From a0438f7954236ecfa0e8cf2ab2350ada05d611f0 Mon Sep 17 00:00:00 2001 From: Swetha Repakula Date: Wed, 9 Aug 2017 16:53:37 -0700 Subject: [PATCH] Update tests to explicitly set HostKeyCallback - Updating x/crypto introduced a breaking change: https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991 - Explicitly setting HostKeyCallback to ssh.InsecureIgnoreHostKey is equivalent to not setting HostKeyCallback before the crypto update [#137290331] Signed-off-by: Caroline Taymor --- cmd/ssh-proxy/main_test.go | 35 ++++++++++++++++++------------ cmd/sshd/main_test.go | 41 +++++++++++++++++++++++++++--------- daemon/daemon_test.go | 1 + test_helpers/test_helpers.go | 1 + 4 files changed, 54 insertions(+), 24 deletions(-) diff --git a/cmd/ssh-proxy/main_test.go b/cmd/ssh-proxy/main_test.go index 12507b0..74796a1 100644 --- a/cmd/ssh-proxy/main_test.go +++ b/cmd/ssh-proxy/main_test.go @@ -428,8 +428,9 @@ var _ = Describe("SSH proxy", func() { Describe("attempting authentication without a realm", func() { BeforeEach(func() { clientConfig = &ssh.ClientConfig{ - User: processGuid + "/99", - Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + User: processGuid + "/99", + Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } }) @@ -443,8 +444,9 @@ var _ = Describe("SSH proxy", func() { Describe("attempting authentication with an unknown realm", func() { BeforeEach(func() { clientConfig = &ssh.ClientConfig{ - User: "goo:" + processGuid + "/99", - Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + User: "goo:" + processGuid + "/99", + Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } }) @@ -458,8 +460,9 @@ var _ = Describe("SSH proxy", func() { Describe("authenticating with the diego realm", func() { BeforeEach(func() { clientConfig = &ssh.ClientConfig{ - User: "diego:" + processGuid + "/99", - Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + User: "diego:" + processGuid + "/99", + Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } }) @@ -500,8 +503,9 @@ var _ = Describe("SSH proxy", func() { BeforeEach(func() { allowedCiphers = "aes128-ctr,aes256-ctr" clientConfig = &ssh.ClientConfig{ - User: "diego:" + processGuid + "/99", - Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + User: "diego:" + processGuid + "/99", + Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } }) @@ -528,8 +532,9 @@ var _ = Describe("SSH proxy", func() { BeforeEach(func() { allowedMACs = "hmac-sha2-256,hmac-sha1" clientConfig = &ssh.ClientConfig{ - User: "diego:" + processGuid + "/99", - Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + User: "diego:" + processGuid + "/99", + Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } }) @@ -556,8 +561,9 @@ var _ = Describe("SSH proxy", func() { BeforeEach(func() { allowedKeyExchanges = "curve25519-sha256@libssh.org,ecdh-sha2-nistp384,diffie-hellman-group14-sha1" clientConfig = &ssh.ClientConfig{ - User: "diego:" + processGuid + "/99", - Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + User: "diego:" + processGuid + "/99", + Auth: []ssh.AuthMethod{ssh.Password(diegoCredentials)}, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } }) @@ -620,8 +626,9 @@ var _ = Describe("SSH proxy", func() { Describe("authenticating with the cf realm with a one time code", func() { BeforeEach(func() { clientConfig = &ssh.ClientConfig{ - User: "cf:60f0f26e-86b3-4487-8f19-9e94f848f3d2/99", - Auth: []ssh.AuthMethod{ssh.Password("abc123")}, + User: "cf:60f0f26e-86b3-4487-8f19-9e94f848f3d2/99", + Auth: []ssh.AuthMethod{ssh.Password("abc123")}, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } fakeUAA.RouteToHandler("POST", "/oauth/token", ghttp.CombineHandlers( diff --git a/cmd/sshd/main_test.go b/cmd/sshd/main_test.go index 2faa6ec..b4e9f53 100644 --- a/cmd/sshd/main_test.go +++ b/cmd/sshd/main_test.go @@ -257,7 +257,9 @@ var _ = Describe("SSH daemon", func() { BeforeEach(func() { hostKey = "" allowUnauthenticatedClients = true - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) It("generates one internally", func() { @@ -296,7 +298,9 @@ var _ = Describe("SSH daemon", func() { Context("when unauthenticated clients are not allowed", func() { BeforeEach(func() { - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) It("starts the daemon", func() { @@ -317,6 +321,7 @@ var _ = Describe("SSH daemon", func() { Auth: []ssh.AuthMethod{ ssh.PublicKeys(key), }, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } }) @@ -330,7 +335,9 @@ var _ = Describe("SSH daemon", func() { Context("when the daemon allows unauthenticated clients", func() { BeforeEach(func() { allowUnauthenticatedClients = true - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) It("starts the daemon", func() { @@ -347,7 +354,9 @@ var _ = Describe("SSH daemon", func() { Context("when the daemon provides an unsupported cipher algorithm", func() { BeforeEach(func() { allowedCiphers = "unsupported" - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) It("starts the daemon", func() { @@ -364,7 +373,9 @@ var _ = Describe("SSH daemon", func() { BeforeEach(func() { allowUnauthenticatedClients = true allowedCiphers = "aes128-ctr,aes256-ctr" - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) It("starts the daemon", func() { @@ -380,7 +391,9 @@ var _ = Describe("SSH daemon", func() { Context("when the daemon provides an unsupported MAC algorithm", func() { BeforeEach(func() { allowedMACs = "unsupported" - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) It("starts the daemon", func() { @@ -397,7 +410,9 @@ var _ = Describe("SSH daemon", func() { BeforeEach(func() { allowUnauthenticatedClients = true allowedMACs = "hmac-sha2-256,hmac-sha1" - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) It("starts the daemon", func() { @@ -413,7 +428,9 @@ var _ = Describe("SSH daemon", func() { Context("when the daemon provides an unsupported key exchange algorithm", func() { BeforeEach(func() { allowedKeyExchanges = "unsupported" - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) It("starts the daemon", func() { @@ -430,7 +447,9 @@ var _ = Describe("SSH daemon", func() { BeforeEach(func() { allowUnauthenticatedClients = true allowedKeyExchanges = "curve25519-sha256@libssh.org,ecdh-sha2-nistp384,diffie-hellman-group14-sha1" - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) It("starts the daemon", func() { @@ -450,7 +469,9 @@ var _ = Describe("SSH daemon", func() { BeforeEach(func() { allowUnauthenticatedClients = true - clientConfig = &ssh.ClientConfig{} + clientConfig = &ssh.ClientConfig{ + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + } }) JustBeforeEach(func() { diff --git a/daemon/daemon_test.go b/daemon/daemon_test.go index d574980..8650132 100644 --- a/daemon/daemon_test.go +++ b/daemon/daemon_test.go @@ -75,6 +75,7 @@ var _ = Describe("Daemon", func() { Auth: []ssh.AuthMethod{ ssh.Password("secret"), }, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } sshd = daemon.New(logger, serverSSHConfig, nil, nil) diff --git a/test_helpers/test_helpers.go b/test_helpers/test_helpers.go index 7d935cc..1562587 100644 --- a/test_helpers/test_helpers.go +++ b/test_helpers/test_helpers.go @@ -48,6 +48,7 @@ func NewClient(clientNetConn net.Conn, clientConfig *ssh.ClientConfig) *ssh.Clie Auth: []ssh.AuthMethod{ ssh.Password("secret"), }, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), } }