set +e
systemctl is-active -q mysshserver.socket && systemctl stop mysshserver.socket
- rm -f /tmp/homed.id_rsa /run/systemd/system/mysshserver{@.service,.socket}
+ rm -f /tmp/homed.id_ecdsa /run/systemd/system/mysshserver{@.service,.socket}
systemctl daemon-reload
homectl remove homedsshtest
mv /etc/pam.d/sshd.bak /etc/pam.d/sshd
trap at_exit EXIT
# Test that SSH logins work with delayed unlocking
- ssh-keygen -N '' -C '' -t rsa -f /tmp/homed.id_rsa
+ ssh-keygen -N '' -C '' -t ecdsa -f /tmp/homed.id_ecdsa
NEWPASSWORD=hunter4711 homectl create \
--disk-size=min \
--luks-discard=yes \
--luks-pbkdf-type=pbkdf2 \
--luks-pbkdf-time-cost=1ms \
--enforce-password-policy=no \
- --ssh-authorized-keys=@/tmp/homed.id_rsa.pub \
+ --ssh-authorized-keys=@/tmp/homed.id_ecdsa.pub \
--stop-delay=0 \
homedsshtest
homectl inspect homedsshtest
mkdir -p /etc/ssh
- test -f /etc/ssh/ssh_host_rsa_key || ssh-keygen -t rsa -C '' -N '' -f /etc/ssh/ssh_host_rsa_key
+ test -f /etc/ssh/ssh_host_ecdsa_key || ssh-keygen -t ecdsa -C '' -N '' -f /etc/ssh/ssh_host_ecdsa_key
# ssh wants this dir around, but distros cannot agree on a common name for it, let's just create all that are aware of distros use
mkdir -p /usr/share/empty.sshd /var/empty /var/empty/sshd
userdbctl user -j homedsshtest
- ssh -t -t -4 -p 4711 -i /tmp/homed.id_rsa \
+ ssh -t -t -4 -p 4711 -i /tmp/homed.id_ecdsa \
-o "SetEnv PASSWORD=hunter4711" -o "StrictHostKeyChecking no" \
homedsshtest@localhost echo zzz | tail -n 1 | tr -d '\r' > /tmp/homedsshtest.out
cat /tmp/homedsshtest.out
test "$(cat /tmp/homedsshtest.out)" = "zzz"
rm /tmp/homedsshtest.out
- ssh -t -t -4 -p 4711 -i /tmp/homed.id_rsa \
+ ssh -t -t -4 -p 4711 -i /tmp/homed.id_ecdsa \
-o "SetEnv PASSWORD=hunter4711" -o "StrictHostKeyChecking no" \
homedsshtest@localhost env
projects / thirdparty / systemd.git / commitdiff
