Cirrus: Simplify rootless ssh setup

The sshd service is guaranteed to be running by the VM image build process - it's required by the packer tool for access. Remove the startup and check on the sshd service. For many tests, man ssh connections to/from $ROOTLESS_USER on the host are needed. To facilitate this, the localhost key is added to `known_hosts` for root and `$ROOTLESS_USER`. Simplify this setup using the `ssh-keyscan` tool. Signed-off-by: Chris Evich <cevich@redhat.com>
2025-10-25 10:16:43 +08:00 · 2022-04-29 11:09:50 -04:00
parent 9ffc2a6ac7
commit 237f761262
1 changed files with 8 additions and 17 deletions
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@ -182,30 +182,21 @@ setup_rootless() {
    cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> $HOME/.ssh/authorized_keys
    cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> /home/$ROOTLESS_USER/.ssh/authorized_keys

-    msg "Ensure the ssh daemon is up and running within 5 minutes"
-    systemctl start sshd
-    lilto systemctl is-active sshd
-
    msg "Configure ssh file permissions"
    chmod -R 700 "$HOME/.ssh"
    chmod -R 700 "/home/$ROOTLESS_USER/.ssh"
    chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh"

+    # N/B: We're clobbering the known_hosts here on purpose.  There should
+    # never be any non-localhost connections made from tests (using strict-mode).
+    # If there are, it's either a security problem or a broken test, both of which
+    # we want to lead to test failures.
    msg "   setup known_hosts for $USER"
-    ssh -q root@localhost \
-        -o UserKnownHostsFile=/root/.ssh/known_hosts \
-        -o UpdateHostKeys=yes \
-        -o StrictHostKeyChecking=no \
-        -o CheckHostIP=no \
-        true
-
+    ssh-keyscan localhost > /root/.ssh/known_hosts
    msg "   setup known_hosts for $ROOTLESS_USER"
-    su $ROOTLESS_USER -c "ssh -q $ROOTLESS_USER@localhost \
-        -o UserKnownHostsFile=/home/$ROOTLESS_USER/.ssh/known_hosts \
-        -o UpdateHostKeys=yes \
-        -o StrictHostKeyChecking=no \
-        -o CheckHostIP=no \
-        true"
+    # Maintain access-permission consistency with all other .ssh files.
+    install -Z -m 700 -o $ROOTLESS_USER -g $ROOTLESS_USER \
+        /root/.ssh/known_hosts /home/$ROOTLESS_USER/.ssh/known_hosts
 }

 install_test_configs() {