Public bug reported: The DEP8 test introduced in https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2053146 could still show s PASS even when the login didn't work. This is because it's relying on `set -e` to work inside functions, but that's not the case.
For example, here I forced a failure by using an invalid user (I added "x" to the username): ``` ## ssh'ing into localhost using gssapi-keyex auth testuser229...@sshd-gssapi.example.fake: Permission denied (gssapi-keyex). ## checking that we got a service ticket for ssh (host/) 03/18/24 12:16:55 03/18/24 22:16:55 host/sshd-gssapi.example.fake@ Ticket server: host/sshd-gssapi.example.f...@example.fake ## Checking ssh logs to confirm gssapi-keyex auth was used Mar 18 12:16:55 sshd-gssapi.example.fake sshd[22994]: Failed gssapi-keyex for invalid user testuser22924x from 127.0.0.1 port 39550 ssh2: testuser22...@example.fake ## PASS test_gssapi_keyex_login ``` Furthermore, the --grep option used in journalctl is not specific enough, as can also be seen above. It's just looking for the authentication method name, not whether is succeeded or not. ** Affects: openssh (Ubuntu) Importance: High Assignee: Andreas Hasenack (ahasenack) Status: In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2058276 Title: Improve ssh-gssapi DEP8 test Status in openssh package in Ubuntu: In Progress Bug description: The DEP8 test introduced in https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2053146 could still show s PASS even when the login didn't work. This is because it's relying on `set -e` to work inside functions, but that's not the case. For example, here I forced a failure by using an invalid user (I added "x" to the username): ``` ## ssh'ing into localhost using gssapi-keyex auth testuser229...@sshd-gssapi.example.fake: Permission denied (gssapi-keyex). ## checking that we got a service ticket for ssh (host/) 03/18/24 12:16:55 03/18/24 22:16:55 host/sshd-gssapi.example.fake@ Ticket server: host/sshd-gssapi.example.f...@example.fake ## Checking ssh logs to confirm gssapi-keyex auth was used Mar 18 12:16:55 sshd-gssapi.example.fake sshd[22994]: Failed gssapi-keyex for invalid user testuser22924x from 127.0.0.1 port 39550 ssh2: testuser22...@example.fake ## PASS test_gssapi_keyex_login ``` Furthermore, the --grep option used in journalctl is not specific enough, as can also be seen above. It's just looking for the authentication method name, not whether is succeeded or not. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2058276/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp