#!/usr/bin/env atf-sh . $(atf_get_srcdir)/test_env.sh init_tests \ setup_sshd_usage \ setup_sshd_empty \ setup_sshd_dropbear \ setup_sshd_openssh \ setup_sshd_openssh_c_compat \ setup_sshd_interactive_openssh_nologin \ setup_sshd_interactive_openssh_prohibitpass \ setup_sshd_interactive_openssh_nokey \ setup_sshd_interactive_openssh_user_exist \ setup_sshd_openssh_ssh_key setup_sshd_usage_body() { test_usage setup-sshd } setup_sshd_empty_body() { init_env atf_check -s exit:0 \ -e empty \ -o empty \ setup-sshd none } setup_sshd_dropbear_body() { init_env atf_check -s exit:0 \ -e empty \ -o match:"apk add .* dropbear" \ -o match:"service dropbear added" \ -o match:"Starting dropbear" \ setup-sshd dropbear } setup_sshd_openssh_body() { init_env export WGETCONTENT="ssh-id FOOBAR" atf_check -s exit:0 \ -e empty \ -o match:"apk add .* openssh" \ -o match:"service sshd added" \ -o match:"Starting sshd" \ setup-sshd -k 'https://example.com/user.keys' openssh grep -x 'ssh-id FOOBAR' root/.ssh/authorized_keys \ || atf_fail "failed to wget ssh key" # check that permissions are set properly atf_check -o match:"^700$" \ stat -c '%a' root/.ssh atf_check -o match:"^600$" \ stat -c '%a' root/.ssh/authorized_keys } setup_sshd_openssh_c_compat_body() { init_env atf_check -s exit:0 \ -e empty \ -o match:"apk add .* openssh" \ -o match:"service sshd added" \ -o match:"Starting sshd" \ -o not-match:"Allow root ssh" \ setup-sshd -c openssh } setup_sshd_interactive_openssh_nologin_body() { init_env mkdir -p etc/ssh echo "PermitRootLogin foobar" > etc/ssh/sshd_config ( echo "openssh" echo "no" ) >answers atf_check -s exit:0 \ -e empty \ -o match:"Which ssh server" \ -o match:"Allow root ssh login" \ -o not-match:"Enter ssh key" \ -o match:"apk add.* openssh" \ setup-sshd < answers grep '^PermitRootLogin no$' etc/ssh/sshd_config || atf_fail "did not set PermitRootLogin" } setup_sshd_interactive_openssh_prohibitpass_body() { init_env mkdir -p etc/ssh echo "PermitRootLogin foobar" > etc/ssh/sshd_config ( echo "openssh" echo "" echo "gh user" echo "" ) >answers export WGETCONTENT="key from github" atf_check -s exit:0 \ -e empty \ -o match:"Which ssh server" \ -o match:"apk add.* openssh" \ -o match:"Allow root ssh login.*\[prohibit-password\]" \ -o match:"Enter ssh key" \ -o match:"Enter ssh key.*github.com.*user.keys" \ setup-sshd etc/ssh/sshd_config ( echo "openssh" echo "yes" echo "none" ) >answers export WGETCONTENT="key from github" atf_check -s exit:0 \ -e empty \ -o match:"Which ssh server" \ -o match:"apk add.* openssh" \ -o match:"Allow root ssh login.*\[prohibit-password\]" \ -o match:"Enter ssh key" \ setup-sshd etc/passwd ( echo "openssh" ) >answers atf_check -s exit:0 \ -e empty \ -o match:"Which ssh server" \ -o not-match:"Allow root ssh login" \ -o not-match:"Enter ssh key" \ -o match:"apk add.* openssh" \ setup-sshd < answers } setup_sshd_openssh_ssh_key_body() { init_env SSH_KEY="ssh-rsa foobar user@example.com" atf_check -s exit:0 \ -o match:"apk add.*openssh" \ -e empty \ setup-sshd openssh grep "ssh-rsa foobar user@example.com" root/.ssh/authorized_keys \ || atf_fail "did not add ssh key" # check that permissions are set properly atf_check -o match:"^700$" \ stat -c '%a' root/.ssh atf_check -o match:"^600$" \ stat -c '%a' root/.ssh/authorized_keys }