When developing or fine-tuning OpenSSH configurations the testing can be quite tiresome: Change configuration, restart server, run manual tests, repeat. Not to forget the many times when restarting the SSH server does not work and you lock yourself out of your test server.
When writing a Linux Magazin article about SSH key management I wanted to show how to use OpenSSH PKI in a repeatable way. The result is an automated test suite for OpenSSH configuration:
$ ./run_demo.sh ... lots of info output running through ...
SSH PKI Demo Test Results:
Succeeded create-ca-keySucceeded create-host-keySucceeded sign-host-keySucceeded create-user-root-keySucceeded sign-user-root-keySucceeded create-user-unpriv-keySucceeded sign-user-unpriv-keySucceeded test-trusting-known-hosts-via-cert-and-login-with-passwordSucceeded test-that-hostname-in-cert-must-match-target-hostSucceeded test-login-with-root-key-trusted-by-certSucceeded test-that-username-in-cert-must-match-target-userSucceeded test-revoked-ca-key-prevents-loginSucceeded test-revoked-user-key-prevents-loginSucceeded test-revoked-host-key-prevents-connectionSucceeded in running all tests, congratulations!
It does not require root permissions and creates a fake environment where it can start an SSH server and connect a client to it. The test also creates the required SSH CA Certificate, host and users keys to serve as a practical example of how to use OpenSSH PKI.
Based on this script it is very easy to write your own tests that verify other aspects of OpenSSH configuration as part of your Test Driven Infrastructure.
The code is available on my GitHub repository: https://github.com/schlomo/openssh-config-test