djm@openbsd.org | c5a6cbd | 2017-12-19 00:49:30 +0000 | [diff] [blame] | 1 | # $OpenBSD: agent.sh,v 1.13 2017/12/19 00:49:30 djm Exp $ |
Damien Miller | 38cd435 | 2002-05-01 13:17:33 +1000 | [diff] [blame] | 2 | # Placed in the Public Domain. |
| 3 | |
| 4 | tid="simple agent test" |
| 5 | |
Damien Miller | d666d8e | 2008-03-12 23:58:55 +1100 | [diff] [blame] | 6 | SSH_AUTH_SOCK=/nonexistent ${SSHADD} -l > /dev/null 2>&1 |
Damien Miller | 38cd435 | 2002-05-01 13:17:33 +1000 | [diff] [blame] | 7 | if [ $? -ne 2 ]; then |
| 8 | fail "ssh-add -l did not fail with exit code 2" |
| 9 | fi |
| 10 | |
| 11 | trace "start agent" |
| 12 | eval `${SSHAGENT} -s` > /dev/null |
| 13 | r=$? |
| 14 | if [ $r -ne 0 ]; then |
djm@openbsd.org | c5a6cbd | 2017-12-19 00:49:30 +0000 | [diff] [blame] | 15 | fatal "could not start ssh-agent: exit code $r" |
| 16 | fi |
Damien Miller | 38cd435 | 2002-05-01 13:17:33 +1000 | [diff] [blame] | 17 | |
djm@openbsd.org | c5a6cbd | 2017-12-19 00:49:30 +0000 | [diff] [blame] | 18 | ${SSHADD} -l > /dev/null 2>&1 |
| 19 | if [ $? -ne 1 ]; then |
| 20 | fail "ssh-add -l did not fail with exit code 1" |
| 21 | fi |
| 22 | |
| 23 | rm -f $OBJ/user_ca_key $OBJ/user_ca_key.pub |
| 24 | ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key \ |
| 25 | || fatal "ssh-keygen failed" |
| 26 | |
| 27 | trace "overwrite authorized keys" |
| 28 | printf '' > $OBJ/authorized_keys_$USER |
| 29 | |
| 30 | for t in ${SSH_KEYTYPES}; do |
| 31 | # generate user key for agent |
| 32 | rm -f $OBJ/$t-agent $OBJ/$t-agent.pub* |
| 33 | ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\ |
| 34 | fatal "ssh-keygen for $t-agent failed" |
| 35 | # Make a certificate for each too. |
| 36 | ${SSHKEYGEN} -qs $OBJ/user_ca_key -I "$t cert" \ |
| 37 | -n estragon $OBJ/$t-agent.pub || fatal "ca sign failed" |
| 38 | |
| 39 | # add to authorized keys |
| 40 | cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER |
| 41 | # add privat key to agent |
| 42 | ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1 |
| 43 | if [ $? -ne 0 ]; then |
| 44 | fail "ssh-add did succeed exit code 0" |
| 45 | fi |
| 46 | # Remove private key to ensure that we aren't accidentally using it. |
| 47 | rm -f $OBJ/$t-agent |
| 48 | done |
| 49 | |
| 50 | # Remove explicit identity directives from ssh_proxy |
| 51 | mv $OBJ/ssh_proxy $OBJ/ssh_proxy_bak |
| 52 | grep -vi identityfile $OBJ/ssh_proxy_bak > $OBJ/ssh_proxy |
| 53 | |
| 54 | ${SSHADD} -l > /dev/null 2>&1 |
| 55 | r=$? |
| 56 | if [ $r -ne 0 ]; then |
| 57 | fail "ssh-add -l failed: exit code $r" |
| 58 | fi |
| 59 | # the same for full pubkey output |
| 60 | ${SSHADD} -L > /dev/null 2>&1 |
| 61 | r=$? |
| 62 | if [ $r -ne 0 ]; then |
| 63 | fail "ssh-add -L failed: exit code $r" |
| 64 | fi |
| 65 | |
| 66 | trace "simple connect via agent" |
| 67 | ${SSH} -F $OBJ/ssh_proxy somehost exit 52 |
| 68 | r=$? |
| 69 | if [ $r -ne 52 ]; then |
| 70 | fail "ssh connect with failed (exit code $r)" |
| 71 | fi |
| 72 | |
| 73 | for t in ${SSH_KEYTYPES}; do |
| 74 | trace "connect via agent using $t key" |
| 75 | ${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \ |
| 76 | somehost exit 52 |
djm@openbsd.org | dd36932 | 2017-04-30 23:34:55 +0000 | [diff] [blame] | 77 | r=$? |
| 78 | if [ $r -ne 52 ]; then |
| 79 | fail "ssh connect with failed (exit code $r)" |
| 80 | fi |
djm@openbsd.org | c5a6cbd | 2017-12-19 00:49:30 +0000 | [diff] [blame] | 81 | done |
Damien Miller | 38cd435 | 2002-05-01 13:17:33 +1000 | [diff] [blame] | 82 | |
djm@openbsd.org | c5a6cbd | 2017-12-19 00:49:30 +0000 | [diff] [blame] | 83 | trace "agent forwarding" |
| 84 | ${SSH} -A -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 |
| 85 | r=$? |
| 86 | if [ $r -ne 0 ]; then |
| 87 | fail "ssh-add -l via agent fwd failed (exit code $r)" |
| 88 | fi |
| 89 | ${SSH} -A -F $OBJ/ssh_proxy somehost \ |
| 90 | "${SSH} -F $OBJ/ssh_proxy somehost exit 52" |
| 91 | r=$? |
| 92 | if [ $r -ne 52 ]; then |
| 93 | fail "agent fwd failed (exit code $r)" |
| 94 | fi |
| 95 | |
| 96 | (printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \ |
| 97 | > $OBJ/authorized_keys_$USER |
| 98 | for t in ${SSH_KEYTYPES}; do |
| 99 | trace "connect via agent using $t key" |
| 100 | ${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub \ |
| 101 | -oCertificateFile=$OBJ/$t-agent-cert.pub \ |
| 102 | -oIdentitiesOnly=yes somehost exit 52 |
djm@openbsd.org | dd36932 | 2017-04-30 23:34:55 +0000 | [diff] [blame] | 103 | r=$? |
| 104 | if [ $r -ne 52 ]; then |
djm@openbsd.org | c5a6cbd | 2017-12-19 00:49:30 +0000 | [diff] [blame] | 105 | fail "ssh connect with failed (exit code $r)" |
djm@openbsd.org | dd36932 | 2017-04-30 23:34:55 +0000 | [diff] [blame] | 106 | fi |
djm@openbsd.org | c5a6cbd | 2017-12-19 00:49:30 +0000 | [diff] [blame] | 107 | done |
Damien Miller | 38cd435 | 2002-05-01 13:17:33 +1000 | [diff] [blame] | 108 | |
djm@openbsd.org | c5a6cbd | 2017-12-19 00:49:30 +0000 | [diff] [blame] | 109 | trace "delete all agent keys" |
| 110 | ${SSHADD} -D > /dev/null 2>&1 |
| 111 | r=$? |
| 112 | if [ $r -ne 0 ]; then |
| 113 | fail "ssh-add -D failed: exit code $r" |
Damien Miller | 38cd435 | 2002-05-01 13:17:33 +1000 | [diff] [blame] | 114 | fi |
djm@openbsd.org | c5a6cbd | 2017-12-19 00:49:30 +0000 | [diff] [blame] | 115 | |
| 116 | trace "kill agent" |
| 117 | ${SSHAGENT} -k > /dev/null |