@@ -39,6 +39,13 @@ ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key \
3939trace " overwrite authorized keys"
4040printf ' ' > $OBJ /authorized_keys_$USER
4141
42+ if [ " $os " == " windows" ; then
43+ # We are adding the default ssh-rsa key to the agent. Certificate based key don't
44+ # seem to be currently working.
45+ cat $OBJ /ssh-rsa.pub >> $OBJ /authorized_keys_$USER
46+ ${SSHADD} $OBJ /ssh-rsa > /dev/null 2>&1
47+ fi
48+
4249for t in ${SSH_KEYTYPES} ; do
4350 # generate user key for agent
4451 rm -f $OBJ /$t -agent $OBJ /$t -agent.pub*
@@ -90,6 +97,7 @@ if [ $r -ne 52 ]; then
9097 fail " ssh connect with failed (exit code $r )"
9198fi
9299
100+ if [ " $os " != " windows" ; then
93101for t in ${SSH_KEYTYPES} ; do
94102 trace " connect via agent using $t key"
95103 if [ " $t " = " ssh-dss" ; then
@@ -103,130 +111,134 @@ for t in ${SSH_KEYTYPES}; do
103111 fail " ssh connect with failed (exit code $r )"
104112 fi
105113done
114+ fi
106115
107116trace " agent forwarding"
108117${SSH} -A -F $OBJ /ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
109118r=$?
110119if [ $r -ne 0 ]; then
111120 fail " ssh-add -l via agent fwd failed (exit code $r )"
112121fi
113- ${SSH} " -oForwardAgent=$SSH_AUTH_SOCK " $OBJ /ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
114- r=$?
115- if [ $r -ne 0 ]; then
116- fail " ssh-add -l via agent path fwd failed (exit code $r )"
117- fi
118- ${SSH} -A -F $OBJ /ssh_proxy somehost \
119- " ${SSH} -F $OBJ /ssh_proxy somehost exit 52"
120- r=$?
121- if [ $r -ne 52 ]; then
122- fail " agent fwd failed (exit code $r )"
123- fi
124-
125- trace " agent forwarding different agent"
126- ${SSH} " -oForwardAgent=$FW_SSH_AUTH_SOCK " $OBJ /ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
127- r=$?
128- if [ $r -ne 0 ]; then
129- fail " ssh-add -l via agent path fwd of different agent failed (exit code $r )"
130- fi
131- ${SSH} ' -oForwardAgent=$FW_SSH_AUTH_SOCK' $OBJ /ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
132- r=$?
133- if [ $r -ne 0 ]; then
134- fail " ssh-add -l via agent path env fwd of different agent failed (exit code $r )"
135- fi
136-
137- # Remove keys from forwarded agent, ssh-add on remote machine should now fail.
138- SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} -D > /dev/null 2>&1
139- r=$?
140- if [ $r -ne 0 ]; then
141- fail " ssh-add -D failed: exit code $r "
142- fi
143- ${SSH} ' -oForwardAgent=$FW_SSH_AUTH_SOCK' $OBJ /ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
144- r=$?
145- if [ $r -ne 1 ]; then
146- fail " ssh-add -l with different agent did not fail with exit code 1 (exit code $r )"
147- fi
148122
149- (printf ' cert-authority,principals="estragon" ' ; cat $OBJ /user_ca_key.pub) \
150- > $ OBJauthorized_keys_ $USER
151- for t in ${SSH_KEYTYPES} ; do
152- if [ " $t " != " ssh-dss " ; then
153- trace " connect via agent using $t key "
154- ${SSH} -F $OBJ /ssh_proxy -i $OBJ / $t -agent.pub \
155- -oCertificateFile= $OBJ /$t -agent-cert.pub \
156- -oIdentitiesOnly=yes somehost exit 52
123+ if [ " $os " != " windows " ] ; then
124+ ${SSH} " -oForwardAgent= $SSH_AUTH_SOCK " -F $ OBJssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
125+ r= $?
126+ if [ $r -ne 0 ]; then
127+ fail " ssh-add -l via agent path fwd failed (exit code $r ) "
128+ fi
129+ ${SSH} -A -F $OBJ /ssh_proxy somehost \
130+ " ${SSH} -F $OBJ /ssh_proxy somehost exit 52"
157131 r=$?
