summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--contrib/cirrus/lib.sh25
1 files changed, 8 insertions, 17 deletions
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index 46b245a45..349970012 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -182,30 +182,21 @@ setup_rootless() {
cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> $HOME/.ssh/authorized_keys
cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> /home/$ROOTLESS_USER/.ssh/authorized_keys
- msg "Ensure the ssh daemon is up and running within 5 minutes"
- systemctl start sshd
- lilto systemctl is-active sshd
-
msg "Configure ssh file permissions"
chmod -R 700 "$HOME/.ssh"
chmod -R 700 "/home/$ROOTLESS_USER/.ssh"
chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh"
+ # N/B: We're clobbering the known_hosts here on purpose. There should
+ # never be any non-localhost connections made from tests (using strict-mode).
+ # If there are, it's either a security problem or a broken test, both of which
+ # we want to lead to test failures.
msg " setup known_hosts for $USER"
- ssh -q root@localhost \
- -o UserKnownHostsFile=/root/.ssh/known_hosts \
- -o UpdateHostKeys=yes \
- -o StrictHostKeyChecking=no \
- -o CheckHostIP=no \
- true
-
+ ssh-keyscan localhost > /root/.ssh/known_hosts
msg " setup known_hosts for $ROOTLESS_USER"
- su $ROOTLESS_USER -c "ssh -q $ROOTLESS_USER@localhost \
- -o UserKnownHostsFile=/home/$ROOTLESS_USER/.ssh/known_hosts \
- -o UpdateHostKeys=yes \
- -o StrictHostKeyChecking=no \
- -o CheckHostIP=no \
- true"
+ # Maintain access-permission consistency with all other .ssh files.
+ install -Z -m 700 -o $ROOTLESS_USER -g $ROOTLESS_USER \
+ /root/.ssh/known_hosts /home/$ROOTLESS_USER/.ssh/known_hosts
}
install_test_configs() {