Public bug reported:
The DEP8 test introduced in
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2053146 could
still show s PASS even when the login didn't work. This is because it's
relying on `set -e` to work inside functions, but that's not the case.
For example, here I forced a failure by using an invalid user (I added "x" to
the username):
```
## ssh'ing into localhost using gssapi-keyex auth
testuser229...@sshd-gssapi.example.fake: Permission denied (gssapi-keyex).
## checking that we got a service ticket for ssh (host/)
03/18/24 12:16:55 03/18/24 22:16:55 host/sshd-gssapi.example.fake@
Ticket server: host/sshd-gssapi.example.f...@example.fake
## Checking ssh logs to confirm gssapi-keyex auth was used
Mar 18 12:16:55 sshd-gssapi.example.fake sshd[22994]: Failed gssapi-keyex for
invalid user testuser22924x from 127.0.0.1 port 39550 ssh2:
testuser22...@example.fake
## PASS test_gssapi_keyex_login
```
Furthermore, the --grep option used in journalctl is not specific
enough, as can also be seen above. It's just looking for the
authentication method name, not whether is succeeded or not.
** Affects: openssh (Ubuntu)
Importance: High
Assignee: Andreas Hasenack (ahasenack)
Status: In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2058276
Title:
Improve ssh-gssapi DEP8 test
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2058276/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
