Skip to content

Commit

Permalink
Update tests to explicitly set HostKeyCallback
Browse files Browse the repository at this point in the history 
 - Updating x/crypto introduced a breaking change:
 golang/crypto@e4e2799
 - Explicitly setting HostKeyCallback to ssh.InsecureIgnoreHostKey is
 equivalent to not setting HostKeyCallback before the crypto update

 [#137290331]

Signed-off-by: Caroline Taymor <ctaymor@pivotal.io>
  • Loading branch information
@swetharepakula
swetharepakula authored and Caroline Taymor committed Aug 9, 2017
1 parent 8982225 commit a0438f7
Show file tree
Hide file tree
Showing 4 changed files with 54 additions and 24 deletions.
35 changes: 21 additions & 14 deletions cmd/ssh-proxy/main_test.go
View file
Expand Up @@ -428,8 +428,9 @@ var _ = Describe("SSH proxy", func() {
Describe("attempting authentication without a realm", func() {
BeforeEach(func() {
clientConfig = &ssh.ClientConfig{
User: processGuid + "/99",
Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)},
User: processGuid + "/99",
Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
})

Expand All @@ -443,8 +444,9 @@ var _ = Describe("SSH proxy", func() {
Describe("attempting authentication with an unknown realm", func() {
BeforeEach(func() {
clientConfig = &ssh.ClientConfig{
User: "goo:" + processGuid + "/99",
Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)},
User: "goo:" + processGuid + "/99",
Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
})

Expand All @@ -458,8 +460,9 @@ var _ = Describe("SSH proxy", func() {
Describe("authenticating with the diego realm", func() {
BeforeEach(func() {
clientConfig = &ssh.ClientConfig{
User: "diego:" + processGuid + "/99",
Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)},
User: "diego:" + processGuid + "/99",
Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
})

Expand Down Expand Up @@ -500,8 +503,9 @@ var _ = Describe("SSH proxy", func() {
BeforeEach(func() {
allowedCiphers = "aes128-ctr,aes256-ctr"
clientConfig = &ssh.ClientConfig{
User: "diego:" + processGuid + "/99",
Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)},
User: "diego:" + processGuid + "/99",
Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
})

Expand All @@ -528,8 +532,9 @@ var _ = Describe("SSH proxy", func() {
BeforeEach(func() {
allowedMACs = "hmac-sha2-256,hmac-sha1"
clientConfig = &ssh.ClientConfig{
User: "diego:" + processGuid + "/99",
Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)},
User: "diego:" + processGuid + "/99",
Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
})

Expand All @@ -556,8 +561,9 @@ var _ = Describe("SSH proxy", func() {
BeforeEach(func() {
allowedKeyExchanges = "curve25519-sha256@libssh.org,ecdh-sha2-nistp384,diffie-hellman-group14-sha1"
clientConfig = &ssh.ClientConfig{
User: "diego:" + processGuid + "/99",
Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)},
User: "diego:" + processGuid + "/99",
Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
})

Expand Down Expand Up @@ -620,8 +626,9 @@ var _ = Describe("SSH proxy", func() {
Describe("authenticating with the cf realm with a one time code", func() {
BeforeEach(func() {
clientConfig = &ssh.ClientConfig{
User: "cf:60f0f26e-86b3-4487-8f19-9e94f848f3d2/99",
Auth: []ssh.AuthMethod{ssh.Password("abc123")},
User: "cf:60f0f26e-86b3-4487-8f19-9e94f848f3d2/99",
Auth: []ssh.AuthMethod{ssh.Password("abc123")},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}

fakeUAA.RouteToHandler("POST", "/oauth/token", ghttp.CombineHandlers(
Expand Down
41 changes: 31 additions & 10 deletions cmd/sshd/main_test.go
View file
Expand Up @@ -257,7 +257,9 @@ var _ = Describe("SSH daemon", func() {
BeforeEach(func() {
hostKey = ""
allowUnauthenticatedClients = true
clientConfig = &ssh.ClientConfig{}
clientConfig = &ssh.ClientConfig{
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
})

It("generates one internally", func() {
Expand Down Expand Up @@ -296,7 +298,9 @@ var _ = Describe("SSH daemon", func() {

