diff options
author | Chris Evich <cevich@redhat.com> | 2022-04-29 11:09:50 -0400 |
---|---|---|
committer | Chris Evich <cevich@redhat.com> | 2022-05-10 10:49:32 -0400 |
commit | 237f7612628cb66920c4d63dea1aa1b015ec2e68 (patch) | |
tree | 4575014cdfef05758ae56d568ffc3c15aebd89c0 | |
parent | 9ffc2a6ac7b922cad5c6d536e537bb96b9cfdae6 (diff) | |
download | podman-237f7612628cb66920c4d63dea1aa1b015ec2e68.tar.gz podman-237f7612628cb66920c4d63dea1aa1b015ec2e68.tar.bz2 podman-237f7612628cb66920c4d63dea1aa1b015ec2e68.zip |
Cirrus: Simplify rootless ssh setup
The sshd service is guaranteed to be running by the VM image build
process - it's required by the packer tool for access. Remove the
startup and check on the sshd service.
For many tests, man ssh connections to/from $ROOTLESS_USER on the
host are needed. To facilitate this, the localhost key is added to
`known_hosts` for root and `$ROOTLESS_USER`. Simplify this setup using
the `ssh-keyscan` tool.
Signed-off-by: Chris Evich <cevich@redhat.com>
-rw-r--r-- | contrib/cirrus/lib.sh | 25 |
1 files changed, 8 insertions, 17 deletions
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 46b245a45..349970012 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -182,30 +182,21 @@ setup_rootless() { cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> $HOME/.ssh/authorized_keys cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> /home/$ROOTLESS_USER/.ssh/authorized_keys - msg "Ensure the ssh daemon is up and running within 5 minutes" - systemctl start sshd - lilto systemctl is-active sshd - msg "Configure ssh file permissions" chmod -R 700 "$HOME/.ssh" chmod -R 700 "/home/$ROOTLESS_USER/.ssh" chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh" + # N/B: We're clobbering the known_hosts here on purpose. There should + # never be any non-localhost connections made from tests (using strict-mode). + # If there are, it's either a security problem or a broken test, both of which + # we want to lead to test failures. msg " setup known_hosts for $USER" - ssh -q root@localhost \ - -o UserKnownHostsFile=/root/.ssh/known_hosts \ - -o UpdateHostKeys=yes \ - -o StrictHostKeyChecking=no \ - -o CheckHostIP=no \ - true - + ssh-keyscan localhost > /root/.ssh/known_hosts msg " setup known_hosts for $ROOTLESS_USER" - su $ROOTLESS_USER -c "ssh -q $ROOTLESS_USER@localhost \ - -o UserKnownHostsFile=/home/$ROOTLESS_USER/.ssh/known_hosts \ - -o UpdateHostKeys=yes \ - -o StrictHostKeyChecking=no \ - -o CheckHostIP=no \ - true" + # Maintain access-permission consistency with all other .ssh files. + install -Z -m 700 -o $ROOTLESS_USER -g $ROOTLESS_USER \ + /root/.ssh/known_hosts /home/$ROOTLESS_USER/.ssh/known_hosts } install_test_configs() { |