Noticed that issue while reviewing #275633: when declaring
`ListenAddress host` without a port, all ports declared by
`Port`/`cfg.ports` will be used with `host` according to
`sshd_config(5)`.
However, if this is done and socket activation is used, only a socket
for port 22 is created instead of a sockets for each port from
`Port`/`cfg.ports`. This patch corrects that behavior.
Also added a regression test for this case.
Otherwise the tests will fail with `networking.useNetworkd = true;`
because `systemd-resolved` ignores invalid hostnames in `/etc/hosts`
(which is where all hosts from the `nodes`-attribute set end up) and
subsequently e.g. `ssh server_lazy` will fail because the name cannot be
resolved.
In d6e84a4574 the test-framework was
changed to replace all dashes with underscores of hostnames in the
python code to have readable hostnames that are valid. I.e.
nodes.foo-bar = {}
represents a host with a valid hostname and it can be referenced in the
`testScript` with `foo_bar`.
Applying this here fixes the test for both scripted networking and
networkd.
When using e.g. `{ addr = "[::]"; port = 22; }` at `listenAddresses`,
the check fails because of an escaping issue[1] with
last 1 log lines:
> Invalid test mode specification -f
For full logs, run 'nix log /nix/store/c6pbpw5hjkjgipmarwyic9zyqr1xaix5-check-sshd-config.drv'
Using `lib.escapeShellArg` appears to solve the problem.
[1] https://github.com/NixOS/nixpkgs/pull/256090#issuecomment-1738063528
So far the test only uses an authorized key that is copied over to the
target machine instead of being set by the target's configuration.
Now, we cover both cases.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
You can now run a test in the nixos/tests directory directly using
nix-build, e.g.
$ nix-build '<nixos/tests/login.nix>' -A test
This gets rid of having to add the test to nixos/tests/default.nix.
(Of course, you still need to add it to nixos/release.nix if you want
Hydra to run the test.)