1 # $OpenBSD: agent.sh,v 1.13 2017/12/19 00:49:30 djm Exp $
2 # Placed in the Public Domain.
4 tid="simple agent test"
6 SSH_AUTH_SOCK=/nonexistent ${SSHADD} -l > /dev/null 2>&1
8 fail "ssh-add -l did not fail with exit code 2"
12 eval `${SSHAGENT} -s` > /dev/null
15 fatal "could not start ssh-agent: exit code $r"
18 ${SSHADD} -l > /dev/null 2>&1
20 fail "ssh-add -l did not fail with exit code 1"
23 rm -f $OBJ/user_ca_key $OBJ/user_ca_key.pub
24 ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key \
25 || fatal "ssh-keygen failed"
27 trace "overwrite authorized keys"
28 printf '' > $OBJ/authorized_keys_$USER
30 for t in ${SSH_KEYTYPES}; do
31 # generate user key for agent
32 rm -f $OBJ/$t-agent $OBJ/$t-agent.pub*
33 ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\
34 fatal "ssh-keygen for $t-agent failed"
35 # Make a certificate for each too.
36 ${SSHKEYGEN} -qs $OBJ/user_ca_key -I "$t cert" \
37 -n estragon $OBJ/$t-agent.pub || fatal "ca sign failed"
39 # add to authorized keys
40 cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER
41 # add privat key to agent
42 ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1
44 fail "ssh-add did succeed exit code 0"
46 # Remove private key to ensure that we aren't accidentally using it.
50 # Remove explicit identity directives from ssh_proxy
51 mv $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
52 grep -vi identityfile $OBJ/ssh_proxy_bak > $OBJ/ssh_proxy
54 ${SSHADD} -l > /dev/null 2>&1
57 fail "ssh-add -l failed: exit code $r"
59 # the same for full pubkey output
60 ${SSHADD} -L > /dev/null 2>&1
63 fail "ssh-add -L failed: exit code $r"
66 trace "simple connect via agent"
67 ${SSH} -F $OBJ/ssh_proxy somehost exit 52
69 if [ $r -ne 52 ]; then
70 fail "ssh connect with failed (exit code $r)"
73 for t in ${SSH_KEYTYPES}; do
74 trace "connect via agent using $t key"
75 ${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \
78 if [ $r -ne 52 ]; then
79 fail "ssh connect with failed (exit code $r)"
83 trace "agent forwarding"
84 ${SSH} -A -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
87 fail "ssh-add -l via agent fwd failed (exit code $r)"
89 ${SSH} -A -F $OBJ/ssh_proxy somehost \
90 "${SSH} -F $OBJ/ssh_proxy somehost exit 52"
92 if [ $r -ne 52 ]; then
93 fail "agent fwd failed (exit code $r)"
96 (printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \
97 > $OBJ/authorized_keys_$USER
98 for t in ${SSH_KEYTYPES}; do
99 trace "connect via agent using $t key"
100 ${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub \
101 -oCertificateFile=$OBJ/$t-agent-cert.pub \
102 -oIdentitiesOnly=yes somehost exit 52
104 if [ $r -ne 52 ]; then
105 fail "ssh connect with failed (exit code $r)"
109 trace "delete all agent keys"
110 ${SSHADD} -D > /dev/null 2>&1
112 if [ $r -ne 0 ]; then
113 fail "ssh-add -D failed: exit code $r"
117 ${SSHAGENT} -k > /dev/null