Loading nixos/tests/openssh.nix +0 −44 Original line number Diff line number Diff line Loading @@ -35,38 +35,6 @@ import ./make-test-python.nix ( ]; }; server-x11 = { ... }: { environment.systemPackages = [ pkgs.xorg.xauth ]; services.openssh = { enable = true; settings.X11Forwarding = true; }; users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; }; server-x11-disable = { ... }: { environment.systemPackages = [ pkgs.xorg.xauth ]; services.openssh = { enable = true; settings = { X11Forwarding = true; # CVE-2025-32728: the following line is ineffectual DisableForwarding = true; }; }; users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; }; server-allowed-users = { ... }: Loading Loading @@ -272,8 +240,6 @@ import ./make-test-python.nix ( start_all() server.wait_for_unit("sshd", timeout=30) server_x11.wait_for_unit("sshd", timeout=30) server_x11_disable.wait_for_unit("sshd", timeout=30) server_allowed_users.wait_for_unit("sshd", timeout=30) server_localhost_only.wait_for_unit("sshd", timeout=30) server_match_rule.wait_for_unit("sshd", timeout=30) Loading Loading @@ -341,16 +307,6 @@ import ./make-test-python.nix ( timeout=30 ) with subtest("x11-forwarding"): client.succeed( "[ \"$(ssh -Y -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil server-x11 'xauth list' | tee /dev/stderr | wc -l)\" -eq 1 ]", timeout=30 ) client.succeed( "[ \"$(ssh -Y -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil server-x11-disable 'xauth list' | tee /dev/stderr | wc -l)\" -eq 0 ]", timeout=30 ) with subtest("localhost-only"): server_localhost_only.succeed("ss -nlt | grep '127.0.0.1:22'") server_localhost_only_lazy.succeed("ss -nlt | grep '127.0.0.1:22'") Loading Loading
nixos/tests/openssh.nix +0 −44 Original line number Diff line number Diff line Loading @@ -35,38 +35,6 @@ import ./make-test-python.nix ( ]; }; server-x11 = { ... }: { environment.systemPackages = [ pkgs.xorg.xauth ]; services.openssh = { enable = true; settings.X11Forwarding = true; }; users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; }; server-x11-disable = { ... }: { environment.systemPackages = [ pkgs.xorg.xauth ]; services.openssh = { enable = true; settings = { X11Forwarding = true; # CVE-2025-32728: the following line is ineffectual DisableForwarding = true; }; }; users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; }; server-allowed-users = { ... }: Loading Loading @@ -272,8 +240,6 @@ import ./make-test-python.nix ( start_all() server.wait_for_unit("sshd", timeout=30) server_x11.wait_for_unit("sshd", timeout=30) server_x11_disable.wait_for_unit("sshd", timeout=30) server_allowed_users.wait_for_unit("sshd", timeout=30) server_localhost_only.wait_for_unit("sshd", timeout=30) server_match_rule.wait_for_unit("sshd", timeout=30) Loading Loading @@ -341,16 +307,6 @@ import ./make-test-python.nix ( timeout=30 ) with subtest("x11-forwarding"): client.succeed( "[ \"$(ssh -Y -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil server-x11 'xauth list' | tee /dev/stderr | wc -l)\" -eq 1 ]", timeout=30 ) client.succeed( "[ \"$(ssh -Y -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil server-x11-disable 'xauth list' | tee /dev/stderr | wc -l)\" -eq 0 ]", timeout=30 ) with subtest("localhost-only"): server_localhost_only.succeed("ss -nlt | grep '127.0.0.1:22'") server_localhost_only_lazy.succeed("ss -nlt | grep '127.0.0.1:22'") Loading
