aboutsummaryrefslogtreecommitdiff
path: root/ssh/server_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'ssh/server_test.go')
-rw-r--r--ssh/server_test.go85
1 files changed, 85 insertions, 0 deletions
diff --git a/ssh/server_test.go b/ssh/server_test.go
new file mode 100644
index 0000000..2145dce
--- /dev/null
+++ b/ssh/server_test.go
@@ -0,0 +1,85 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+ "testing"
+)
+
+func TestClientAuthRestrictedPublicKeyAlgos(t *testing.T) {
+ for _, tt := range []struct {
+ name string
+ key Signer
+ wantError bool
+ }{
+ {"rsa", testSigners["rsa"], false},
+ {"dsa", testSigners["dsa"], true},
+ {"ed25519", testSigners["ed25519"], true},
+ } {
+ c1, c2, err := netPipe()
+ if err != nil {
+ t.Fatalf("netPipe: %v", err)
+ }
+ defer c1.Close()
+ defer c2.Close()
+ serverConf := &ServerConfig{
+ PublicKeyAuthAlgorithms: []string{KeyAlgoRSASHA256, KeyAlgoRSASHA512},
+ PublicKeyCallback: func(conn ConnMetadata, key PublicKey) (*Permissions, error) {
+ return nil, nil
+ },
+ }
+ serverConf.AddHostKey(testSigners["ecdsap256"])
+
+ done := make(chan struct{})
+ go func() {
+ defer close(done)
+ NewServerConn(c1, serverConf)
+ }()
+
+ clientConf := ClientConfig{
+ User: "user",
+ Auth: []AuthMethod{
+ PublicKeys(tt.key),
+ },
+ HostKeyCallback: InsecureIgnoreHostKey(),
+ }
+
+ _, _, _, err = NewClientConn(c2, "", &clientConf)
+ if err != nil {
+ if !tt.wantError {
+ t.Errorf("%s: got unexpected error %q", tt.name, err.Error())
+ }
+ } else if tt.wantError {
+ t.Errorf("%s: succeeded, but want error", tt.name)
+ }
+ <-done
+ }
+}
+
+func TestNewServerConnValidationErrors(t *testing.T) {
+ c1, c2, err := netPipe()
+ if err != nil {
+ t.Fatalf("netPipe: %v", err)
+ }
+ defer c1.Close()
+ defer c2.Close()
+
+ serverConf := &ServerConfig{
+ PublicKeyAuthAlgorithms: []string{CertAlgoRSAv01},
+ }
+ _, _, _, err = NewServerConn(c1, serverConf)
+ if err == nil {
+ t.Fatal("NewServerConn with invalid public key auth algorithms succeeded")
+ }
+ serverConf = &ServerConfig{
+ Config: Config{
+ KeyExchanges: []string{kexAlgoDHGEXSHA256},
+ },
+ }
+ _, _, _, err = NewServerConn(c1, serverConf)
+ if err == nil {
+ t.Fatal("NewServerConn with unsupported key exchange succeeded")
+ }
+}
generated by cgit v1.3 (git 2.53.0) at 2026-04-15 07:10:48 +0000