1 # $OpenBSD: key-options.sh,v 1.4 2017/04/30 23:34:55 djm Exp $
2 # Placed in the Public Domain.
6 origkeys="$OBJ/authkeys_orig"
7 authkeys="$OBJ/authorized_keys_${USER}"
10 # Test command= forced command
11 for c in 'command="echo bar"' 'no-pty,command="echo bar"'; do
12 sed "s/.*/$c &/" $origkeys >$authkeys
13 verbose "key option $c"
14 r=`${SSH} -q -F $OBJ/ssh_proxy somehost echo foo`
15 if [ "$r" = "foo" ]; then
16 fail "key option forced command not restricted"
18 if [ "$r" != "bar" ]; then
19 fail "key option forced command not executed"
24 sed 's/.*/no-pty &/' $origkeys >$authkeys
25 verbose "key option proto no-pty"
26 r=`${SSH} -q -F $OBJ/ssh_proxy somehost tty`
28 fail "key option failed no-pty (pty $r)"
32 echo 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy
33 sed 's/.*/environment="FOO=bar" &/' $origkeys >$authkeys
34 verbose "key option environment"
35 r=`${SSH} -q -F $OBJ/ssh_proxy somehost 'echo $FOO'`
36 if [ "$r" != "bar" ]; then
37 fail "key option environment not set"
40 # Test from= restriction
42 for f in 127.0.0.1 '127.0.0.0\/8'; do
43 cat $origkeys >$authkeys
44 ${SSH} -q -F $OBJ/ssh_proxy somehost true
46 fail "key option failed without restriction"
49 sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys
50 from=`head -1 $authkeys | cut -f1 -d ' '`
51 verbose "key option $from"
52 r=`${SSH} -q -F $OBJ/ssh_proxy somehost 'echo true'`
53 if [ "$r" = "true" ]; then
54 fail "key option $from not restricted"
57 r=`${SSH} -q -F $OBJ/ssh_config somehost 'echo true'`
58 if [ "$r" != "true" ]; then
59 fail "key option $from not allowed but should be"