[go: nahoru, domu]
Skip to content

Commit

Permalink
add a match block to sshd_config for SAs (#99)
Browse files Browse the repository at this point in the history
  • Loading branch information
@hopkiw
hopkiw committed Feb 23, 2021
1 parent ec4459d commit daa3b0c
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
5 changes: 5 additions & 0 deletions google_guest_agent/oslogin.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,8 @@ func updateSSHConfig(sshConfig string, enable, twofactor bool) string {
authorizedKeysUser = "AuthorizedKeysCommandRunAs root"
twoFactorAuthMethods = "RequiredAuthentications2 publickey,keyboard-interactive"
}
matchblock1 := `Match User sa_*`
matchblock2 := ` AuthenticationMethods publickey`

filtered := filterGoogleLines(string(sshConfig))

Expand All @@ -181,6 +183,9 @@ func updateSSHConfig(sshConfig string, enable, twofactor bool) string {
}
osLoginBlock = append(osLoginBlock, googleBlockEnd)
filtered = append(osLoginBlock, filtered...)
if twofactor {
filtered = append(filtered, googleBlockStart, matchblock1, matchblock2, googleBlockEnd)
}
}

return strings.Join(filtered, "\n")
Expand Down
10 changes: 10 additions & 0 deletions google_guest_agent/oslogin_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,8 @@ func TestUpdateSSHConfig(t *testing.T) {
authorizedKeysCommand := "AuthorizedKeysCommand /usr/bin/google_authorized_keys"
authorizedKeysUser := "AuthorizedKeysCommandUser root"
twoFactorAuthMethods := "AuthenticationMethods publickey,keyboard-interactive"
matchblock1 := `Match User sa_*`
matchblock2 := ` AuthenticationMethods publickey`

var tests = []struct {
contents, want []string
Expand All @@ -205,6 +207,10 @@ func TestUpdateSSHConfig(t *testing.T) {
challengeResponseEnable,
googleBlockEnd,
"line1",
googleBlockStart,
matchblock1,
matchblock2,
googleBlockEnd,
},
enable: true,
twofactor: true,
Expand All @@ -226,6 +232,10 @@ func TestUpdateSSHConfig(t *testing.T) {
googleBlockEnd,
"line1",
"line3",
googleBlockStart,
matchblock1,
matchblock2,
googleBlockEnd,
},
enable: true,
twofactor: true,
Expand Down

0 comments on commit daa3b0c

Please sign in to comment.