pyrox.dev
openssh: test that startWhenNeeded works
+23
nixos/tests/openssh.nix
+23
nixos/tests/openssh.nix
···
35
35
];
36
36
};
37
37
38
+
server_lazy =
39
+
{ config, pkgs, ... }:
40
+
41
+
{
42
+
services.openssh = { enable = true; startWhenNeeded = true; };
43
+
security.pam.services.sshd.limits =
44
+
[ { domain = "*"; item = "memlock"; type = "-"; value = 1024; } ];
45
+
users.extraUsers.root.openssh.authorizedKeys.keys = [
46
+
snakeOilPublicKey
47
+
];
48
+
};
49
+
38
50
client =
39
51
{ config, pkgs, ... }: { };
40
52
···
50
62
subtest "manual-authkey", sub {
51
63
$server->succeed("mkdir -m 700 /root/.ssh");
52
64
$server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys");
65
+
$server_lazy->succeed("mkdir -m 700 /root/.ssh");
66
+
$server_lazy->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys");
53
67
54
68
$client->succeed("mkdir -m 700 /root/.ssh");
55
69
$client->copyFileFromHost("key", "/root/.ssh/id_ed25519");
···
58
72
$client->waitForUnit("network.target");
59
73
$client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'echo hello world' >&2");
60
74
$client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'ulimit -l' | grep 1024");
75
+
76
+
$client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server_lazy 'echo hello world' >&2");
77
+
$client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server_lazy 'ulimit -l' | grep 1024");
78
+
61
79
};
62
80
63
81
subtest "configured-authkey", sub {
···
66
84
$client->succeed("ssh -o UserKnownHostsFile=/dev/null" .
67
85
" -o StrictHostKeyChecking=no -i privkey.snakeoil" .
68
86
" server true");
87
+
88
+
$client->succeed("ssh -o UserKnownHostsFile=/dev/null" .
89
+
" -o StrictHostKeyChecking=no -i privkey.snakeoil" .
90
+
" server_lazy true");
91
+
69
92
};
70
93
'';
71
94
})