[Touch-packages] [Bug 2058276] [NEW] Improve ssh-gssapi DEP8 test

Andreas Hasenack Mon, 18 Mar 2024 11:46:18 -0700

Public bug reported:

The DEP8 test introduced in
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2053146 could
still show s PASS even when the login didn't work. This is because it's
relying on `set -e` to work inside functions, but that's not the case.


For example, here I forced a failure by using an invalid user (I added "x" to 
the username):
```
## ssh'ing into localhost using gssapi-keyex auth
testuser229...@sshd-gssapi.example.fake: Permission denied (gssapi-keyex).

## checking that we got a service ticket for ssh (host/)
03/18/24 12:16:55  03/18/24 22:16:55  host/sshd-gssapi.example.fake@
        Ticket server: host/sshd-gssapi.example.f...@example.fake

## Checking ssh logs to confirm gssapi-keyex auth was used
Mar 18 12:16:55 sshd-gssapi.example.fake sshd[22994]: Failed gssapi-keyex for 
invalid user testuser22924x from 127.0.0.1 port 39550 ssh2: 
testuser22...@example.fake
## PASS test_gssapi_keyex_login

```

Furthermore, the --grep option used in journalctl is not specific
enough, as can also be seen above. It's just looking for the
authentication method name, not whether is succeeded or not.

** Affects: openssh (Ubuntu)
     Importance: High
     Assignee: Andreas Hasenack (ahasenack)
         Status: In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2058276

Title:
  Improve ssh-gssapi DEP8 test

Status in openssh package in Ubuntu:
  In Progress

Bug description:
  The DEP8 test introduced in
  https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2053146 could
  still show s PASS even when the login didn't work. This is because
  it's relying on `set -e` to work inside functions, but that's not the
  case.

  For example, here I forced a failure by using an invalid user (I added "x" to 
the username):
  ```
  ## ssh'ing into localhost using gssapi-keyex auth
  testuser229...@sshd-gssapi.example.fake: Permission denied (gssapi-keyex).

  ## checking that we got a service ticket for ssh (host/)
  03/18/24 12:16:55  03/18/24 22:16:55  host/sshd-gssapi.example.fake@
        Ticket server: host/sshd-gssapi.example.f...@example.fake

  ## Checking ssh logs to confirm gssapi-keyex auth was used
  Mar 18 12:16:55 sshd-gssapi.example.fake sshd[22994]: Failed gssapi-keyex for 
invalid user testuser22924x from 127.0.0.1 port 39550 ssh2: 
testuser22...@example.fake
  ## PASS test_gssapi_keyex_login

  ```

  Furthermore, the --grep option used in journalctl is not specific
  enough, as can also be seen above. It's just looking for the
  authentication method name, not whether is succeeded or not.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2058276/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2058276] [NEW] Improve ssh-gssapi DEP8 test

Reply via email to