diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-12-05 18:53:20 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2013-01-17 15:22:09 +0100 |
| commit | 18bce26ea663dfd20efe8505c36a5537979a7c8d (patch) | |
| tree | c014209064cfaa6ff62b9c77839782bbab7d5372 /testing | |
| parent | beff82dd98c20570daf166b39cadcdf76a661e57 (diff) | |
| download | strongswan-18bce26ea663dfd20efe8505c36a5537979a7c8d.tar.bz2 strongswan-18bce26ea663dfd20efe8505c36a5537979a7c8d.tar.xz | |
Use key(and password-)less SSH authentication
Diffstat (limited to 'testing')
| -rwxr-xr-x | testing/do-tests | 2 | ||||
| -rw-r--r-- | testing/hosts/default/etc/ssh/sshd_config | 13 | ||||
| -rwxr-xr-x | testing/scripts/build-baseimage | 4 | ||||
| -rwxr-xr-x | testing/scripts/build-umlrootfs | 62 | ||||
| -rw-r--r-- | testing/ssh_config | 3 | ||||
| -rwxr-xr-x | testing/testing.conf | 1 |
6 files changed, 18 insertions, 67 deletions
diff --git a/testing/do-tests b/testing/do-tests index 353cfa60e..b00207252 100755 --- a/testing/do-tests +++ b/testing/do-tests @@ -105,7 +105,7 @@ done # for host in $STRONGSWANHOSTS do - ssh $SSHCONF -N root@`eval echo \\\$ipv4_$host` & + ssh $SSHCONF -N root@`eval echo \\\$ipv4_$host` >/dev/null 2>&1 & eval ssh_pid_$host="`echo $!`" done diff --git a/testing/hosts/default/etc/ssh/sshd_config b/testing/hosts/default/etc/ssh/sshd_config new file mode 100644 index 000000000..07b7e78e5 --- /dev/null +++ b/testing/hosts/default/etc/ssh/sshd_config @@ -0,0 +1,13 @@ +Port 22 +Protocol 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +UsePrivilegeSeparation no +PermitRootLogin yes +StrictModes no +PubkeyAuthentication no +PermitEmptyPasswords yes +PrintMotd no +PrintLastLog no +UsePAM no diff --git a/testing/scripts/build-baseimage b/testing/scripts/build-baseimage index c26e2462a..4372e54f9 100755 --- a/testing/scripts/build-baseimage +++ b/testing/scripts/build-baseimage @@ -50,8 +50,8 @@ execute "mount -o bind $CACHEDIR $APTCACHE" echo " * Running debootstrap ..." execute "debootstrap --arch=$ROOTFSARCH --include=$PACKAGES $ROOTFSSUITE $LOOPDIR $ROOTFSMIRROR" -echo " * Setting root password to '$ROOTFSPW' ..." -echo root:$ROOTFSPW | chroot $LOOPDIR chpasswd +echo " * Disabling root password ..." +chroot $LOOPDIR passwd -d root echo " * Disabling services ..." for service in $SERVICES diff --git a/testing/scripts/build-umlrootfs b/testing/scripts/build-umlrootfs index 85682fa21..5a885ce4a 100755 --- a/testing/scripts/build-umlrootfs +++ b/testing/scripts/build-umlrootfs @@ -96,67 +96,5 @@ echo "none /root/compile hostfs $ROOTFSCOMPILEDIR" >> $LOOPDIR/etc/fstab cecho " * Removing /etc/resolv.conf" rm -f $LOOPDIR/etc/resolv.conf -##################################### -# preparing ssh for PK authentication -# -if [ ! -d ~/.ssh ] -then - cecho-n " * Creating directory '~/.ssh'.." - mkdir ~/.ssh - cgecho "done" -fi - -cecho-n " * Checking for ssh rsa key '~/.ssh/id_rsa.pub'.." -if [ -f ~/.ssh/id_rsa.pub ] -then - cecho "already exists" -else - cecho "not found" - cecho-n " * Generating ssh rsa key pair.." - echo "" | ssh-keygen -N "" -t rsa -f ~/.ssh/id_rsa >> $LOGFILE 2>&1 - cgecho "done" -fi - -if [ -f ~/.ssh/known_hosts ] -then - cecho-n " * Backing up ~/.ssh/known_hosts to '~/.ssh/known_hosts.before_uml'.." - cp -fp ~/.ssh/known_hosts ~/.ssh/known_hosts.before_uml - cgecho "done" -fi -rm ~/.ssh/known_hosts -cecho-n " * Creating new '~/.ssh/known_hosts'.." -touch ~/.ssh/known_hosts -cgecho "done" - -for host in $HOSTNAMEIPV4 -do - HOSTNAME=`echo $host | awk -F, '{ print $1 }'` - IP=`echo $host | awk -F, '{ print $2 }'` - cecho-n " * Adding uml host $HOSTNAME ($IP) to '~/.ssh/known_hosts'.." - echo "$HOSTNAME,$IP `cat $LOOPDIR/etc/ssh/ssh_host_rsa_key.pub`" >> ~/.ssh/known_hosts - cgecho "done" -done - -###################################################### -# copying the host's ssh public key -# -if [ ! -d $LOOPDIR/root/.ssh ] -then - mkdir $LOOPDIR/root/.ssh -fi -cp ~/.ssh/id_rsa.pub $LOOPDIR/root/.ssh/authorized_keys - -###################################################### -# setup public key based login among all hosts -# -cp $LOOPDIR/etc/ssh/ssh_host_rsa_key $LOOPDIR/root/.ssh/id_rsa - -for host in $STRONGSWANHOSTS -do - eval ip="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F- '{ print $1 }' | awk '{ print $1 }'`" - echo "$host,$ip `cat $LOOPDIR/etc/ssh/ssh_host_rsa_key.pub`" >> $LOOPDIR/root/.ssh/known_hosts - echo "`cat $LOOPDIR/etc/ssh/ssh_host_rsa_key.pub` root@$host" >> $LOOPDIR/root/.ssh/authorized_keys -done - umount $LOOPDIR/proc umount $LOOPDIR diff --git a/testing/ssh_config b/testing/ssh_config index 36569c07c..831b9dc1a 100644 --- a/testing/ssh_config +++ b/testing/ssh_config @@ -1,7 +1,8 @@ Host * # debian default SendEnv LANG LC_* - HashKnownHosts yes + StrictHostKeyChecking no + UserKnownHostsFile /dev/null GSSAPIAuthentication yes # faster encryption Ciphers arcfour diff --git a/testing/testing.conf b/testing/testing.conf index 611fd4ea4..a931155ca 100755 --- a/testing/testing.conf +++ b/testing/testing.conf @@ -53,7 +53,6 @@ ROOTFSSUITE=wheezy ROOTFSARCH=amd64 ROOTFS=$BUILDDIR/debian-$ROOTFSSUITE-$ROOTFSARCH.img ROOTFSMIRROR=http://cdn.debian.net/debian -ROOTFSPW=root ROOTFSCOMPILEDIR=$BUILDDIR/compile # Filename of the built UML Kernel |