Commit Graph

24 Commits

Author SHA1 Message Date
Maximilian Bosch
7e45990c06
nixos/sshd: fix socket activated ports when using ListenAddress
Noticed that issue while reviewing #275633: when declaring
`ListenAddress host` without a port, all ports declared by
`Port`/`cfg.ports` will be used with `host` according to
`sshd_config(5)`.

However, if this is done and socket activation is used, only a socket
for port 22 is created instead of a sockets for each port from
`Port`/`cfg.ports`. This patch corrects that behavior.

Also added a regression test for this case.
2024-01-03 19:42:45 +01:00
Artturi
c1cfba583d
Merge pull request #260050 from 6t8k/nixos-test-openssh-wait-for-sshd 2023-11-08 01:00:37 +02:00
Aaron Andersen
3b848391b6
Merge pull request #227442 from christoph-heiss/openssh/allowusers
openssh: add {Allow,Deny}{Users,Groups} settings
2023-10-29 08:20:22 -04:00
Maximilian Bosch
b16ac6e7bb
nixos/tests/openssh: use dashes for hostnames
Otherwise the tests will fail with `networking.useNetworkd = true;`
because `systemd-resolved` ignores invalid hostnames in `/etc/hosts`
(which is where all hosts from the `nodes`-attribute set end up) and
subsequently e.g. `ssh server_lazy` will fail because the name cannot be
resolved.

In d6e84a4574 the test-framework was
changed to replace all dashes with underscores of hostnames in the
python code to have readable hostnames that are valid. I.e.

    nodes.foo-bar = {}

represents a host with a valid hostname and it can be referenced in the
`testScript` with `foo_bar`.

Applying this here fixes the test for both scripted networking and
networkd.
2023-10-24 14:24:10 +02:00
Christoph Heiss
4714845327
nixos/tests/openssh: add test for AllowUsers
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
2023-10-19 18:30:52 +02:00
6t8k
ebec07fd24
nixos/tests/openssh: wait for sshd(.socket) units, add timeout=30
Motivated by recently observed flakiness of this test on Hydra:

[1] https://github.com/NixOS/nixpkgs/pull/259051#issuecomment-1752363951
[2] https://hydra.nixos.org/build/237478399
2023-10-09 20:54:14 +02:00
Maximilian Bosch
e515dce892 nixos/sshd: fix sshd.conf validity check
When using e.g. `{ addr = "[::]"; port = 22; }` at `listenAddresses`,
the check fails because of an escaping issue[1] with

    last 1 log lines:
    > Invalid test mode specification -f
    For full logs, run 'nix log /nix/store/c6pbpw5hjkjgipmarwyic9zyqr1xaix5-check-sshd-config.drv'

Using `lib.escapeShellArg` appears to solve the problem.

[1] https://github.com/NixOS/nixpkgs/pull/256090#issuecomment-1738063528
2023-09-28 00:11:31 +00:00
Carl Richard Theodor Schneider
cd2dead42c nixos/tests/openssh: add Match config for validation test 2023-09-19 18:13:44 +02:00
K900
79265fba34 nixos/tests/openssh: add timeouts to all ssh invocations
It might still lock up, but at least it won't lock up for 10 hours.
2022-05-04 07:58:52 +03:00
Dominik Xaver Hörl
25bef2d8f9 treewide: simplify pkgs.stdenv.lib -> pkgs.lib
The library does not depend on stdenv, that `stdenv` exposes `lib` is
an artifact of the ancient origins of nixpkgs.
2021-01-10 20:12:06 +01:00
Marijan
b786c1be04 nixos/openssh: port test to python 2019-11-05 12:00:19 +01:00
Nikita Uvarov
131e31cd1b
sshd: fix startWhenNeeded and listenAddresses combination
Previously, if startWhenNeeded was set, listenAddresses option was
ignored and daemon was listening on all interfaces.
Fixes #56325.
2019-02-25 00:51:58 +01:00
Florian Friesdorf
fbef5ab82f Remove myself as maintainer from packages
I'm currently not maintaining any packages.
2019-02-22 16:14:13 +01:00
volth
2e979e8ceb [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
Florian Klink
89d5d191b4 nixos/tests: users.(extraUsers|extraGroup->users|group) 2018-06-30 02:31:30 +02:00
Shea Levy
4de72b90f3
nixos: nix.sshServe: Support ssh-ng. 2018-02-28 16:55:00 -05:00
Graham Christensen
bf659128a0
openssh: test that startWhenNeeded works 2016-12-29 17:04:52 -05:00
William A. Kennington III
7a0980e5dc nixos/tests/openssh: Fix test by using safe public keys 2015-08-12 11:16:26 -07:00
Joachim Schiele
0731489953 all tests: added meta.maintainers section 2015-07-12 12:29:51 +02:00
Florian Friesdorf
9b7dbcc83e name nixos tests, close #3078 2014-06-28 16:05:47 +02:00
aszlig
865787ef32
nixos/tests/openssh: Test configured auth keys.
So far the test only uses an authorized key that is copied over to the
target machine instead of being set by the target's configuration.

Now, we cover both cases.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-06-27 08:52:03 +02:00
Eelco Dolstra
abe218950c Make it easier to run the tests
You can now run a test in the nixos/tests directory directly using
nix-build, e.g.

  $ nix-build '<nixos/tests/login.nix>' -A test

This gets rid of having to add the test to nixos/tests/default.nix.
(Of course, you still need to add it to nixos/release.nix if you want
Hydra to run the test.)
2014-04-14 14:02:44 +02:00
Eelco Dolstra
8c047d4f2c Test whether PAM resource limits work 2013-10-17 15:37:08 +02:00
Eelco Dolstra
5c1f8cbc70 Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00