movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-09 19:13:26 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixosTests.openssh: Added SFTP testcase

Browse source
This commit is contained in:
Jonathan Davies 2025-03-11 23:16:47 +00:00 committed by tomf
parent ae61cffc49
commit 025a8628bf
1 changed files with 57 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

57
nixos/tests/openssh.nix
View file

@ -224,6 +224,32 @@ in
]; ];
}; };
server-sftp =
{ pkgs, ... }:
{
services.openssh = {
enable = true;
extraConfig = ''
Match Group sftponly
ChrootDirectory /srv/sftp
ForceCommand internal-sftp
'';
};
users.groups = {
sftponly = { };
};
users.users = {
alice = {
isNormalUser = true;
createHome = false;
group = "sftponly";
shell = "/run/current-system/sw/bin/nologin";
openssh.authorizedKeys.keys = [ snakeOilPublicKey ];
};
};
};
client = client =
{ ... }: { ... }:
{ {
@ -244,6 +270,7 @@ in
server_match_rule.wait_for_unit("sshd", timeout=30) server_match_rule.wait_for_unit("sshd", timeout=30)
server_no_openssl.wait_for_unit("sshd", timeout=30) server_no_openssl.wait_for_unit("sshd", timeout=30)
server_no_pam.wait_for_unit("sshd", timeout=30) server_no_pam.wait_for_unit("sshd", timeout=30)
server_sftp.wait_for_unit("sshd", timeout=30)
server_lazy.wait_for_unit("sshd.socket", timeout=30) server_lazy.wait_for_unit("sshd.socket", timeout=30)
server_localhost_only_lazy.wait_for_unit("sshd.socket", timeout=30) server_localhost_only_lazy.wait_for_unit("sshd.socket", timeout=30)
@ -351,6 +378,36 @@ in
timeout=30 timeout=30
) )
with subtest("sftp"):
server_sftp.succeed(
"mkdir -p /srv/sftp/uploads"
)
server_sftp.succeed(
"chown alice:sftponly /srv/sftp/uploads"
)
server_sftp.succeed(
"chmod 0755 /srv/sftp/uploads"
)
client.succeed(
"cat ${snakeOilPrivateKey} > privkey.snakeoil"
)
client.succeed("chmod 600 privkey.snakeoil")
client.succeed(
"echo 'hello-sftp-world' > test-file"
)
client.succeed(
"echo 'put test-file uploads/' > put-batch-file"
)
client.succeed(
"sftp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil -b put-batch-file alice@server-sftp",
timeout=30
)
server_sftp.wait_for_file("/srv/sftp/uploads/test-file")
# None of the per-connection units should have failed. # None of the per-connection units should have failed.
server_lazy.fail("systemctl is-failed 'sshd@*.service'") server_lazy.fail("systemctl is-failed 'sshd@*.service'")
''; '';