create testing kit

Makefile

@@ -7,3 +7,18 @@ all: build
 
 test:
 	echo $(PACKAGE)
+
+docker-nuke:
+	docker-compose -f docker-compose.test.yml down --rmi all --remove-orphans -v
+
+docker-clean:
+	docker-compose -f docker-compose.test.yml down --remove-orphans -v
+
+docker-down:
+	docker-compose -f docker-compose.test.yml down
+
+docker-up:
+	docker-compose -f docker-compose.test.yml up
+
+docker-test:
+	docker-compose -f docker-compose.test.yml up --exit-code-from sut

docker-compose.test.yml

@@ -0,0 +1,113 @@
+version: '3'
+
+#      TARGET_PORT                  REMOTE_PORT    TUNNEL_PORT
+# target <--------------- local ------------> remote <--------------- source
+# 203.0.113.100       203.0.113.111        203.0.113.10        203.0.113.200
+#
+# The LOCAL (203.0.113.111) device connects to the REMOTE (203.0.113.10)
+# REMOTE_PORT (:22) to permit the SOURCE (203.0.113.200) to connect to the
+# REMOTE (203.0.113.10) TUNNEL_PORT (:11111) to get to the TARGET
+# (203.0.113.100) TARGET_PORT (:22) via the tunnel set up by
+
+services:
+  remote:
+    build:
+      context: ./test
+      dockerfile: Dockerfile.openssh
+    hostname: remote
+    command: /bin/sh -c "(
+              rm /root/.ssh/remote.txt;
+              sed -i s/#PermitRootLogin.*/PermitRootLogin\ yes/ /etc/ssh/sshd_config;
+              sed -i s/GatewayPorts\ no/GatewayPorts\ clientspecified/ /etc/ssh/sshd_config;
+              sed -i s/AllowTcpForwarding\ no/AllowTcpForwarding\ yes/ /etc/ssh/sshd_config;
+              echo root:root | chpasswd;
+              ssh-keygen -A;
+              touch /root/.ssh/remote.txt;
+              /usr/sbin/sshd -D -e
+             )"
+    networks:
+      testnet:
+        ipv4_address: 203.0.113.10
+    volumes:
+      - sshkeys:/root/.ssh/
+
+
+  target:
+    build:
+      context: ./test
+      dockerfile: Dockerfile.openssh
+    hostname: target
+    command: /bin/sh -c "(
+              rm /root/.ssh/target.txt;
+              sed -i s/#PermitRootLogin.*/PermitRootLogin\ yes/ /etc/ssh/sshd_config;
+              echo root:root | chpasswd;
+              ssh-keygen -A;
+              touch /root/.ssh/target.txt;
+              /usr/sbin/sshd -D -e
+             )"
+    networks:
+      testnet:
+        ipv4_address: 203.0.113.100
+    volumes:
+      - sshkeys:/root/.ssh/
+
+
+  local:
+    build: .
+    hostname: local
+    depends_on:
+      - remote
+      - target
+      - sut
+    environment:
+      - TERM=xterm
+      - SSH_BIND_IP=203.0.113.10
+      - SSH_REMOTE_USER=root
+      - SSH_REMOTE_HOST=203.0.113.10
+      - SSH_REMOTE_PORT=22
+      - SSH_TARGET_HOST=203.0.113.100
+      - SSH_TARGET_PORT=22
+      - SSH_TUNNEL_PORT=11111
+      - SSH_KEY_FILE=/opt/id_rsa
+      - SSH_KNOWN_HOSTS_FILE=/dev/null
+      - SSH_STRICT_HOST_IP_CHECK=false
+    networks:
+      testnet:
+        ipv4_address: 203.0.113.111
+    restart: always
+    volumes:
+      - sshkeys:/opt/
+
+
+  sut:
+    build:
+      context: ./test
+      dockerfile: Dockerfile.openssh
+    hostname: source
+    command: /bin/sh -c "(
+              echo y | ssh-keygen -C testing -f /opt/id_rsa -N '';
+              cp /opt/id_rsa.pub /opt/authorized_keys;
+              chmod 600 /opt/authorized_keys;
+              while [ ! -f /opt/remote.txt ]; do echo 'waiting for remote...'; sleep 2; done;
+              while [ ! -f /opt/target.txt ]; do echo 'waiting for target...'; sleep 2; done;
+              sleep 2;
+              ssh -o StrictHostKeyChecking=no -i /opt/id_rsa [email protected] -p 11111 -C 'if [ `hostname` == "target" ]; then exit 0; else echo 'hostname is not target'; exit 1; fi';
+             )"
+    networks:
+      testnet:
+        ipv4_address: 203.0.113.200
+    volumes:
+      - sshkeys:/opt/
+
+
+networks:
+  testnet:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: 203.0.113.0/24
+
+
+volumes:
+  sshkeys: {}

test/Dockerfile.openssh

@@ -0,0 +1,8 @@
+FROM alpine:latest
+
+RUN \
+    apk update && \
+    apk --no-cache add \
+    openssh \
+    openssh-keygen \
+    openssh-client