crypto/openssh/regress/forcecommand.sh

   1 #       $OpenBSD: forcecommand.sh,v 1.4 2017/04/30 23:34:55 djm Exp $
   2 #       Placed in the Public Domain.
   3
   4 tid="forced command"
   5
   6 cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
   7
   8 cp /dev/null $OBJ/authorized_keys_$USER
   9 for t in ${SSH_KEYTYPES}; do
  10         printf 'command="true" ' >>$OBJ/authorized_keys_$USER
  11         cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
  12 done
  13
  14 trace "forced command in key option"
  15 ${SSH} -F $OBJ/ssh_proxy somehost false || fail "forced command in key"
  16
  17 cp /dev/null $OBJ/authorized_keys_$USER
  18 for t in ${SSH_KEYTYPES}; do
  19         printf 'command="false" ' >> $OBJ/authorized_keys_$USER
  20         cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
  21 done
  22
  23 cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
  24 echo "ForceCommand true" >> $OBJ/sshd_proxy
  25
  26 trace "forced command in sshd_config overrides key option"
  27 ${SSH} -F $OBJ/ssh_proxy somehost false || fail "forced command in key"
  28
  29 cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
  30 echo "ForceCommand false" >> $OBJ/sshd_proxy
  31 echo "Match User $USER" >> $OBJ/sshd_proxy
  32 echo "    ForceCommand true" >> $OBJ/sshd_proxy
  33
  34 trace "forced command with match"
  35 ${SSH} -F $OBJ/ssh_proxy somehost false || fail "forced command in key"