opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-26 02:35:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

Cirrus: Simplify rootless ssh setup

Browse Source 
The sshd service is guaranteed to be running by the VM image build
process - it's required by the packer tool for access.  Remove the
startup and check on the sshd service.

For many tests, man ssh connections to/from $ROOTLESS_USER on the
host are needed.  To facilitate this, the localhost key is added to
`known_hosts` for root and `$ROOTLESS_USER`.  Simplify this setup using
the `ssh-keyscan` tool.

Signed-off-by: Chris Evich <cevich@redhat.com>
This commit is contained in:
Chris Evich
2022-04-29 11:09:50 -04:00
parent 9ffc2a6ac7
commit 237f761262
1 changed files with 8 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
contrib/cirrus/lib.sh
View File

@ -182,30 +182,21 @@ setup_rootless() {
cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> $HOME/.ssh/authorized_keys cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> $HOME/.ssh/authorized_keys
cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> /home/$ROOTLESS_USER/.ssh/authorized_keys cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> /home/$ROOTLESS_USER/.ssh/authorized_keys
msg "Ensure the ssh daemon is up and running within 5 minutes"
systemctl start sshd
lilto systemctl is-active sshd
msg "Configure ssh file permissions" msg "Configure ssh file permissions"
chmod -R 700 "$HOME/.ssh" chmod -R 700 "$HOME/.ssh"
chmod -R 700 "/home/$ROOTLESS_USER/.ssh" chmod -R 700 "/home/$ROOTLESS_USER/.ssh"
chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh" chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh"
# N/B: We're clobbering the known_hosts here on purpose. There should
# never be any non-localhost connections made from tests (using strict-mode).
# If there are, it's either a security problem or a broken test, both of which
# we want to lead to test failures.
msg " setup known_hosts for $USER" msg " setup known_hosts for $USER"
ssh -q root@localhost \ ssh-keyscan localhost > /root/.ssh/known_hosts
-o UserKnownHostsFile=/root/.ssh/known_hosts \
-o UpdateHostKeys=yes \
-o StrictHostKeyChecking=no \
-o CheckHostIP=no \
true
msg " setup known_hosts for $ROOTLESS_USER" msg " setup known_hosts for $ROOTLESS_USER"
su $ROOTLESS_USER -c "ssh -q $ROOTLESS_USER@localhost \ # Maintain access-permission consistency with all other .ssh files.
-o UserKnownHostsFile=/home/$ROOTLESS_USER/.ssh/known_hosts \ install -Z -m 700 -o $ROOTLESS_USER -g $ROOTLESS_USER \
-o UpdateHostKeys=yes \ /root/.ssh/known_hosts /home/$ROOTLESS_USER/.ssh/known_hosts
-o StrictHostKeyChecking=no \
-o CheckHostIP=no \
true"
} }
install_test_configs() { install_test_configs() {