Skip to content

Instantly share code, notes, and snippets.

@jasperla
Created January 22, 2014 11:14
Show Gist options
  • Save jasperla/8557047 to your computer and use it in GitHub Desktop.
Save jasperla/8557047 to your computer and use it in GitHub Desktop.
Updated test Augeas sshd test
module Test_sshd =
let accept_env = "Protocol 2
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL\n"
test Sshd.lns get accept_env =
{ "Protocol" = "2" }
{ "AcceptEnv"
{ "1" = "LC_PAPER" }
{ "2" = "LC_NAME" }
{ "3" = "LC_ADDRESS" }
{ "4" = "LC_TELEPHONE" }
{ "5" = "LC_MEASUREMENT" } }
{ "AcceptEnv"
{ "6" = "LC_IDENTIFICATION" }
{ "7" = "LC_ALL" } }
test Sshd.lns get "HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key\n" =
{ "HostKey" = "/etc/ssh/ssh_host_rsa_key" }
{ "HostKey" = "/etc/ssh/ssh_host_dsa_key" }
test Sshd.lns put accept_env after
rm "AcceptEnv";
rm "AcceptEnv";
set "Protocol" "1.5";
set "X11Forwarding" "yes"
= "Protocol 1.5\nX11Forwarding yes\n"
test Sshd.lns get "AuthorizedKeysFile %h/.ssh/authorized_keys\n" =
{ "AuthorizedKeysFile" = "%h/.ssh/authorized_keys" }
test Sshd.lns get "Subsystem sftp /usr/lib/openssh/sftp-server\n" =
{ "Subsystem"
{ "sftp" = "/usr/lib/openssh/sftp-server" } }
test Sshd.lns get "Subsystem sftp-test /usr/lib/openssh/sftp-server\n" =
{ "Subsystem"
{ "sftp-test" = "/usr/lib/openssh/sftp-server" } }
let match_blocks = "X11Forwarding yes
Match User sarko Group pres.*
Banner /etc/bienvenue.txt
X11Forwarding no
Match Address 10.0.0.1
X11Forwarding no
PermitTTY no
Match Address *
X11Forwarding no
Match Address 10.0.0.0/24
X11Forwarding no
Match Address *,!10.0.0.2
X11Forwarding no
Match Address *,!10.0.0.0/24
X11Forwarding no
AllowGroups users
ForceCommand internal-sftp
ChrootDirectory /chroot
Match User bush Group pres.* Host white.house.*
Banner /etc/welcome.txt
"
test Sshd.lns get match_blocks =
{ "X11Forwarding" = "yes"}
{ "Match"
{ "Condition" { "User" = "sarko" }
{ "Group" = "pres.*" } }
{ "Settings" { "Banner" = "/etc/bienvenue.txt" }
{ "X11Forwarding" = "no" } } }
{ "Match"
{ "Condition" { "Address" = "10.0.0.1" } }
{ "Settings" { "X11Forwarding" = "no" }
{ "PermitTTY" = "no" } } }
{ "Match"
{ "Condition" { "Address" = "*" } }
{ "Settings" { "X11Forwarding" = "no" } } }
{ "Match"
{ "Condition" { "Address" = "10.0.0.0/24" } }
{ "Settings" { "X11Forwarding" = "no" } } }
{ "Match"
{ "Condition" { "Address" = "*,!10.0.0.2" } }
{ "Settings" { "X11Forwarding" = "no" } } }
{ "Match"
{ "Condition" { "Address" = "*,!10.0.0.0/24" } }
{ "Settings" { "X11Forwarding" = "no" }
{ "AllowGroups" = "users" }
{ "ForceCommand" = "internal-sftp" }
{ "ChrootDirectory" = "/chroot" } } }
{ "Match"
{ "Condition" { "User" = "bush" }
{ "Group" = "pres.*" }
{ "Host" = "white.house.*" } }
{ "Settings" { "Banner" = "/etc/welcome.txt" } } }
test Sshd.lns put match_blocks after
insb "Subsystem" "/Match[1]";
set "/Subsystem/sftp" "/usr/libexec/openssh/sftp-server"
= "X11Forwarding yes
Subsystem sftp /usr/libexec/openssh/sftp-server
Match User sarko Group pres.*
Banner /etc/bienvenue.txt
X11Forwarding no
PermitTTY no
Match Address 10.0.0.1
X11Forwarding no
PermitTTY no
Match Address *
X11Forwarding no
Match Address 10.0.0.0/24
X11Forwarding no
Match Address *,!10.0.0.2
X11Forwarding no
Match Address *,!10.0.0.0/24
X11Forwarding no
Match Address *,!10.0.0.0/24
X11Forwarding no
AllowGroups users
ForceCommand internal-sftp
ChrootDirectory /chroot
Match User bush Group pres.* Host white.house.*
Banner /etc/welcome.txt\n"
(* Local Variables: *)
(* mode: caml *)
(* End: *)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment