summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChris Evich <cevich@redhat.com>2022-04-29 11:09:50 -0400
committerChris Evich <cevich@redhat.com>2022-05-10 10:49:32 -0400
commit237f7612628cb66920c4d63dea1aa1b015ec2e68 (patch)
tree4575014cdfef05758ae56d568ffc3c15aebd89c0
parent9ffc2a6ac7b922cad5c6d536e537bb96b9cfdae6 (diff)
downloadpodman-237f7612628cb66920c4d63dea1aa1b015ec2e68.tar.gz
podman-237f7612628cb66920c4d63dea1aa1b015ec2e68.tar.bz2
podman-237f7612628cb66920c4d63dea1aa1b015ec2e68.zip
Cirrus: Simplify rootless ssh setup
The sshd service is guaranteed to be running by the VM image build process - it's required by the packer tool for access. Remove the startup and check on the sshd service. For many tests, man ssh connections to/from $ROOTLESS_USER on the host are needed. To facilitate this, the localhost key is added to `known_hosts` for root and `$ROOTLESS_USER`. Simplify this setup using the `ssh-keyscan` tool. Signed-off-by: Chris Evich <cevich@redhat.com>
-rw-r--r--contrib/cirrus/lib.sh25
1 files changed, 8 insertions, 17 deletions
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index 46b245a45..349970012 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -182,30 +182,21 @@ setup_rootless() {
cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> $HOME/.ssh/authorized_keys
cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> /home/$ROOTLESS_USER/.ssh/authorized_keys
- msg "Ensure the ssh daemon is up and running within 5 minutes"
- systemctl start sshd
- lilto systemctl is-active sshd
-
msg "Configure ssh file permissions"
chmod -R 700 "$HOME/.ssh"
chmod -R 700 "/home/$ROOTLESS_USER/.ssh"
chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh"
+ # N/B: We're clobbering the known_hosts here on purpose. There should
+ # never be any non-localhost connections made from tests (using strict-mode).
+ # If there are, it's either a security problem or a broken test, both of which
+ # we want to lead to test failures.
msg " setup known_hosts for $USER"
- ssh -q root@localhost \
- -o UserKnownHostsFile=/root/.ssh/known_hosts \
- -o UpdateHostKeys=yes \
- -o StrictHostKeyChecking=no \
- -o CheckHostIP=no \
- true
-
+ ssh-keyscan localhost > /root/.ssh/known_hosts
msg " setup known_hosts for $ROOTLESS_USER"
- su $ROOTLESS_USER -c "ssh -q $ROOTLESS_USER@localhost \
- -o UserKnownHostsFile=/home/$ROOTLESS_USER/.ssh/known_hosts \
- -o UpdateHostKeys=yes \
- -o StrictHostKeyChecking=no \
- -o CheckHostIP=no \
- true"
+ # Maintain access-permission consistency with all other .ssh files.
+ install -Z -m 700 -o $ROOTLESS_USER -g $ROOTLESS_USER \
+ /root/.ssh/known_hosts /home/$ROOTLESS_USER/.ssh/known_hosts
}
install_test_configs() {