mirror of
				https://github.com/containers/podman.git
				synced 2025-10-26 10:45:26 +08:00 
			
		
		
		
	Cirrus: Simplify rootless ssh setup
The sshd service is guaranteed to be running by the VM image build process - it's required by the packer tool for access. Remove the startup and check on the sshd service. For many tests, man ssh connections to/from $ROOTLESS_USER on the host are needed. To facilitate this, the localhost key is added to `known_hosts` for root and `$ROOTLESS_USER`. Simplify this setup using the `ssh-keyscan` tool. Signed-off-by: Chris Evich <cevich@redhat.com>
This commit is contained in:
		| @ -182,30 +182,21 @@ setup_rootless() { | ||||
|     cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> $HOME/.ssh/authorized_keys | ||||
|     cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> /home/$ROOTLESS_USER/.ssh/authorized_keys | ||||
|  | ||||
|     msg "Ensure the ssh daemon is up and running within 5 minutes" | ||||
|     systemctl start sshd | ||||
|     lilto systemctl is-active sshd | ||||
|  | ||||
|     msg "Configure ssh file permissions" | ||||
|     chmod -R 700 "$HOME/.ssh" | ||||
|     chmod -R 700 "/home/$ROOTLESS_USER/.ssh" | ||||
|     chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh" | ||||
|  | ||||
|     # N/B: We're clobbering the known_hosts here on purpose.  There should | ||||
|     # never be any non-localhost connections made from tests (using strict-mode). | ||||
|     # If there are, it's either a security problem or a broken test, both of which | ||||
|     # we want to lead to test failures. | ||||
|     msg "   setup known_hosts for $USER" | ||||
|     ssh -q root@localhost \ | ||||
|         -o UserKnownHostsFile=/root/.ssh/known_hosts \ | ||||
|         -o UpdateHostKeys=yes \ | ||||
|         -o StrictHostKeyChecking=no \ | ||||
|         -o CheckHostIP=no \ | ||||
|         true | ||||
|  | ||||
|     ssh-keyscan localhost > /root/.ssh/known_hosts | ||||
|     msg "   setup known_hosts for $ROOTLESS_USER" | ||||
|     su $ROOTLESS_USER -c "ssh -q $ROOTLESS_USER@localhost \ | ||||
|         -o UserKnownHostsFile=/home/$ROOTLESS_USER/.ssh/known_hosts \ | ||||
|         -o UpdateHostKeys=yes \ | ||||
|         -o StrictHostKeyChecking=no \ | ||||
|         -o CheckHostIP=no \ | ||||
|         true" | ||||
|     # Maintain access-permission consistency with all other .ssh files. | ||||
|     install -Z -m 700 -o $ROOTLESS_USER -g $ROOTLESS_USER \ | ||||
|         /root/.ssh/known_hosts /home/$ROOTLESS_USER/.ssh/known_hosts | ||||
| } | ||||
|  | ||||
| install_test_configs() { | ||||
|  | ||||
		Reference in New Issue
	
	Block a user
	 Chris Evich
					Chris Evich