158132 if [ $r -ne 52 ]; then
159- fail " ssh connect with failed (exit code $r )"
133+ fail " agent fwd failed (exit code $r )"
160134 fi
161- fi
162- done
163135
164- # # Deletion tests.
136+ trace " agent forwarding different agent"
137+ ${SSH} " -oForwardAgent=$FW_SSH_AUTH_SOCK " $OBJ /ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
138+ r=$?
139+ if [ $r -ne 0 ]; then
140+ fail " ssh-add -l via agent path fwd of different agent failed (exit code $r )"
141+ fi
142+ ${SSH} ' -oForwardAgent=$FW_SSH_AUTH_SOCK' $OBJ /ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
143+ r=$?
144+ if [ $r -ne 0 ]; then
145+ fail " ssh-add -l via agent path env fwd of different agent failed (exit code $r )"
146+ fi
165147
166- trace " delete all agent keys"
167- ${SSHADD} -D > /dev/null 2>&1
168- r=$?
169- if [ $r -ne 0 ]; then
170- fail " ssh-add -D failed: exit code $r "
171- fi
172- # make sure they're gone
173- ${SSHADD} -l > /dev/null 2>&1
174- r=$?
175- if [ $r -ne 1 ]; then
176- fail " ssh-add -l returned unexpected exit code: $r "
177- fi
178- trace " readd keys"
179- # re-add keys/certs to agent
180- for t in ${SSH_KEYTYPES} ; do
181- ${SSHADD} $OBJ /$t -agent-private > /dev/null 2>&1 || \
182- fail " ssh-add failed exit code $? "
183- done
184- # make sure they are there
185- ${SSHADD} -l > /dev/null 2>&1
186- r=$?
187- if [ $r -ne 0 ]; then
188- fail " ssh-add -l failed: exit code $r "
189- fi
148+ # Remove keys from forwarded agent, ssh-add on remote machine should now fail.
149+ SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} -D > /dev/null 2>&1
150+ r=$?
151+ if [ $r -ne 0 ]; then
152+ fail " ssh-add -D failed: exit code $r "
153+ fi
154+ ${SSH} ' -oForwardAgent=$FW_SSH_AUTH_SOCK' $OBJ /ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
155+ r=$?
156+ if [ $r -ne 1 ]; then
157+ fail " ssh-add -l with different agent did not fail with exit code 1 (exit code $r )"
158+ fi
190159
191- check_key_absent () {
192- ${SSHADD} -L | grep " ^$1 " > /dev/null
193- if [ $? -eq 0 ]; then
194- fail " $1 key unexpectedly present"
160+ (printf ' cert-authority,principals="estragon" ' ; cat $OBJ /user_ca_key.pub) \
161+ > $OBJ /authorized_keys_$USER
162+ for t in ${SSH_KEYTYPES} ; do
163+ if [ " $t " != " ssh-dss" ; then
164+ trace " connect via agent using $t key"
165+ ${SSH} -F $OBJ /ssh_proxy -i $OBJ /$t -agent.pub \
166+ -oCertificateFile=$OBJ /$t -agent-cert.pub \
167+ -oIdentitiesOnly=yes somehost exit 52
168+ r=$?
169+ if [ $r -ne 52 ]; then
170+ fail " ssh connect with failed (exit code $r )"
171+ fi
172+ fi
173+ done
174+
175+ # # Deletion tests.
176+
177+ trace " delete all agent keys"
178+ ${SSHADD} -D > /dev/null 2>&1
179+ r=$?
180+ if [ $r -ne 0 ]; then
181+ fail " ssh-add -D failed: exit code $r "
195182 fi
196- }
197- check_key_present () {
198- ${SSHADD} -L | grep " ^$1 " > /dev/null
199- if [ $? -ne 0 ]; then
200- fail " $1 key missing from agent"
183+ # make sure they're gone
184+ ${SSHADD} -l > /dev/null 2>&1
185+ r=$?
186+ if [ $r -ne 1 ]; then
187+ fail " ssh-add -l returned unexpected exit code: $r "
188+ fi
189+ trace " readd keys"
190+ # re-add keys/certs to agent
191+ for t in ${SSH_KEYTYPES} ; do
192+ ${SSHADD} $OBJ /$t -agent-private > /dev/null 2>&1 || \
193+ fail " ssh-add failed exit code $? "
194+ done
195+ # make sure they are there
196+ ${SSHADD} -l > /dev/null 2>&1
197+ r=$?
