diff --git a/cmd/ssh-proxy/main_test.go b/cmd/ssh-proxy/main_test.go index 12507b0..74796a1 100644 --- a/cmd/ssh-proxy/main_test.go +++ b/cmd/ssh-proxy/main_test.go @@ -428,8 +428,9 @@ var _ = Describe("SSH proxy", func() { Describe("attempting authentication without a realm", func() { BeforeEach(func() { clientConfig = &ssh.ClientConfig{ - User: processGuid + "/99", - Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + User: processGuid + "/99", + Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } }) @@ -443,8 +444,9 @@ var _ = Describe("SSH proxy", func() { Describe("attempting authentication with an unknown realm", func() { BeforeEach(func() { clientConfig = &ssh.ClientConfig{ - User: "goo:" + processGuid + "/99", - Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + User: "goo:" + processGuid + "/99", + Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } }) @@ -458,8 +460,9 @@ var _ = Describe("SSH proxy", func() { Describe("authenticating with the diego realm", func() { BeforeEach(func() { clientConfig = &ssh.ClientConfig{ - User: "diego:" + processGuid + "/99", - Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + User: "diego:" + processGuid + "/99", + Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } }) @@ -500,8 +503,9 @@ var _ = Describe("SSH proxy", func() { BeforeEach(func() { allowedCiphers = "aes128-ctr,aes256-ctr" clientConfig = &ssh.ClientConfig{ - User: "diego:" + processGuid + "/99", - Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + User: "diego:" + processGuid + "/99", + Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } }) @@ -528,8 +532,9 @@ var _ = Describe("SSH proxy", func() { BeforeEach(func() { allowedMACs = "hmac-sha2-256,hmac-sha1" clientConfig = &ssh.ClientConfig{ - User: "diego:" + processGuid + "/99", - Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + User: "diego:" + processGuid + "/99", + Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } }) @@ -556,8 +561,9 @@ var _ = Describe("SSH proxy", func() { BeforeEach(func() { allowedKeyExchanges = "curve25519-sha256@libssh.org,ecdh-sha2-nistp384,diffie-hellman-group14-sha1" clientConfig = &ssh.ClientConfig{ - User: "diego:" + processGuid + "/99", - Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + User: "diego:" + processGuid + "/99", + Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } }) @@ -620,8 +626,9 @@ var _ = Describe("SSH proxy", func() { Describe("authenticating with the cf realm with a one time code", func() { BeforeEach(func() { clientConfig = &ssh.ClientConfig{ - User: "cf:60f0f26e-86b3-4487-8f19-9e94f848f3d2/99", - Auth: []ssh.AuthMethod{ssh.Password("abc123")}, + User: "cf:60f0f26e-86b3-4487-8f19-9e94f848f3d2/99", + Auth: []ssh.AuthMethod{ssh.Password("abc123")}, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } fakeUAA.RouteToHandler("POST", "/oauth/token", ghttp.CombineHandlers( diff --git a/cmd/sshd/main_test.go b/cmd/sshd/main_test.go index 2faa6ec..b4e9f53 100644 --- a/cmd/sshd/main_test.go +++ b/cmd/sshd/main_test.go @@ -257,7 +257,9 @@ var _ = Describe("SSH daemon", func() { BeforeEach(func() { hostKey = "" allowUnauthenticatedClients = true - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) It("generates one internally", func() { @@ -296,7 +298,9 @@ var _ = Describe("SSH daemon", func() { Context("when unauthenticated clients are not allowed", func() { BeforeEach(func() { - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) It("starts the daemon", func() { @@ -317,6 +321,7 @@ var _ = Describe("SSH daemon", func() { Auth: []ssh.AuthMethod{ ssh.PublicKeys(key), }, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } }) @@ -330,7 +335,9 @@ var _ = Describe("SSH daemon", func() { Context("when the daemon allows unauthenticated clients", func() { BeforeEach(func() { allowUnauthenticatedClients = true - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) It("starts the daemon", func() { @@ -347,7 +354,9 @@ var _ = Describe("SSH daemon", func() { Context("when the daemon provides an unsupported cipher algorithm", func() { BeforeEach(func() { allowedCiphers = "unsupported" - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) It("starts the daemon", func() { @@ -364,7 +373,9 @@ var _ = Describe("SSH daemon", func() { BeforeEach(func() { allowUnauthenticatedClients = true allowedCiphers = "aes128-ctr,aes256-ctr" - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) It("starts the daemon", func() { @@ -380,7 +391,9 @@ var _ = Describe("SSH daemon", func() { Context("when the daemon provides an unsupported MAC algorithm", func() { BeforeEach(func() { allowedMACs = "unsupported" - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) It("starts the daemon", func() { @@ -397,7 +410,9 @@ var _ = Describe("SSH daemon", func() { BeforeEach(func() { allowUnauthenticatedClients = true allowedMACs = "hmac-sha2-256,hmac-sha1" - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) It("starts the daemon", func() { @@ -413,7 +428,9 @@ var _ = Describe("SSH daemon", func() { Context("when the daemon provides an unsupported key exchange algorithm", func() { BeforeEach(func() { allowedKeyExchanges = "unsupported" - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) It("starts the daemon", func() { @@ -430,7 +447,9 @@ var _ = Describe("SSH daemon", func() { BeforeEach(func() { allowUnauthenticatedClients = true allowedKeyExchanges = "curve25519-sha256@libssh.org,ecdh-sha2-nistp384,diffie-hellman-group14-sha1" - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) It("starts the daemon", func() { @@ -450,7 +469,9 @@ var _ = Describe("SSH daemon", func() { BeforeEach(func() { allowUnauthenticatedClients = true - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) JustBeforeEach(func() { diff --git a/daemon/daemon_test.go b/daemon/daemon_test.go index d574980..8650132 100644 --- a/daemon/daemon_test.go +++ b/daemon/daemon_test.go @@ -75,6 +75,7 @@ var _ = Describe("Daemon", func() { Auth: []ssh.AuthMethod{ ssh.Password("secret"), }, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } sshd = daemon.New(logger, serverSSHConfig, nil, nil) diff --git a/test_helpers/test_helpers.go b/test_helpers/test_helpers.go index 7d935cc..1562587 100644 --- a/test_helpers/test_helpers.go +++ b/test_helpers/test_helpers.go @@ -48,6 +48,7 @@ func NewClient(clientNetConn net.Conn, clientConfig *ssh.ClientConfig) *ssh.Clie Auth: []ssh.AuthMethod{ ssh.Password("secret"), }, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } }