Add tests for /etc/ssh/ssh_known_hosts

527be7b5 · Christopher Huhn · cdef8861 · 527be7b5 · 527be7b5
Commit 527be7b5 authored Apr 29, 2022 by Christopher Huhn
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -78,6 +78,12 @@ platforms:
      provision: true
      vagrantfiles:
        - vagrant.rb
+    provisioner:
+      client_rb:
+        # Chef 15 no longer collects passwd information by default
+        # cf. https://stackoverflow.com/a/70749387/9793012
+        'ohai.optional_plugins = ':
+          - :Passwd

 suites:
  - name: sys_accounts
@@ -269,6 +275,11 @@ suites:
            root:
              '*':
                AddKeysToAgent: ask
+          known_hosts:
+            github.com:
+              ecdsa-sha2-nistp256: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
+              ssh-ed25519: AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
+              ssh-rsa: AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
          ssh_config:
            - '*.example.org':
                SendEnv: TGIF

--- a/test/integration/sys_ssh/serverspec/localhost/ssh_spec.rb
+++ b/test/integration/sys_ssh/serverspec/localhost/ssh_spec.rb
@@ -87,3 +87,19 @@ describe file('/root/.ssh/config') do
    should match(/^Host \*\n\s*AddKeysToAgent ask$/m)
  end
 end
+
+# test /etc/ssh/ssh_known_hosts
+describe file('/etc/ssh/ssh_known_hosts') do
+  it { should exist }
+  it { should be_mode('644') }
+  its(:content) do
+    should match(/^github.com ssh-rsa AAAA\S+==$/)
+  end
+end
+
+describe command 'ssh -v git@github.com' do
+  its(:exit_status) { should eq 255 } # permission denied
+  its(:stdout) { should be_empty }
+  its(:stderr) { should include "debug1: Host 'github.com' is known and matches the ECDSA host key." }
+  its(:stderr) { should match %r{^debug1: Found key in /etc/ssh/ssh_known_hosts:\d+} }
+end