198+ if [ $r -ne 0 ]; then
199+ fail " ssh-add -l failed: exit code $r "
201200 fi
202- }
203-
204- # delete the ed25519 key
205- trace " delete single key by file"
206- ${SSHADD} -qdk $OBJ /ssh-ed25519-agent || fail " ssh-add -d ed25519 failed"
207- check_key_absent ssh-ed25519
208- check_key_present ssh-ed25519-cert-v01@openssh.com
209- # Put key/cert back.
210- ${SSHADD} $OBJ /ssh-ed25519-agent-private > /dev/null 2>&1 || \
211- fail " ssh-add failed exit code $? "
212- check_key_present ssh-ed25519
213- # Delete both key and certificate.
214- trace " delete key/cert by file"
215- ${SSHADD} -qd $OBJ /ssh-ed25519-agent || fail " ssh-add -d ed25519 failed"
216- check_key_absent ssh-ed25519
217- check_key_absent ssh-ed25519-cert-v01@openssh.com
218- # Put key/cert back.
219- ${SSHADD} $OBJ /ssh-ed25519-agent-private > /dev/null 2>&1 || \
220- fail " ssh-add failed exit code $? "
221- check_key_present ssh-ed25519
222- # Delete certificate via stdin
223- ${SSHADD} -qd - < $OBJ /ssh-ed25519-agent-cert.pub || fail " ssh-add -d - failed"
224- check_key_present ssh-ed25519
225- check_key_absent ssh-ed25519-cert-v01@openssh.com
226- # Delete key via stdin
227- ${SSHADD} -qd - < $OBJ /ssh-ed25519-agent.pub || fail " ssh-add -d - failed"
228- check_key_absent ssh-ed25519
229- check_key_absent ssh-ed25519-cert-v01@openssh.com
201+
202+ check_key_absent () {
203+ ${SSHADD} -L | grep " ^$1 " > /dev/null
204+ if [ $? -eq 0 ]; then
205+ fail " $1 key unexpectedly present"
206+ fi
207+ }
208+ check_key_present () {
209+ ${SSHADD} -L | grep " ^$1 " > /dev/null
210+ if [ $? -ne 0 ]; then
211+ fail " $1 key missing from agent"
212+ fi
213+ }
214+
215+ # delete the ed25519 key
216+ trace " delete single key by file"
217+ ${SSHADD} -qdk $OBJ /ssh-ed25519-agent || fail " ssh-add -d ed25519 failed"
218+ check_key_absent ssh-ed25519
219+ check_key_present ssh-ed25519-cert-v01@openssh.com
220+ # Put key/cert back.
221+ ${SSHADD} $OBJ /ssh-ed25519-agent-private > /dev/null 2>&1 || \
222+ fail " ssh-add failed exit code $? "
223+ check_key_present ssh-ed25519
224+ # Delete both key and certificate.
225+ trace " delete key/cert by file"
226+ ${SSHADD} -qd $OBJ /ssh-ed25519-agent || fail " ssh-add -d ed25519 failed"
227+ check_key_absent ssh-ed25519
228+ check_key_absent ssh-ed25519-cert-v01@openssh.com
229+ # Put key/cert back.
230+ ${SSHADD} $OBJ /ssh-ed25519-agent-private > /dev/null 2>&1 || \
231+ fail " ssh-add failed exit code $? "
232+ check_key_present ssh-ed25519
233+ # Delete certificate via stdin
234+ ${SSHADD} -qd - < $OBJ /ssh-ed25519-agent-cert.pub || fail " ssh-add -d - failed"
235+ check_key_present ssh-ed25519
236+ check_key_absent ssh-ed25519-cert-v01@openssh.com
237+ # Delete key via stdin
238+ ${SSHADD} -qd - < $OBJ /ssh-ed25519-agent.pub || fail " ssh-add -d - failed"
239+ check_key_absent ssh-ed25519
240+ check_key_absent ssh-ed25519-cert-v01@openssh.com
241+ fi
230242
231243trace " kill agent"
232244${SSHAGENT} -k > /dev/null
0 commit comments