Honor rootfulness when SSH-ing into named Machine

Fix a bug where SSH-ing into a named Podman Machine (not podman-machine-default) results in the user being put in the rootless shell if the default system connection is rootless. Resolves: https://github.com/containers/podman/issues/25332 Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
2025-05-17 15:18:43 +08:00 · 2025-03-13 14:55:03 -04:00
parent 79e05ca199
commit f166f1503c
2 changed files with 46 additions and 26 deletions
--- a/cmd/podman/machine/ssh.go
+++ b/cmd/podman/machine/ssh.go
@ -4,7 +4,6 @@ package machine

 import (
 	"fmt"
-	"net/url"

 	"github.com/containers/podman/v5/pkg/machine/define"
 	"github.com/containers/podman/v5/pkg/machine/env"
@ -100,13 +99,6 @@ func ssh(cmd *cobra.Command, args []string) error {
 		}
 	}

-	if !validVM && sshOpts.Username == "" {
-		sshOpts.Username, err = remoteConnectionUsername()
-		if err != nil {
-			return err
-		}
-	}
-
 	state, err := provider.State(mc, false)
 	if err != nil {
 		return err
@ -115,25 +107,14 @@ func ssh(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("vm %q is not running", mc.Name)
 	}

-	username := sshOpts.Username
-	if username == "" {
-		username = mc.SSH.RemoteUsername
+	if sshOpts.Username == "" {
+		if mc.HostUser.Rootful {
+			sshOpts.Username = "root"
+		} else {
+			sshOpts.Username = mc.SSH.RemoteUsername
+		}
 	}

-	err = machine.CommonSSHShell(username, mc.SSH.IdentityPath, mc.Name, mc.SSH.Port, sshOpts.Args)
+	err = machine.CommonSSHShell(sshOpts.Username, mc.SSH.IdentityPath, mc.Name, mc.SSH.Port, sshOpts.Args)
 	return utils.HandleOSExecError(err)
 }
-
-func remoteConnectionUsername() (string, error) {
-	con, err := registry.PodmanConfig().ContainersConfDefaultsRO.GetConnection("", true)
-	if err != nil {
-		return "", err
-	}
-
-	uri, err := url.Parse(con.URI)
-	if err != nil {
-		return "", err
-	}
-	username := uri.User.String()
-	return username, nil
-}
--- a/pkg/machine/e2e/ssh_test.go
+++ b/pkg/machine/e2e/ssh_test.go
@ -62,4 +62,43 @@ var _ = Describe("podman machine ssh", func() {
 			Expect(sshSession.errorToString()).To(Equal(""))
 		}
 	})
+
+	It("verify machine rootfulness", func() {
+		wsl := testProvider.VMType() == define.WSLVirt
+		name := randomString()
+		i := new(initMachine)
+		session, err := mb.setName(name).setCmd(i.withImage(mb.imagePath).withNow()).run()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(session).To(Exit(0))
+
+		ssh := &sshMachine{}
+		sshSession, err := mb.setName(name).setCmd(ssh.withSSHCommand([]string{"whoami"})).run()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(sshSession).To(Exit(0))
+		if wsl {
+			Expect(sshSession.outputToString()).To(Equal("user"))
+		} else {
+			Expect(sshSession.outputToString()).To(Equal("core"))
+		}
+
+		stop := &stopMachine{}
+		stopSession, err := mb.setName(name).setCmd(stop).run()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(stopSession).To(Exit(0))
+
+		set := &setMachine{}
+		setSession, err := mb.setName(name).setCmd(set.withRootful(true)).run()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(setSession).To(Exit(0))
+
+		start := &startMachine{}
+		startSession, err := mb.setName(name).setCmd(start).run()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(startSession).To(Exit(0))
+
+		sshSession, err = mb.setName(name).setCmd(ssh.withSSHCommand([]string{"whoami"})).run()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(sshSession).To(Exit(0))
+		Expect(sshSession.outputToString()).To(Equal("root"))
+	})
 })