@@ -230,6 +230,56 @@ jobs:
230230 Write-Host "Client cert thumbprint: $($clientCert.Thumbprint)"
231231 Add-Content -Path $env:GITHUB_ENV -Value "CLIENT_CERT_SUBJECT=$($clientCert.Subject)"
232232
233+ name : Create Windows user testuser and authorized_keys
234+ shell : pwsh
235+ run : |
236+ $homeDir = "C:\Users\testuser"
237+ $sshDir = "$homeDir\.ssh"
238+ $authKeysFile = "$sshDir\authorized_keys"
239+ # Password: <=14 chars to avoid net user "Windows 2000" prompt; mixed case, number, special.
240+ # This is a test user and not a sensitive password.
241+ $pw = 'T3stP@ss!xY9'
242+
243+ # Create home dir and .ssh for testuser (default: .ssh/authorized_keys)
244+ New-Item -ItemType Directory -Path $homeDir -Force | Out-Null
245+ New-Item -ItemType Directory -Path $sshDir -Force | Out-Null
246+ Write-Host "Created $homeDir and $sshDir"
247+
248+ # Create local user testuser (net user avoids New-LocalUser password policy issues in CI)
249+ $o = net user testuser $pw /add /homedir:$homeDir 2>&1
250+ if ($LASTEXITCODE -ne 0) {
251+ if ($o -match "already exists") {
252+ Write-Host "User testuser already exists"
253+ net user testuser /homedir:$homeDir 2>$null
254+ } else {
255+ Write-Host "net user failed: $o"
256+ exit 1
257+ }
258+ } else {
259+ Write-Host "Created user testuser"
260+ }
261+
262+ # authorized_keys: hansel public key with comment 'testuser'
263+ $pubKey = Get-Content "${{ github.workspace }}\wolfssh\keys\hansel-key-ecc.pub" -Raw
264+ if (-not $pubKey) {
265+ Write-Host "ERROR: hansel-key-ecc.pub not found"
266+ exit 1
267+ }
268+ $pubKey = ($pubKey -replace '\s+hansel\s*$', ' testuser').TrimEnd()
269+ $pubKey | Out-File -FilePath $authKeysFile -Encoding ASCII -NoNewline
270+ # ensure testuser can read (wolfsshd impersonates testuser when checking authorized_keys)
271+ icacls $authKeysFile /grant "testuser:R" /q
272+ Write-Host "Created $authKeysFile"
273+ Get-Content $authKeysFile
274+
275+ # Set ProfileImagePath so SHGetKnownFolderPath(FOLDERID_Profile) returns $homeDir
276+ # for testuser (GetHomeDirectory in wolfsshd uses that; otherwise it can fail for new users).
277+ $sid = (New-Object System.Security.Principal.NTAccount("testuser")).Translate([System.Security.Principal.SecurityIdentifier]).Value
278+ $profKey = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$sid"
279+ if (-not (Test-Path $profKey)) { New-Item -Path $profKey -Force | Out-Null }
280+ Set-ItemProperty -Path $profKey -Name "ProfileImagePath" -Value $homeDir -Force
281+ Write-Host "Set ProfileImagePath for testuser to $homeDir"
282+
233283name : Create wolfSSHd config file
234284 working-directory : ${{ github.workspace }}\wolfssh
235285 shell : pwsh
@@ -731,8 +781,7 @@ jobs:
731781 $errOut = Get-Content sftp_error.txt -Raw
732782 }
733783
734- # Success indicators: connection established, key exchange completed
735- # Failure indicators: connection refused, key exchange failed
784+ # Failure indicators
736785 if ($output -match "connection.*refused" -or $errOut -match "connection.*refused") {
737786 Write-Host "ERROR: Connection refused - server may not be running"
738787 exit 1
@@ -741,8 +790,16 @@ jobs:
741790 Write-Host "ERROR: Key exchange failed - cert store key may not be working"
742791 exit 1
743792 }
793+ if ($output -match "Couldn't connect" -or $errOut -match "Couldn't connect") {
794+ Write-Host "ERROR: SFTP could not connect (check authorized_keys, user, or server)"
795+ exit 1
796+ }
797+ if ($process.ExitCode -ne 0) {
798+ Write-Host "ERROR: SFTP client exited with code $($process.ExitCode)"
799+ exit 1
800+ }
744801
745- Write-Host "Test completed - key exchange appears to have worked "
802+ Write-Host "Test completed - key exchange and SFTP connection succeeded "
746803
747804name : Test SSH client connection
748805 working-directory : ${{ github.workspace }}\wolfssh
0 commit comments