sshc secure by default

pkg/conf/config.go

@@ -43,10 +43,5 @@ func LoadConfig(filePath string) (*Config, error) {
 		return nil, err
 	}
 
-	// set some reasonable defaults
-	if cfg.SshClient != nil {
-		cfg.SshClient.Insecure = false
-	}
-
 	return &cfg, nil
 }

pkg/conf/config_test.go

@@ -27,7 +27,40 @@ func TestEmptySshc(t *testing.T) {
 	if cfg.SshClient != nil {
 		t.Fatalf("sshclient should be nil")
 	}
-	// if cfg.SshD.DisableShell {
-	// 	t.Fatalf("disable shell")
-	// }
+}
+
+func TestSshcSecure(t *testing.T) {
+	path := filepath.Join("testdata", "sshc.yaml")
+
+	cfg, err := LoadConfig(path)
+	if err != nil {
+		t.Fatalf("can't parse config")
+	}
+	if cfg.SshClient.Insecure != false {
+		t.Fatalf("sshclient should be secure")
+	}
+}
+
+func TestSshcInsecure(t *testing.T) {
+	path := filepath.Join("testdata", "sshc_insecure.yaml")
+
+	cfg, err := LoadConfig(path)
+	if err != nil {
+		t.Fatalf("can't parse config")
+	}
+	if cfg.SshClient.Insecure != true {
+		t.Fatalf("sshclient should be insecure")
+	}
+}
+
+func TestSshcSecureDefault(t *testing.T) {
+	path := filepath.Join("testdata", "sshc_secure_default.yaml")
+
+	cfg, err := LoadConfig(path)
+	if err != nil {
+		t.Fatalf("can't parse config")
+	}
+	if cfg.SshClient.Insecure != false {
+		t.Fatalf("sshclient should be secure by default")
+	}
 }

pkg/conf/testdata/sshc.yaml

@@ -0,0 +1,5 @@
+sshclient:
+  server: localhost:5022
+  known_hosts: "./known_hosts"
+  identity: "~/.ssh/id_rsa"
+  insecure: false

pkg/conf/testdata/sshc_insecure.yaml

@@ -0,0 +1,5 @@
+sshclient:
+  server: localhost:5022
+  known_hosts: "./known_hosts"
+  identity: "~/.ssh/id_rsa"
+  insecure: true

pkg/conf/testdata/sshc_secure_default.yaml

@@ -0,0 +1,4 @@
+sshclient:
+  server: localhost:5022
+  known_hosts: "./known_hosts"
+  identity: "~/.ssh/id_rsa"