/usr/share/augeas/lenses/dist/tests/test_sshd.aug is in augeas-lenses 1.10.1-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 | (* Module: Test_sshd *)
module Test_sshd =
let accept_env = "Protocol 2
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL\n"
test Sshd.lns get accept_env =
{ "Protocol" = "2" }
{ "AcceptEnv"
{ "1" = "LC_PAPER" }
{ "2" = "LC_NAME" }
{ "3" = "LC_ADDRESS" }
{ "4" = "LC_TELEPHONE" }
{ "5" = "LC_MEASUREMENT" } }
{ "AcceptEnv"
{ "6" = "LC_IDENTIFICATION" }
{ "7" = "LC_ALL" } }
test Sshd.lns get "HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key\n" =
{ "HostKey" = "/etc/ssh/ssh_host_rsa_key" }
{ "HostKey" = "/etc/ssh/ssh_host_dsa_key" }
test Sshd.lns put accept_env after
rm "AcceptEnv";
rm "AcceptEnv";
set "Protocol" "1.5";
set "X11Forwarding" "yes"
= "Protocol 1.5\nX11Forwarding yes\n"
test Sshd.lns get "AuthorizedKeysFile %h/.ssh/authorized_keys\n" =
{ "AuthorizedKeysFile" = "%h/.ssh/authorized_keys" }
test Sshd.lns get "Subsystem sftp /usr/lib/openssh/sftp-server\n" =
{ "Subsystem"
{ "sftp" = "/usr/lib/openssh/sftp-server" } }
test Sshd.lns get "Subsystem sftp-test /usr/lib/openssh/sftp-server\n" =
{ "Subsystem"
{ "sftp-test" = "/usr/lib/openssh/sftp-server" } }
let match_blocks = "X11Forwarding yes
Match User sarko Group pres.*
Banner /etc/bienvenue.txt
X11Forwarding no
Match User bush Group pres.* Host white.house.*
Banner /etc/welcome.txt
"
test Sshd.lns get match_blocks =
{ "X11Forwarding" = "yes"}
{ "Match"
{ "Condition" { "User" = "sarko" }
{ "Group" = "pres.*" } }
{ "Settings" { "Banner" = "/etc/bienvenue.txt" }
{ "X11Forwarding" = "no" } } }
{ "Match"
{ "Condition" { "User" = "bush" }
{ "Group" = "pres.*" }
{ "Host" = "white.house.*" } }
{ "Settings" { "Banner" = "/etc/welcome.txt" } } }
test Sshd.lns put match_blocks after
insb "Subsystem" "/Match[1]";
set "/Subsystem/sftp" "/usr/libexec/openssh/sftp-server"
= "X11Forwarding yes
Subsystem sftp /usr/libexec/openssh/sftp-server
Match User sarko Group pres.*
Banner /etc/bienvenue.txt
X11Forwarding no
Match User bush Group pres.* Host white.house.*
Banner /etc/welcome.txt\n"
(* Test: Sshd.lns
Indent when adding to a Match group *)
test Sshd.lns put match_blocks after
set "Match[1]/Settings/PermitRootLogin" "yes";
set "Match[1]/Settings/#comment" "a comment" =
"X11Forwarding yes
Match User sarko Group pres.*
Banner /etc/bienvenue.txt
X11Forwarding no
PermitRootLogin yes
# a comment
Match User bush Group pres.* Host white.house.*
Banner /etc/welcome.txt\n"
(* Test: Sshd.lns
Parse Ciphers, KexAlgorithms, HostKeyAlgorithms as lists (GH issue #69) *)
test Sshd.lns get "Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa\n" =
{ "Ciphers"
{ "1" = "aes256-gcm@openssh.com" }
{ "2" = "aes128-gcm@openssh.com" }
{ "3" = "aes256-ctr" }
{ "4" = "aes128-ctr" }
}
{ "KexAlgorithms"
{ "1" = "diffie-hellman-group-exchange-sha256" }
{ "2" = "diffie-hellman-group14-sha1" }
{ "3" = "diffie-hellman-group-exchange-sha1" }
}
{ "HostKeyAlgorithms"
{ "1" = "ssh-ed25519-cert-v01@openssh.com" }
{ "2" = "ssh-rsa-cert-v01@openssh.com" }
{ "3" = "ssh-ed25519" }
{ "4" = "ssh-rsa" }
}
(* Test: Sshd.lns
Keys are case-insensitive *)
test Sshd.lns get "ciPheRs aes256-gcm@openssh.com,aes128-ctr
maTcH User foo
x11forwarding no\n" =
{ "ciPheRs"
{ "1" = "aes256-gcm@openssh.com" }
{ "2" = "aes128-ctr" }
}
{ "maTcH"
{ "Condition"
{ "User" = "foo" }
}
{ "Settings"
{ "x11forwarding" = "no" }
}
}
(* Test: Sshd.lns
Allow AllowGroups in Match groups (GH issue #75) *)
test Sshd.lns get "Match User foo
AllowGroups users\n" =
{ "Match" { "Condition" { "User" = "foo" } }
{ "Settings" { "AllowGroups" { "1" = "users" } } } }
(* Test: Sshd.lns
Recognize quoted group names with spaces in AllowGroups and similar
(Issue #477) *)
test Sshd.lns get "Match User foo
AllowGroups math-domain-users \"access admins\"\n" =
{ "Match" { "Condition" { "User" = "foo" } }
{ "Settings"
{ "AllowGroups"
{ "1" = "math-domain-users" }
{ "2" = "access admins" } } } }
test Sshd.lns put "Match User foo\nAllowGroups users\n" after
set "/Match/Settings/AllowGroups/1" "all people" =
"Match User foo\nAllowGroups \"all people\"\n"
test Sshd.lns put "Match User foo\nAllowGroups users\n" after
set "/Match/Settings/AllowGroups/01" "all people" =
"Match User foo\nAllowGroups users \"all people\"\n"
test Sshd.lns put "Match User foo\nAllowGroups users\n" after
set "/Match/Settings/AllowGroups/01" "people" =
"Match User foo\nAllowGroups users people\n"
(* Local Variables: *)
(* mode: caml *)
(* End: *)
|