1 # $OpenBSD: key-options.sh,v 1.2 2008/06/30 08:07:34 djm Exp $ 2 # Placed in the Public Domain. 3 4 tid="key options" 5 6 origkeys="$OBJ/authkeys_orig" 7 authkeys="$OBJ/authorized_keys_${USER}" 8 cp $authkeys $origkeys 9 10 # Test command= forced command 11 for p in 1 2; do 12 for c in 'command="echo bar"' 'no-pty,command="echo bar"'; do 13 sed "s/.*/$c &/" $origkeys >$authkeys 14 verbose "key option proto $p $c" 15 r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost echo foo` 16 if [ "$r" = "foo" ]; then 17 fail "key option forced command not restricted" 18 fi 19 if [ "$r" != "bar" ]; then 20 fail "key option forced command not executed" 21 fi 22 done 23 done 24 25 # Test no-pty 26 sed 's/.*/no-pty &/' $origkeys >$authkeys 27 for p in 1 2; do 28 verbose "key option proto $p no-pty" 29 r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost tty` 30 if [ -f "$r" ]; then 31 fail "key option failed proto $p no-pty (pty $r)" 32 fi 33 done 34 35 # Test environment= 36 echo 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy 37 sed 's/.*/environment="FOO=bar" &/' $origkeys >$authkeys 38 for p in 1 2; do 39 verbose "key option proto $p environment" 40 r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo $FOO'` 41 if [ "$r" != "bar" ]; then 42 fail "key option environment not set" 43 fi 44 done 45 46 # Test from= restriction 47 start_sshd 48 for p in 1 2; do 49 for f in 127.0.0.1 '127.0.0.0\/8'; do 50 cat $origkeys >$authkeys 51 ${SSH} -$p -q -F $OBJ/ssh_proxy somehost true 52 if [ $? -ne 0 ]; then 53 fail "key option proto $p failed without restriction" 54 fi 55 56 sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys 57 from=`head -1 $authkeys | cut -f1 -d ' '` 58 verbose "key option proto $p $from" 59 r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'` 60 if [ "$r" = "true" ]; then 61 fail "key option proto $p $from not restricted" 62 fi 63 64 r=`${SSH} -$p -q -F $OBJ/ssh_config somehost 'echo true'` 65 if [ "$r" != "true" ]; then 66 fail "key option proto $p $from not allowed but should be" 67 fi 68 done 69 done 70 71 rm -f "$origkeys" 72
