nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-02-23 04:25:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

nixos/tests/openssh: add test for AllowUsers

Browse Source 
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
Christoph Heiss 2023-10-08 23:23:51 +02:00
parent a077b7fadb
commit 4714845327
No known key found for this signature in database
GPG Key ID: 73D5E7FDEE3DE49A
1 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
nixos/tests/openssh.nix
View File

@ -82,6 +82,19 @@ in {
}; };
}; };
server_allowedusers =
{ ... }:
{
services.openssh = { enable = true; settings.AllowUsers = [ "alice" "bob" ]; };
users.groups = { alice = { }; bob = { }; carol = { }; };
users.users = {
alice = { isNormalUser = true; group = "alice"; openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; };
bob = { isNormalUser = true; group = "bob"; openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; };
carol = { isNormalUser = true; group = "carol"; openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; };
};
};
client = client =
{ ... }: { }; { ... }: { };
@ -147,5 +160,23 @@ in {
with subtest("match-rules"): with subtest("match-rules"):
server_match_rule.succeed("ss -nlt | grep '127.0.0.1:22'") server_match_rule.succeed("ss -nlt | grep '127.0.0.1:22'")
with subtest("allowed-users"):
client.succeed(
"cat ${snakeOilPrivateKey} > privkey.snakeoil"
)
client.succeed("chmod 600 privkey.snakeoil")
client.succeed(
"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil alice@server_allowedusers true",
timeout=30
)
client.succeed(
"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil bob@server_allowedusers true",
timeout=30
)
client.fail(
"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil carol@server_allowedusers true",
timeout=30
)
''; '';
}) })