From b73d7e140b9cd5a7b862e2d974caa24dad10902a Mon Sep 17 00:00:00 2001 From: Wai Yee Wong Date: Mon, 20 Jun 2022 17:27:19 -0400 Subject: [PATCH] Improve PR 7193: Check host keys supported by the operating system and report new ones if any --- .../autotest/testcase/install_xCAT/case0 | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/xCAT-test/autotest/testcase/install_xCAT/case0 b/xCAT-test/autotest/testcase/install_xCAT/case0 index c39f5cfd2..e5d309f9e 100644 --- a/xCAT-test/autotest/testcase/install_xCAT/case0 +++ b/xCAT-test/autotest/testcase/install_xCAT/case0 @@ -21,6 +21,16 @@ check:rc==0 check:output=~running cmd:rm -rf /install_xCAT_xcat-core.tar.bz2 /install_xCAT_xcat-dep.tar.bz2 +# Check host keys supported by the operating system and report new ones, if any. +cmd:echo -e "dsa\necdsa\ned25519\nrsa\nrsa1" > /tmp/known_host_keys +check:rc==0 +cmd:ssh-keygen --help 2>&1 | grep "\[-t" | sed -E 's/.*(\[\-t.*)/\1/' | cut -d "[" -f2 | cut -d "]" -f1 | sed 's/-t//' | sed 's/|//g' | xargs -n 1 | grep -v '\-sk' > /tmp/current_os_host_keys +check:rc==0 +cmd:diff /tmp/known_host_keys /tmp/current_os_host_keys +check:output!~> +cmd:rm -f /tmp/known_host_keys /tmp/current_os_host_keys +check:rc==0 + # Obtain the highest version of TLS supported by OpenSSL/TLS. cmd:openssl s_client --help 2>&1 | grep "\-tls1" | awk '{print $1}' | sort | tail -1 check:rc==0 @@ -61,6 +71,16 @@ cmd:sleep 5 cmd:service goconserver status cmd:service conserver status +# Check host keys supported by the operating system and report new ones, if any. +cmd:echo -e "dsa\necdsa\ned25519\nrsa\nrsa1" > /tmp/known_host_keys +check:rc==0 +cmd:ssh-keygen --help 2>&1 | grep "\[-t" | sed -E 's/.*(\[\-t.*)/\1/' | cut -d "[" -f2 | cut -d "]" -f1 | sed 's/-t//' | sed 's/|//g' | xargs -n 1 | grep -v '\-sk' > /tmp/current_os_host_keys +check:rc==0 +cmd:diff /tmp/known_host_keys /tmp/current_os_host_keys +check:output!~> +cmd:rm -f /tmp/known_host_keys /tmp/current_os_host_keys +check:rc==0 + # Obtain the highest version of TLS supported by OpenSSL/TLS. cmd:openssl s_client --help 2>&1 | grep "\-tls1" | awk '{print $1}' | sort | tail -1 check:rc==0