Basic SSH auth tests passing

internal/config/config.go

@@ -56,7 +56,7 @@ func Init() {
 	argParse()
 
 	if customconfig {
-		associateExportedVariables()
+		processOpts()
 		return
 	}
 
@@ -75,7 +75,7 @@ func Init() {
 		Filename = Snek.ConfigFileUsed()
 	}
 
-	associateExportedVariables()
+	processOpts()
 }
 
 func setDefaults() {
@@ -232,7 +232,3 @@ func processOpts() {
 	}
 
 }
-
-func associateExportedVariables() {
-	processOpts()
-}

internal/sshui/server.go

@@ -1,8 +1,6 @@
 package sshui
 
 import (
-	"crypto/rand"
-	"crypto/rsa"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -14,13 +12,10 @@ import (
 )
 
 func newHostKey() error {
-	privateKey, err := rsa.GenerateKey(rand.Reader, 4096)
+	privateKey, err := generatePrivateKey()
 	if err != nil {
 		return err
 	}
-	if err = privateKey.Validate(); err != nil {
-		return err
-	}
 	dir, _ := filepath.Split(config.Filename)
 	newFile := filepath.Join(dir, "host_rsa")
 	if err = os.WriteFile(newFile, encodePrivateKeyToPEM(privateKey), 0600); err != nil {

internal/sshui/server_test.go

@@ -1,6 +1,7 @@
 package sshui
 
 import (
+	"crypto/rsa"
 	"testing"
 	"time"
 
@@ -10,6 +11,22 @@ import (
 	"git.tcp.direct/kayos/ziggs/internal/data"
 )
 
+var (
+	testKey1 *rsa.PrivateKey
+	testKey2 *rsa.PrivateKey
+)
+
+func init() {
+	var err error
+	// generate public keys for testing
+	if testKey1, err = generatePrivateKey(); err != nil {
+		panic(err)
+	}
+	if testKey2, err = generatePrivateKey(); err != nil {
+		panic(err)
+	}
+}
+
 func TestServeSSH(t *testing.T) {
 	config.Init()
 	data.StartTest()
@@ -20,8 +37,8 @@ func TestServeSSH(t *testing.T) {
 			t.Error(err)
 		}
 	}()
-	time.Sleep(2 * time.Second)
-	_, err := data.NewUser("test", data.NewUserPass(true, "test", "test"))
+	time.Sleep(1250 * time.Millisecond)
+	user, err := data.NewUser("test", data.NewUserPass(true, "test", "test"))
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -58,4 +75,48 @@ func TestServeSSH(t *testing.T) {
 			client.Close()
 		}
 	})
+	t.Run("GoodLoginKey", func(t *testing.T) {
+		var signer ssh.Signer
+		if signer, err = ssh.NewSignerFromKey(testKey1); err != nil {
+			t.Fatal(err)
+		}
+		if _, err = user.AddAuthMethod(data.NewPubKey(user.Username, signer.PublicKey())); err != nil {
+			t.Fatal(err)
+		}
+		var client *ssh.Client
+		if client, err = ssh.Dial("tcp", config.SSHListen, &ssh.ClientConfig{
+			User: "test",
+			Auth: []ssh.AuthMethod{
+				ssh.PublicKeys(signer),
+			},
+			HostKeyCallback: ssh.InsecureIgnoreHostKey(),
+		}); err != nil {
+			t.Fatal("expected nil when authing with known key, got", err)
+		}
+		var session *ssh.Session
+		if session, err = client.NewSession(); err != nil {
+			t.Error(err)
+		}
+		session.Close()
+		client.Close()
+	})
+	t.Run("BadLoginKey", func(t *testing.T) {
+		var signer ssh.Signer
+		if signer, err = ssh.NewSignerFromKey(testKey2); err != nil {
+			t.Fatal(err)
+		}
+		var client *ssh.Client
+		if client, err = ssh.Dial("tcp", config.SSHListen, &ssh.ClientConfig{
+			User: "test",
+			Auth: []ssh.AuthMethod{
+				ssh.PublicKeys(signer),
+			},
+			HostKeyCallback: ssh.InsecureIgnoreHostKey(),
+		}); err == nil {
+			t.Fatal("expected error when authing with unknown key, got nil")
+		}
+		if client != nil {
+			client.Close()
+		}
+	})
 }

internal/sshui/util.go

@@ -1,6 +1,7 @@
 package sshui
 
 import (
+	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/pem"
@@ -20,3 +21,14 @@ func encodePrivateKeyToPEM(privateKey *rsa.PrivateKey) []byte {
 
 	return pem.EncodeToMemory(&privBlock)
 }
+
+func generatePrivateKey() (*rsa.PrivateKey, error) {
+	privateKey, err := rsa.GenerateKey(rand.Reader, 4096)
+	if err != nil {
+		return nil, err
+	}
+	if err = privateKey.Validate(); err != nil {
+		return nil, err
+	}
+	return privateKey, nil
+}