|
Lines 45-61
for t in ${SSH_KEYTYPES}; do
Link Here
|
| 45 |
# add to authorized keys |
45 |
# add to authorized keys |
| 46 |
cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER |
46 |
cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER |
| 47 |
# add private key to agent |
47 |
# add private key to agent |
| 48 |
${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1 |
48 |
${SSHADD} $OBJ/$t-agent > /dev/null 2>&1 |
| 49 |
if [ $? -ne 0 ]; then |
49 |
if [ $? -ne 0 ]; then |
| 50 |
fail "ssh-add failed exit code $?" |
50 |
fail "ssh-add failed exit code $?" |
| 51 |
fi |
51 |
fi |
| 52 |
# add private key to second agent |
52 |
# add private key to second agent |
| 53 |
SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1 |
53 |
SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1 |
| 54 |
if [ $? -ne 0 ]; then |
54 |
if [ $? -ne 0 ]; then |
| 55 |
fail "ssh-add failed exit code $?" |
55 |
fail "ssh-add failed exit code $?" |
| 56 |
fi |
56 |
fi |
| 57 |
# Remove private key to ensure that we aren't accidentally using it. |
57 |
# Move private key to ensure that we aren't accidentally using it. |
| 58 |
rm -f $OBJ/$t-agent |
58 |
# Keep the corresponding public keys/certs around for later use. |
|
|
59 |
mv -f $OBJ/$t-agent $OBJ/$t-agent-private |
| 60 |
cp -f $OBJ/$t-agent.pub $OBJ/$t-agent-private.pub |
| 61 |
cp -f $OBJ/$t-agent-cert.pub $OBJ/$t-agent-private-cert.pub |
| 59 |
done |
62 |
done |
| 60 |
|
63 |
|
| 61 |
# Remove explicit identity directives from ssh_proxy |
64 |
# Remove explicit identity directives from ssh_proxy |
|
Lines 152-163
for t in ${SSH_KEYTYPES}; do
Link Here
|
| 152 |
fi |
155 |
fi |
| 153 |
done |
156 |
done |
| 154 |
|
157 |
|
|
|
158 |
## Deletion tests. |
| 159 |
|
| 155 |
trace "delete all agent keys" |
160 |
trace "delete all agent keys" |
| 156 |
${SSHADD} -D > /dev/null 2>&1 |
161 |
${SSHADD} -D > /dev/null 2>&1 |
| 157 |
r=$? |
162 |
r=$? |
| 158 |
if [ $r -ne 0 ]; then |
163 |
if [ $r -ne 0 ]; then |
| 159 |
fail "ssh-add -D failed: exit code $r" |
164 |
fail "ssh-add -D failed: exit code $r" |
| 160 |
fi |
165 |
fi |
|
|
166 |
# make sure they're gone |
| 167 |
${SSHADD} -l > /dev/null 2>&1 |
| 168 |
r=$? |
| 169 |
if [ $r -ne 1 ]; then |
| 170 |
fail "ssh-add -l returned unexpected exit code: $r" |
| 171 |
fi |
| 172 |
trace "readd keys" |
| 173 |
# re-add keys/certs to agent |
| 174 |
for t in ${SSH_KEYTYPES}; do |
| 175 |
${SSHADD} $OBJ/$t-agent-private >/dev/null 2>&1 || \ |
| 176 |
fail "ssh-add failed exit code $?" |
| 177 |
done |
| 178 |
# make sure they are there |
| 179 |
${SSHADD} -l > /dev/null 2>&1 |
| 180 |
r=$? |
| 181 |
if [ $r -ne 0 ]; then |
| 182 |
fail "ssh-add -l failed: exit code $r" |
| 183 |
fi |
| 184 |
|
| 185 |
check_key_absent() { |
| 186 |
${SSHADD} -L | grep "^$1 " >/dev/null |
| 187 |
if [ $? -eq 0 ]; then |
| 188 |
fail "$1 key unexpectedly present" |
| 189 |
fi |
| 190 |
} |
| 191 |
check_key_present() { |
| 192 |
${SSHADD} -L | grep "^$1 " >/dev/null |
| 193 |
if [ $? -ne 0 ]; then |
| 194 |
fail "$1 key missing from agent" |
| 195 |
fi |
| 196 |
} |
| 197 |
|
| 198 |
# delete the ed25519 key |
| 199 |
trace "delete single key by file" |
| 200 |
${SSHADD} -qdk ssh-ed25519-agent || fail "ssh-add -d ed25519 failed" |
| 201 |
check_key_absent ssh-ed25519 |
| 202 |
check_key_present ssh-ed25519-cert-v01@openssh.com |
| 203 |
# Put key/cert back. |
| 204 |
${SSHADD} $OBJ/ssh-ed25519-agent-private >/dev/null 2>&1 || \ |
| 205 |
fail "ssh-add failed exit code $?" |
| 206 |
check_key_present ssh-ed25519 |
| 207 |
# Delete both key and certificate. |
| 208 |
trace "delete key/cert by file" |
| 209 |
${SSHADD} -qd ssh-ed25519-agent || fail "ssh-add -d ed25519 failed" |
| 210 |
check_key_absent ssh-ed25519 |
| 211 |
check_key_absent ssh-ed25519-cert-v01@openssh.com |
| 212 |
# Put key/cert back. |
| 213 |
${SSHADD} $OBJ/ssh-ed25519-agent-private >/dev/null 2>&1 || \ |
| 214 |
fail "ssh-add failed exit code $?" |
| 215 |
check_key_present ssh-ed25519 |
| 216 |
# Delete certificate via stdin |
| 217 |
${SSHADD} -qd - < ssh-ed25519-agent-cert.pub || fail "ssh-add -d - failed" |
| 218 |
check_key_present ssh-ed25519 |
| 219 |
check_key_absent ssh-ed25519-cert-v01@openssh.com |
| 220 |
# Delete key via stdin |
| 221 |
${SSHADD} -qd - < ssh-ed25519-agent.pub || fail "ssh-add -d - failed" |
| 222 |
check_key_absent ssh-ed25519 |
| 223 |
check_key_absent ssh-ed25519-cert-v01@openssh.com |
| 161 |
|
224 |
|
| 162 |
trace "kill agent" |
225 |
trace "kill agent" |
| 163 |
${SSHAGENT} -k > /dev/null |
226 |
${SSHAGENT} -k > /dev/null |