forked from mscdex/ssh2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest-server-hostkeys.js
136 lines (128 loc) · 3.98 KB
/
test-server-hostkeys.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
'use strict';
const assert = require('assert');
const {
fixtureKey,
mustCall,
setup,
} = require('./common.js');
const debug = false;
[
{ desc: 'RSA user key (old OpenSSH)',
hostKey: fixtureKey('id_rsa') },
{ desc: 'RSA user key (new OpenSSH)',
hostKey: fixtureKey('openssh_new_rsa') },
{ desc: 'DSA host key',
hostKey: fixtureKey('ssh_host_dsa_key') },
{ desc: 'ECDSA host key',
hostKey: fixtureKey('ssh_host_ecdsa_key') },
{ desc: 'PPK',
hostKey: fixtureKey('id_rsa.ppk') },
].forEach((test) => {
const { desc, hostKey } = test;
const clientKey = fixtureKey('openssh_new_rsa');
const username = 'KeyUser';
const { server } = setup(
desc,
{
client: {
username,
privateKey: clientKey.raw,
algorithms: {
serverHostKey: [ hostKey.key.type ],
}
},
server: { hostKeys: [ hostKey.raw ] },
debug,
}
);
server.on('connection', mustCall((conn) => {
let authAttempt = 0;
conn.on('authentication', mustCall((ctx) => {
assert(ctx.username === username,
`Wrong username: ${ctx.username}`);
switch (++authAttempt) {
case 1:
assert(ctx.method === 'none',
`Wrong auth method: ${ctx.method}`);
return ctx.reject();
case 3:
assert(ctx.signature, 'Missing publickey signature');
// FALLTHROUGH
case 2:
assert(ctx.method === 'publickey',
`Wrong auth method: ${ctx.method}`);
assert(ctx.key.algo === clientKey.key.type,
`Wrong key algo: ${ctx.key.algo}`);
assert.deepStrictEqual(clientKey.key.getPublicSSH(),
ctx.key.data,
'Public key mismatch');
break;
}
if (ctx.signature) {
assert(clientKey.key.verify(ctx.blob, ctx.signature) === true,
'Could not verify publickey signature');
}
ctx.accept();
}, 3)).on('ready', mustCall(() => {
conn.end();
}));
}));
});
{
const RSA_KEY = fixtureKey('ssh_host_rsa_key');
const ECDSA_KEY = fixtureKey('ssh_host_ecdsa_key');
[ RSA_KEY, ECDSA_KEY ].forEach((key) => {
const selKeyType = key.key.type;
const clientKey = fixtureKey('openssh_new_rsa');
const username = 'KeyUser';
const { client, server } = setup(
`Multiple host key types (${key.type} selected)`,
{
client: {
username,
privateKey: clientKey.raw,
algorithms: {
serverHostKey: [ selKeyType ],
}
},
server: { hostKeys: [ RSA_KEY.raw, ECDSA_KEY.raw ] },
debug,
}
);
server.on('connection', mustCall((conn) => {
let authAttempt = 0;
conn.on('authentication', mustCall((ctx) => {
assert(ctx.username === username,
`Wrong username: ${ctx.username}`);
switch (++authAttempt) {
case 1:
assert(ctx.method === 'none',
`Wrong auth method: ${ctx.method}`);
return ctx.reject();
case 3:
assert(ctx.signature, 'Missing publickey signature');
// FALLTHROUGH
case 2:
assert(ctx.method === 'publickey',
`Wrong auth method: ${ctx.method}`);
assert(ctx.key.algo === clientKey.key.type,
`Wrong key algo: ${ctx.key.algo}`);
assert.deepStrictEqual(clientKey.key.getPublicSSH(),
ctx.key.data,
'Public key mismatch');
break;
}
if (ctx.signature) {
assert(clientKey.key.verify(ctx.blob, ctx.signature) === true,
'Could not verify publickey signature');
}
ctx.accept();
}, 3)).on('ready', mustCall(() => {
conn.end();
}));
}));
client.on('handshake', mustCall((info) => {
assert(info.serverHostKey === selKeyType, 'Wrong host key selected');
}));
});
}