Generate and use host key in tests

corticph · Aug 19, 2020 · f735906 · f735906
1 parent cd5d032
commit f735906
Showing 1 changed file with 24 additions and 16 deletions.
diff --git a/tests/run b/tests/run
@@ -6,8 +6,12 @@ argOutput=${2:-"quiet"}
 argCleanup=${3:-"cleanup"}
 testDir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 imageName="$argImage"
-sshKeyPri="/tmp/atmoz_sftp_test_rsa"
-sshKeyPub="/tmp/atmoz_sftp_test_rsa.pub"
+tmpDir="$(mktemp -d /tmp/atmoz_sftp_XXXX)"
+sshKeyPri="$tmpDir/rsa"
+sshKeyPub="$tmpDir/rsa.pub"
+sshHostEd25519Key="$tmpDir/ssh_host_ed25519_key"
+sshHostKeyMountArg="--volume=$sshHostEd25519Key:/etc/ssh/ssh_host_ed25519_key"
+sshKnownHosts="$tmpDir/known_hosts"
 
 if [ $UID != 0 ] && ! groups | grep -qw docker; then
     echo "Run with sudo/root or add user $USER to group 'docker'"
@@ -46,6 +50,9 @@ function oneTimeSetUp() {
 
     # Private key can not be read by others (sshd will complain)
     chmod go-rw "$sshKeyPri"
+
+    # Generate host key
+    ssh-keygen -t ed25519 -f "$sshHostEd25519Key" < /dev/null
 }
 
 function setUp() {
@@ -87,15 +94,16 @@ function runSftpCommands() {
     user="$2"
     shift 2
 
+    echo "$ip $(cat "$sshHostEd25519Key.pub")" >> "$sshKnownHosts"
+
     commands=""
     for cmd in "$@"; do
         commands="$commands$cmd"$'\n'
     done
 
     echo "$commands" | sftp \
         -i "$sshKeyPri" \
-        -oStrictHostKeyChecking=no \
-        -oUserKnownHostsFile=/dev/null \
+        -oUserKnownHostsFile="$sshKnownHosts" \
         -b - "$user@$ip" \
         > "$redirect" 2>&1
 
@@ -127,7 +135,7 @@ function waitForServer() {
 ##############################################################################
 
 function testSmallestUserConfig() {
-    docker run --name "$containerName" \
+    docker run --name "$containerName" "$sshHostKeyMountArg" \
         --entrypoint="/bin/sh" \
         "$imageName" \
         -c "create-sftp-user u: && id u" \
@@ -136,7 +144,7 @@ function testSmallestUserConfig() {
 }
 
 function testCreateUserWithDot() {
-    docker run --name "$containerName" \
+    docker run --name "$containerName" "$sshHostKeyMountArg" \
         --entrypoint="/bin/sh" \
         "$imageName" \
         -c "create-sftp-user user.with.dot: && id user.with.dot" \
@@ -145,7 +153,7 @@ function testCreateUserWithDot() {
 }
 
 function testUserCustomUidAndGid() {
-    id="$(docker run --name "$containerName" \
+    id="$(docker run --name "$containerName" "$sshHostKeyMountArg" \
         --entrypoint="/bin/sh" \
         "$imageName" \
         -c "create-sftp-user u::1234:4321: > /dev/null && id u" )"
@@ -161,14 +169,14 @@ function testUserCustomUidAndGid() {
 }
 
 function testCommandPassthrough() {
-    docker run --name "$containerName" \
+    docker run --name "$containerName" "$sshHostKeyMountArg" \
         "$imageName" test 1 -eq 1 \
         > "$redirect" 2>&1
     assertTrue "command passthrough" $?
 }
 
 function testUsersConf() {
-    docker run --name "$containerName" -d \
+    docker run --name "$containerName" "$sshHostKeyMountArg" -d \
         -v "$testDir/files/users.conf:/etc/sftp/users.conf:ro" \
         "$imageName" \
         > "$redirect" 2>&1
@@ -190,7 +198,7 @@ function testUsersConf() {
 }
 
 function testLegacyUsersConf() {
-    docker run --name "$containerName" -d \
+    docker run --name "$containerName" "$sshHostKeyMountArg" -d \
         -v "$testDir/files/users.conf:/etc/sftp-users.conf:ro" \
         "$imageName" \
         > "$redirect" 2>&1
@@ -203,7 +211,7 @@ function testLegacyUsersConf() {
 }
 
 function testCreateUsersUsingEnv() {
-    docker run --name "$containerName" -d \
+    docker run --name "$containerName" "$sshHostKeyMountArg" -d \
         -e "SFTP_USERS=user-from-env: user-from-env-2:" \
         "$imageName" \
         > "$redirect" 2>&1
@@ -219,7 +227,7 @@ function testCreateUsersUsingEnv() {
 }
 
 function testCreateUsersUsingCombo() {
-    docker run --name "$containerName" -d \
+    docker run --name "$containerName" "$sshHostKeyMountArg" -d \
         -v "$testDir/files/users.conf:/etc/sftp-users.conf:ro" \
         -e "SFTP_USERS=user-from-env:" \
         "$imageName" \
@@ -240,7 +248,7 @@ function testCreateUsersUsingCombo() {
 }
 
 function testWriteAccessToAutocreatedDirs() {
-    docker run --name "$containerName" -d \
+    docker run --name "$containerName" "$sshHostKeyMountArg" -d \
         -v "$sshKeyPub":/home/test/.ssh/keys/id_rsa.pub:ro \
         "$imageName" "test::::testdir,dir with spaces" \
         > "$redirect" 2>&1
@@ -278,7 +286,7 @@ chmod 755 /home/*/sftp
 EOF
     chmod +x "$tmpScript"
 
-    docker run --name "$containerName" -d \
+    docker run --name "$containerName" "$sshHostKeyMountArg" -d \
         -v "$sshKeyPub":/home/test/.ssh/keys/id_rsa.pub:ro \
         -v "$tmpConfig:/etc/ssh/sshd_config" \
         -v "$tmpScript:/etc/sftp.d/limited_home_dir" \
@@ -306,7 +314,7 @@ function testBindmountDirScript() {
         > "$containerTmpDir/mount.sh"
     chmod +x "$containerTmpDir/mount.sh"
 
-    docker run --name "$containerName" -d \
+    docker run --name "$containerName" "$sshHostKeyMountArg" -d \
         --privileged=true \
         -v "$sshKeyPub":/home/custom/.ssh/keys/id_rsa.pub:ro \
         -v "$containerTmpDir/custom/bindmount":/custom \
@@ -328,7 +336,7 @@ function testBindmountDirScript() {
 }
 
 function testDuplicateSshKeys() {
-    docker run --name "$containerName" -d \
+    docker run --name "$containerName" "$sshHostKeyMountArg" -d \
         -v "$sshKeyPub":/home/user/.ssh/keys/key1.pub:ro \
         -v "$sshKeyPub":/home/user/.ssh/keys/key2.pub:ro \
         "$imageName" "user:" \