect with failed (exit code $r)" 151 fi 152 fi 153done 154 155trace "delete all agent keys" 156${SSHADD} -D > /dev/null 2>&1 157r=$? 158if [ $r -ne 0 ]; then 159 fail "ssh-add -D failed: exit code $r" 160fi 161 162trace "kill agent" 163${SSHAGENT} -k > /dev/null 164SSH_AGENT_PID=$FW_SSH_AGENT_PID ${SSHAGENT} -k > /dev/null 165