diff --git a/Makefile b/Makefile index 8f4e672..3328565 100644 --- a/Makefile +++ b/Makefile @@ -7,3 +7,18 @@ all: build test: echo $(PACKAGE) + +docker-nuke: + docker-compose -f docker-compose.test.yml down --rmi all --remove-orphans -v + +docker-clean: + docker-compose -f docker-compose.test.yml down --remove-orphans -v + +docker-down: + docker-compose -f docker-compose.test.yml down + +docker-up: + docker-compose -f docker-compose.test.yml up + +docker-test: + docker-compose -f docker-compose.test.yml up --exit-code-from sut \ No newline at end of file diff --git a/docker-compose.test.yml b/docker-compose.test.yml new file mode 100644 index 0000000..1d38044 --- /dev/null +++ b/docker-compose.test.yml @@ -0,0 +1,113 @@ +version: '3' + +# TARGET_PORT REMOTE_PORT TUNNEL_PORT +# target <--------------- local ------------> remote <--------------- source +# 203.0.113.100 203.0.113.111 203.0.113.10 203.0.113.200 +# +# The LOCAL (203.0.113.111) device connects to the REMOTE (203.0.113.10) +# REMOTE_PORT (:22) to permit the SOURCE (203.0.113.200) to connect to the +# REMOTE (203.0.113.10) TUNNEL_PORT (:11111) to get to the TARGET +# (203.0.113.100) TARGET_PORT (:22) via the tunnel set up by + +services: + remote: + build: + context: ./test + dockerfile: Dockerfile.openssh + hostname: remote + command: /bin/sh -c "( + rm /root/.ssh/remote.txt; + sed -i s/#PermitRootLogin.*/PermitRootLogin\ yes/ /etc/ssh/sshd_config; + sed -i s/GatewayPorts\ no/GatewayPorts\ clientspecified/ /etc/ssh/sshd_config; + sed -i s/AllowTcpForwarding\ no/AllowTcpForwarding\ yes/ /etc/ssh/sshd_config; + echo root:root | chpasswd; + ssh-keygen -A; + touch /root/.ssh/remote.txt; + /usr/sbin/sshd -D -e + )" + networks: + testnet: + ipv4_address: 203.0.113.10 + volumes: + - sshkeys:/root/.ssh/ + + + target: + build: + context: ./test + dockerfile: Dockerfile.openssh + hostname: target + command: /bin/sh -c "( + rm /root/.ssh/target.txt; + sed -i s/#PermitRootLogin.*/PermitRootLogin\ yes/ /etc/ssh/sshd_config; + echo root:root | chpasswd; + ssh-keygen -A; + touch /root/.ssh/target.txt; + /usr/sbin/sshd -D -e + )" + networks: + testnet: + ipv4_address: 203.0.113.100 + volumes: + - sshkeys:/root/.ssh/ + + + local: + build: . + hostname: local + depends_on: + - remote + - target + - sut + environment: + - TERM=xterm + - SSH_BIND_IP=203.0.113.10 + - SSH_REMOTE_USER=root + - SSH_REMOTE_HOST=203.0.113.10 + - SSH_REMOTE_PORT=22 + - SSH_TARGET_HOST=203.0.113.100 + - SSH_TARGET_PORT=22 + - SSH_TUNNEL_PORT=11111 + - SSH_KEY_FILE=/opt/id_rsa + - SSH_KNOWN_HOSTS_FILE=/dev/null + - SSH_STRICT_HOST_IP_CHECK=false + networks: + testnet: + ipv4_address: 203.0.113.111 + restart: always + volumes: + - sshkeys:/opt/ + + + sut: + build: + context: ./test + dockerfile: Dockerfile.openssh + hostname: source + command: /bin/sh -c "( + echo y | ssh-keygen -C testing -f /opt/id_rsa -N ''; + cp /opt/id_rsa.pub /opt/authorized_keys; + chmod 600 /opt/authorized_keys; + while [ ! -f /opt/remote.txt ]; do echo 'waiting for remote...'; sleep 2; done; + while [ ! -f /opt/target.txt ]; do echo 'waiting for target...'; sleep 2; done; + sleep 2; + ssh -o StrictHostKeyChecking=no -i /opt/id_rsa root@203.0.113.10 -p 11111 -C 'if [ `hostname` == "target" ]; then exit 0; else echo 'hostname is not target'; exit 1; fi'; + )" + networks: + testnet: + ipv4_address: 203.0.113.200 + volumes: + - sshkeys:/opt/ + + +networks: + testnet: + driver: bridge + ipam: + driver: default + config: + - subnet: 203.0.113.0/24 + + +volumes: + sshkeys: {} \ No newline at end of file diff --git a/test/Dockerfile.openssh b/test/Dockerfile.openssh new file mode 100644 index 0000000..5661761 --- /dev/null +++ b/test/Dockerfile.openssh @@ -0,0 +1,8 @@ +FROM alpine:latest + +RUN \ + apk update && \ + apk --no-cache add \ + openssh \ + openssh-keygen \ + openssh-client