@@ -230,6 +230,46 @@ jobs:
230230 Write-Host "Client cert thumbprint: $($clientCert.Thumbprint)"
231231 Add-Content -Path $env:GITHUB_ENV -Value "CLIENT_CERT_SUBJECT=$($clientCert.Subject)"
232232
233+ name : Create Windows user testuser and authorized_keys
234+ shell : pwsh
235+ run : |
236+ $homeDir = "C:\Users\testuser"
237+ $authKeysFile = "$homeDir\authorized_keys_test"
238+ # Password: <=14 chars to avoid net user "Windows 2000" prompt; mixed case, number, special.
239+ # This is a test user and not a sensitive password.
240+ $pw = 'T3stP@ss!xY9'
241+
242+ # Create home dir (profile) for testuser
243+ New-Item -ItemType Directory -Path $homeDir -Force | Out-Null
244+ Write-Host "Created $homeDir"
245+
246+ # Create local user testuser (net user avoids New-LocalUser password policy issues in CI)
247+ $o = net user testuser $pw /add /homedir:$homeDir 2>&1
248+ if ($LASTEXITCODE -ne 0) {
249+ if ($o -match "already exists") {
250+ Write-Host "User testuser already exists"
251+ net user testuser /homedir:$homeDir 2>$null
252+ } else {
253+ Write-Host "net user failed: $o"
254+ exit 1
255+ }
256+ } else {
257+ Write-Host "Created user testuser"
258+ }
259+
260+ # authorized_keys: hansel public key with comment 'testuser'
261+ $pubKey = Get-Content "${{ github.workspace }}\wolfssh\keys\hansel-key-ecc.pub" -Raw
262+ if (-not $pubKey) {
263+ Write-Host "ERROR: hansel-key-ecc.pub not found"
264+ exit 1
265+ }
266+ $pubKey = ($pubKey -replace '\s+hansel\s*$', ' testuser').TrimEnd()
267+ $pubKey | Out-File -FilePath $authKeysFile -Encoding ASCII -NoNewline
268+ # ensure testuser can read (wolfsshd impersonates testuser when checking authorized_keys)
269+ icacls $authKeysFile /grant "testuser:R" /q
270+ Write-Host "Created $authKeysFile"
271+ Get-Content $authKeysFile
272+
233273name : Create wolfSSHd config file
234274 working-directory : ${{ github.workspace }}\wolfssh
235275 shell : pwsh
@@ -240,6 +280,12 @@ jobs:
240280 PermitRootLogin yes
241281 "@
242282
283+ # AuthorizedKeysFile: relative to user home (e.g. C:\Users\testuser/authorized_keys_test)
284+ $configContent += @"
285+
286+ AuthorizedKeysFile authorized_keys_test
287+ "@
288+
243289 if ("${{ matrix.server_key_source }}" -eq "store") {
244290 # Get server cert subject from environment
245291 $serverSubject = (Get-Content env:SERVER_CERT_SUBJECT)
@@ -731,8 +777,7 @@ jobs:
731777 $errOut = Get-Content sftp_error.txt -Raw
732778 }
733779
734- # Success indicators: connection established, key exchange completed
735- # Failure indicators: connection refused, key exchange failed
780+ # Failure indicators
736781 if ($output -match "connection.*refused" -or $errOut -match "connection.*refused") {
737782 Write-Host "ERROR: Connection refused - server may not be running"
738783 exit 1
@@ -741,8 +786,16 @@ jobs:
741786 Write-Host "ERROR: Key exchange failed - cert store key may not be working"
742787 exit 1
743788 }
789+ if ($output -match "Couldn't connect" -or $errOut -match "Couldn't connect") {
790+ Write-Host "ERROR: SFTP could not connect (check authorized_keys, user, or server)"
791+ exit 1
792+ }
793+ if ($process.ExitCode -ne 0) {
794+ Write-Host "ERROR: SFTP client exited with code $($process.ExitCode)"
795+ exit 1
796+ }
744797
745- Write-Host "Test completed - key exchange appears to have worked "
798+ Write-Host "Test completed - key exchange and SFTP connection succeeded "
746799
747800name : Test SSH client connection
748801 working-directory : ${{ github.workspace }}\wolfssh
0 commit comments