[Bug 2058276] Re: Improve ssh-gssapi DEP8 test

Launchpad Bug Tracker 2058276 at bugs.launchpad.net
Thu Mar 28 08:00:13 UTC 2024 

This bug was fixed in the package openssh - 1:9.6p1-3ubuntu11

---------------
openssh (1:9.6p1-3ubuntu11) noble; urgency=medium

  * d/t/ssh-gssapi: make the test a bit more rebust (LP: #2058276):
    - deal with return codes
    - match a more specific success expression from the logs
    - add klist output in the case of failure

 -- Andreas Hasenack <andreas at canonical.com>  Mon, 18 Mar 2024 10:25:15
-0300

** Changed in: openssh (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2058276

Title:
  Improve ssh-gssapi DEP8 test

Status in openssh package in Ubuntu:
  Fix Released

Bug description:
  The DEP8 test introduced in
  https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2053146 could
  still show s PASS even when the login didn't work. This is because
  it's relying on `set -e` to work inside functions, but that's not the
  case.

  For example, here I forced a failure by using an invalid user (I added "x" to the username):
  ```
  ## ssh'ing into localhost using gssapi-keyex auth
  testuser22924x at sshd-gssapi.example.fake: Permission denied (gssapi-keyex).

  ## checking that we got a service ticket for ssh (host/)
  03/18/24 12:16:55  03/18/24 22:16:55  host/sshd-gssapi.example.fake@
  	Ticket server: host/sshd-gssapi.example.fake at EXAMPLE.FAKE

  ## Checking ssh logs to confirm gssapi-keyex auth was used
  Mar 18 12:16:55 sshd-gssapi.example.fake sshd[22994]: Failed gssapi-keyex for invalid user testuser22924x from 127.0.0.1 port 39550 ssh2: testuser22924 at EXAMPLE.FAKE
  ## PASS test_gssapi_keyex_login

  ```

  Furthermore, the --grep option used in journalctl is not specific
  enough, as can also be seen above. It's just looking for the
  authentication method name, not whether is succeeded or not.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2058276/+subscriptions

More information about the foundations-bugs mailing list