[Bug 2058276] Re: Improve ssh-gssapi DEP8 test
Andreas Hasenack
2058276 at bugs.launchpad.net
Mon Mar 18 18:54:02 UTC 2024
** Merge proposal linked:
https://code.launchpad.net/~ahasenack/ubuntu/+source/openssh/+git/openssh/+merge/462619
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2058276
Title:
Improve ssh-gssapi DEP8 test
Status in openssh package in Ubuntu:
In Progress
Bug description:
The DEP8 test introduced in
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2053146 could
still show s PASS even when the login didn't work. This is because
it's relying on `set -e` to work inside functions, but that's not the
case.
For example, here I forced a failure by using an invalid user (I added "x" to the username):
```
## ssh'ing into localhost using gssapi-keyex auth
testuser22924x at sshd-gssapi.example.fake: Permission denied (gssapi-keyex).
## checking that we got a service ticket for ssh (host/)
03/18/24 12:16:55 03/18/24 22:16:55 host/sshd-gssapi.example.fake@
Ticket server: host/sshd-gssapi.example.fake at EXAMPLE.FAKE
## Checking ssh logs to confirm gssapi-keyex auth was used
Mar 18 12:16:55 sshd-gssapi.example.fake sshd[22994]: Failed gssapi-keyex for invalid user testuser22924x from 127.0.0.1 port 39550 ssh2: testuser22924 at EXAMPLE.FAKE
## PASS test_gssapi_keyex_login
```
Furthermore, the --grep option used in journalctl is not specific
enough, as can also be seen above. It's just looking for the
authentication method name, not whether is succeeded or not.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2058276/+subscriptions
More information about the foundations-bugs
mailing list