Context("when unauthenticated clients are not allowed", func() {
BeforeEach(func() {
clientConfig = &ssh.ClientConfig{}
clientConfig = &ssh.ClientConfig{
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
})

It("starts the daemon", func() {
Expand All @@ -317,6 +321,7 @@ var _ = Describe("SSH daemon", func() {
Auth: []ssh.AuthMethod{
ssh.PublicKeys(key),
},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
})

Expand All @@ -330,7 +335,9 @@ var _ = Describe("SSH daemon", func() {
Context("when the daemon allows unauthenticated clients", func() {
BeforeEach(func() {
allowUnauthenticatedClients = true
clientConfig = &ssh.ClientConfig{}
clientConfig = &ssh.ClientConfig{
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
})

It("starts the daemon", func() {
Expand All @@ -347,7 +354,9 @@ var _ = Describe("SSH daemon", func() {
Context("when the daemon provides an unsupported cipher algorithm", func() {
BeforeEach(func() {
allowedCiphers = "unsupported"
clientConfig = &ssh.ClientConfig{}
clientConfig = &ssh.ClientConfig{
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
})

It("starts the daemon", func() {
Expand All @@ -364,7 +373,9 @@ var _ = Describe("SSH daemon", func() {
BeforeEach(func() {
allowUnauthenticatedClients = true
allowedCiphers = "aes128-ctr,aes256-ctr"
clientConfig = &ssh.ClientConfig{}
clientConfig = &ssh.ClientConfig{
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
})

It("starts the daemon", func() {
Expand All @@ -380,7 +391,9 @@ var _ = Describe("SSH daemon", func() {
Context("when the daemon provides an unsupported MAC algorithm", func() {
BeforeEach(func() {
allowedMACs = "unsupported"
clientConfig = &ssh.ClientConfig{}
clientConfig = &ssh.ClientConfig{
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
})

It("starts the daemon", func() {
Expand All @@ -397,7 +410,9 @@ var _ = Describe("SSH daemon", func() {
BeforeEach(func() {
allowUnauthenticatedClients = true
allowedMACs = "hmac-sha2-256,hmac-sha1"
clientConfig = &ssh.ClientConfig{}
clientConfig = &ssh.ClientConfig{
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
})

It("starts the daemon", func() {
Expand All @@ -413,7 +428,9 @@ var _ = Describe("SSH daemon", func() {
Context("when the daemon provides an unsupported key exchange algorithm", func() {
BeforeEach(func() {
allowedKeyExchanges = "unsupported"
clientConfig = &ssh.ClientConfig{}
clientConfig = &ssh.ClientConfig{
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
})

It("starts the daemon", func() {
Expand All @@ -430,7 +447,9 @@ var _ = Describe("SSH daemon", func() {
BeforeEach(func() {
allowUnauthenticatedClients = true
allowedKeyExchanges = "curve25519-sha256@libssh.org,ecdh-sha2-nistp384,diffie-hellman-group14-sha1"
clientConfig = &ssh.ClientConfig{}
clientConfig = &ssh.ClientConfig{
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
})

It("starts the daemon", func() {
Expand All @@ -450,7 +469,9 @@ var _ = Describe("SSH daemon", func() {

BeforeEach(func() {
allowUnauthenticatedClients = true
clientConfig = &ssh.ClientConfig{}
clientConfig = &ssh.ClientConfig{
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
})

JustBeforeEach(func() {
Expand Down
1 change: 1 addition & 0 deletions daemon/daemon_test.go
View file
Expand Up @@ -75,6 +75,7 @@ var _ = Describe("Daemon", func() {
Auth: []ssh.AuthMethod{
ssh.Password("secret"),
},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}

sshd = daemon.New(logger, serverSSHConfig, nil, nil)
Expand Down
1 change: 1 addition & 0 deletions test_helpers/test_helpers.go
View file
Expand Up @@ -48,6 +48,7 @@ func NewClient(clientNetConn net.Conn, clientConfig *ssh.ClientConfig) *ssh.Clie
Auth: []ssh.AuthMethod{
ssh.Password("secret"),
},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
}

Expand Down

0 comments on commit a0438f7

Please sign in to comment.