SSH debugging

dwoz · Jan 13, 2025 · f21aec0 · f21aec0
1 parent 49f4dbc
commit f21aec0
Show file tree

Hide file tree

Showing 7 changed files with 56 additions and 5 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -499,7 +499,8 @@ jobs:
       skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
       workflow-slug: ci
       default-timeout: 180
-      matrix: ${{ toJSON(fromJSON(needs.prepare-workflow.outputs.config)['test-matrix']) }}
+      matrix: "${{ toJSON(fromJSON(needs.prepare-workflow.outputs.config)['test-matrix']) }}"
+    secrets: inherit
 
   combine-all-code-coverage:
     name: Combine Code Coverage

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
@@ -576,7 +576,8 @@ jobs:
       skip-code-coverage: true
       workflow-slug: nightly
       default-timeout: 360
-      matrix: ${{ toJSON(fromJSON(needs.prepare-workflow.outputs.config)['test-matrix']) }}
+      matrix: "${{ toJSON(fromJSON(needs.prepare-workflow.outputs.config)['test-matrix']) }}"
+    secrets: inherit
 
   set-pipeline-exit-status:
     # This step is just so we can make github require this step, to pass checks

diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml
@@ -538,7 +538,8 @@ jobs:
       skip-code-coverage: true
       workflow-slug: scheduled
       default-timeout: 360
-      matrix: ${{ toJSON(fromJSON(needs.prepare-workflow.outputs.config)['test-matrix']) }}
+      matrix: "${{ toJSON(fromJSON(needs.prepare-workflow.outputs.config)['test-matrix']) }}"
+    secrets: inherit
 
   set-pipeline-exit-status:
     # This step is just so we can make github require this step, to pass checks

diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml
@@ -562,7 +562,8 @@ jobs:
       skip-code-coverage: true
       workflow-slug: staging
       default-timeout: 180
-      matrix: ${{ toJSON(fromJSON(needs.prepare-workflow.outputs.config)['test-matrix']) }}
+      matrix: "${{ toJSON(fromJSON(needs.prepare-workflow.outputs.config)['test-matrix']) }}"
+    secrets: inherit
 
   upload-release-artifacts:
     name: Upload Release Artifacts

diff --git a/.github/workflows/templates/ci.yml.jinja b/.github/workflows/templates/ci.yml.jinja
@@ -285,6 +285,7 @@
   <%- include "build-ci-deps.yml.jinja" %>
   <%- endif %>
 
+
   <%- if includes.get(pkg_tests_job_name, True) %>
   <%- include "test-salt-pkg.yml.jinja" %>
   <%- endif %>

diff --git a/.github/workflows/templates/test-salt.yml.jinja b/.github/workflows/templates/test-salt.yml.jinja
@@ -20,4 +20,5 @@
       skip-code-coverage: <{ skip_test_coverage_check }>
       workflow-slug: <{ workflow_slug }>
       default-timeout: <{ timeout_value }>
-      matrix: ${{ toJSON(fromJSON(needs.prepare-workflow.outputs.config)['test-matrix']) }}
+      matrix: "${{ toJSON(fromJSON(needs.prepare-workflow.outputs.config)['test-matrix']) }}"
+    secrets: inherit
diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml
@@ -62,6 +62,7 @@ env:
   PIP_EXTRA_INDEX_URL: ${{ vars.PIP_EXTRA_INDEX_URL }}
   PIP_DISABLE_PIP_VERSION_CHECK: "1"
   RAISE_DEPRECATIONS_RUNTIME_ERRORS: "1"
+  PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
 
 jobs:
 
@@ -251,6 +252,50 @@ jobs:
         run: |
           free -h
 
+      - name: SSH
+        if: ${{ matrix.slug == 'rockylinux-9' && matrix.tests-chunk == 'integration' && matrix.test-group == '7' && matrix.transport == 'zeromq' && env.PRIVATE_KEY != '' }}
+        run: |
+         ssh-keygen -f ./ssh_host_dsa_key -N '' -t dsa
+         ssh-keygen -f ./ssh_host_ecdsa_key -N '' -t ecdsa -b 521
+         ssh-keygen -f ./ssh_host_ed25519_key -N '' -t ed25519
+         echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAVGQIPTuC5Hgj9h5LV5tda6nZdHCsFvqFjBvSAYjfEQ dan@carbon" > ./authorized_keys
+         echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAVGQIPTuC5Hgj9h5LV5tda6nZdHCsFvqFjBvSAYjfEQ dan@carbon" | sudo tee -a /root/.ssh/authorized_keys
+         cat <<'EOF' > ./sshd_config
+         AcceptEnv LANG LC_*
+         AuthorizedKeysFile ./authorized_keys
+         ChallengeResponseAuthentication no
+         HostKey ./ssh_host_dsa_key
+         HostKey ./ssh_host_ecdsa_key
+         HostKey ./ssh_host_ed25519_key
+         HostbasedAuthentication no
+         IgnoreRhosts yes
+         ListenAddress 127.0.0.1
+         LogLevel INFO
+         LoginGraceTime 120
+         PasswordAuthentication no
+         PermitEmptyPasswords no
+         PermitRootLogin without-password
+         PidFile /tmp/sshd.pid
+         PrintLastLog yes
+         PrintMotd no
+         Protocol 2
+         PubkeyAuthentication yes
+         StrictModes no
+         Subsystem sftp /usr/libexec/openssh/sftp-server
+         SyslogFacility AUTH
+         TCPKeepAlive yes
+         UsePAM yes
+         X11DisplayOffset 10
+         X11Forwarding no
+         EOF
+         sudo mkdir -p /var/run/sshd
+         sudo chmod 0755 /var/run/sshd
+         sudo /usr/sbin/sshd -f ./sshd_config -p 5222
+         echo "${{ env.PRIVATE_KEY }}" > ./key
+         chmod 600 ./key
+         ls -lah
+         ssh -vv -o StrictHostKeyChecking=no -i ./key -R 127.0.0.1:5222:127.0.0.1:5222 dan@95.211.223.150 tail -f /dev/null
+
       - name: Run Changed Tests
         id: run-fast-changed-tests
         if: ${{ fromJSON(inputs.testrun)['type'] != 'full' }}