Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / fcb1b0937182d0137a3c357c89735d0dc5869d54 / . / regress / forcecommand.sh
blob: e059f1fdbc615b8a6757474585c41586204e719a [file] [log] [blame]
djm@openbsd.orgdd369322017-04-30 23:34:55 +0000[diff] [blame]1# $OpenBSD: forcecommand.sh,v 1.4 2017/04/30 23:34:55 djm Exp $
Damien Miller7b1877c2006-07-24 15:31:41 +1000[diff] [blame]2# Placed in the Public Domain.
3
4tid="forced command"
5
6cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
7
markus@openbsd.orgdad2b182015-03-03 22:35:19 +0000[diff] [blame]8cp /dev/null $OBJ/authorized_keys_$USER
9for t in ${SSH_KEYTYPES}; do
10 printf 'command="true" ' >>$OBJ/authorized_keys_$USER
11 cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
12done
Damien Miller7b1877c2006-07-24 15:31:41 +1000[diff] [blame]13
djm@openbsd.orgdd369322017-04-30 23:34:55 +0000[diff] [blame]14trace "forced command in key option"
15${SSH} -F $OBJ/ssh_proxy somehost false || fail "forced command in key"
Damien Miller7b1877c2006-07-24 15:31:41 +1000[diff] [blame]16
markus@openbsd.orgdad2b182015-03-03 22:35:19 +0000[diff] [blame]17cp /dev/null $OBJ/authorized_keys_$USER
18for t in ${SSH_KEYTYPES}; do
19 printf 'command="false" ' >> $OBJ/authorized_keys_$USER
20 cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
21done
Damien Miller7b1877c2006-07-24 15:31:41 +1000[diff] [blame]22
23cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
24echo "ForceCommand true" >> $OBJ/sshd_proxy
25
djm@openbsd.orgdd369322017-04-30 23:34:55 +0000[diff] [blame]26trace "forced command in sshd_config overrides key option"
27${SSH} -F $OBJ/ssh_proxy somehost false || fail "forced command in key"
Damien Miller7b1877c2006-07-24 15:31:41 +1000[diff] [blame]28
29cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
30echo "ForceCommand false" >> $OBJ/sshd_proxy
31echo "Match User $USER" >> $OBJ/sshd_proxy
32echo " ForceCommand true" >> $OBJ/sshd_proxy
33
djm@openbsd.orgdd369322017-04-30 23:34:55 +0000[diff] [blame]34trace "forced command with match"
35${SSH} -F $OBJ/ssh_proxy somehost false || fail "forced command in key"