Testing the SSPI support is difficult as it requires running on a domain-joined Windows host, and specifically for the server side, requires running as the local NT Authority\SYSTEM account in order for tests to pass.
Current manual testing process:
cd testdata- Create SSH keypair with
ssh-keygen -b 4096 -t rsa -m PEM -f id_rsa
- Optionally set the
ingress_cidr_blocks variable in terraform.tfvars
- Run
terraform apply to create a simple AD directory service and Windows 2022 instance joined to AD
- RDP to instance with domain administrator, install AD management tools, OpenSSH server feature, PsExec, Golang, and Git
- Configure OpenSSH to permit GSSAPI authentication
- Create a test user, grant RDP access
- Run
go test -v -run TestNewClient with the test user
- Run
go test -v -run TestNewServer using PsExec64.exe -i -s powershell.exe to run using SYSTEM account
Testing the SSPI support is difficult as it requires running on a domain-joined Windows host, and specifically for the server side, requires running as the local
NT Authority\SYSTEMaccount in order for tests to pass.Current manual testing process:
cd testdatassh-keygen -b 4096 -t rsa -m PEM -f id_rsaingress_cidr_blocksvariable interraform.tfvarsterraform applyto create a simple AD directory service and Windows 2022 instance joined to ADgo test -v -run TestNewClientwith the test usergo test -v -run TestNewServerusingPsExec64.exe -i -s powershell.exeto run usingSYSTEMaccount