Improve ssh-gssapi DEP8 test
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Fix Released
|
High
|
Andreas Hasenack |
Bug Description
The DEP8 test introduced in https:/
For example, here I forced a failure by using an invalid user (I added "x" to the username):
```
## ssh'ing into localhost using gssapi-keyex auth
<email address hidden>: Permission denied (gssapi-keyex).
## checking that we got a service ticket for ssh (host/)
03/18/24 12:16:55 03/18/24 22:16:55 host/sshd-
Ticket server: <email address hidden>
## Checking ssh logs to confirm gssapi-keyex auth was used
Mar 18 12:16:55 sshd-gssapi.
## PASS test_gssapi_
```
Furthermore, the --grep option used in journalctl is not specific enough, as can also be seen above. It's just looking for the authentication method name, not whether is succeeded or not.
Related branches
- git-ubuntu bot: Approve
- Sergio Durigan Junior (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 69 lines (+20/-7)2 files modifieddebian/changelog (+9/-0)
debian/tests/ssh-gssapi (+11/-7)
This bug was fixed in the package openssh - 1:9.6p1-3ubuntu11
---------------
openssh (1:9.6p1-3ubuntu11) noble; urgency=medium
* d/t/ssh-gssapi: make the test a bit more rebust (LP: #2058276):
- deal with return codes
- match a more specific success expression from the logs
- add klist output in the case of failure
-- Andreas Hasenack <email address hidden> Mon, 18 Mar 2024 10:25:15 -0300