Be explicit about ssh configs suitable only for localhost

... and warn loudly against generalization. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2025-10-15 02:06:42 +08:00 · 2025-05-15 23:04:49 +02:00
parent 5fef6b714d
commit 265ca77276
10 changed files with 45 additions and 30 deletions
--- a/cmd/podman/machine/cp.go
+++ b/cmd/podman/machine/cp.go
@ -95,7 +95,7 @@ func cp(_ *cobra.Command, args []string) error {
 	cpOpts.SrcPath = srcPath
 	cpOpts.DestPath = destPath

-	err = secureCopy(&cpOpts)
+	err = localhostSSHCopy(&cpOpts)
 	if err != nil {
 		return fmt.Errorf("copy failed: %s", err.Error())
 	}
@ -105,7 +105,8 @@ func cp(_ *cobra.Command, args []string) error {
 	return nil
 }

-func secureCopy(opts *cpOptions) error {
+// localhostSSHCopy uses scp to copy files from/to a localhost machine using ssh.
+func localhostSSHCopy(opts *cpOptions) error {
 	srcPath := opts.SrcPath
 	destPath := opts.DestPath
 	sshConfig := opts.Machine.SSH
@ -123,7 +124,7 @@ func secureCopy(opts *cpOptions) error {
 	}

 	args := []string{"-r", "-i", sshConfig.IdentityPath, "-P", strconv.Itoa(sshConfig.Port)}
-	args = append(args, machine.CommonSSHArgs()...)
+	args = append(args, machine.LocalhostSSHArgs()...) // Warning: This MUST NOT be generalized to allow communication over untrusted networks.
 	args = append(args, []string{srcPath, destPath}...)

 	cmd := exec.Command("scp", args...)
--- a/cmd/podman/machine/ssh.go
+++ b/cmd/podman/machine/ssh.go
@ -115,6 +115,6 @@ func ssh(cmd *cobra.Command, args []string) error {
 		}
 	}

-	err = machine.CommonSSHShell(sshOpts.Username, mc.SSH.IdentityPath, mc.Name, mc.SSH.Port, sshOpts.Args)
+	err = machine.LocalhostSSHShell(sshOpts.Username, mc.SSH.IdentityPath, mc.Name, mc.SSH.Port, sshOpts.Args)
 	return utils.HandleOSExecError(err)
 }