418feb37ec
Some distributions already have OpenSSH 9.8, which introduces split
sshd/sshd-session binaries, and there we need to copy the binary from
the host, which can be /usr/libexec/openssh/sshd-session (Fedora
Rawhide), /usr/lib/ssh/sshd-session (Arch Linux),
/usr/lib/openssh/sshd-session (Debian), and possibly other paths.
Add at least those three, and, if we don't find sshd-session, assume
we don't need it: it could very well be an older version of OpenSSH,
as reported by David for Fedora 40, or perhaps another daemon (would
Dropbear even work? I'm not sure).
Reported-by: David Gibson <david@gibson.dropbear.id.au>
Fixes: d6817b3930
("test/passt.mbuto: Install sshd-session OpenSSH's split process")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: David Gibson <david@gibson.dropbear.id.au>
95 lines
3.5 KiB
Bash
Executable file
95 lines
3.5 KiB
Bash
Executable file
#!/bin/sh
|
|
#
|
|
# SPDX-License-Identifier: GPL-2.0-or-later
|
|
#
|
|
# PASST - Plug A Simple Socket Transport
|
|
# for qemu/UNIX domain socket mode
|
|
#
|
|
# test/passt.mbuto - mbuto (https://mbuto.sh) profile for test images
|
|
#
|
|
# Copyright (c) 2022 Red Hat GmbH
|
|
# Author: Stefano Brivio <sbrivio@redhat.com>
|
|
|
|
PROGS="${PROGS:-ash,dash,bash ip mount ls insmod mkdir ln cat chmod lsmod
|
|
modprobe find grep mknod mv rm umount jq iperf3 dhclient hostname
|
|
sed tr chown sipcalc cut socat dd strace ping tail killall sleep sysctl
|
|
nproc tcp_rr tcp_crr udp_rr which tee seq bc sshd ssh-keygen cmp}"
|
|
|
|
# OpenSSH 9.8 introduced split binaries, with sshd being the daemon, and
|
|
# sshd-session the per-session program. We need the latter as well, and the path
|
|
# depends on the distribution. It doesn't exist on older versions.
|
|
for bin in /usr/lib/openssh/sshd-session /usr/lib/ssh/sshd-session \
|
|
/usr/libexec/openssh/sshd-session; do
|
|
command -v "${bin}" >/dev/null && PROGS="${PROGS} ${bin}"
|
|
done
|
|
|
|
KMODS="${KMODS:- virtio_net virtio_pci vmw_vsock_virtio_transport}"
|
|
|
|
LINKS="${LINKS:-
|
|
ash,dash,bash /init
|
|
ash,dash,bash /bin/sh}"
|
|
|
|
DIRS="${DIRS} /tmp /usr/sbin /usr/share /var/log /var/lib /etc/ssh /run/sshd /root/.ssh"
|
|
|
|
COPIES="${COPIES} small.bin,/root/small.bin medium.bin,/root/medium.bin big.bin,/root/big.bin"
|
|
|
|
FIXUP="${FIXUP}"'
|
|
mv /sbin/* /usr/sbin || :
|
|
rm -rf /sbin
|
|
ln -s /usr/sbin /sbin
|
|
cat > /sbin/dhclient-script << EOF
|
|
#!/bin/sh
|
|
LOG=/var/log/dhclient-script.log
|
|
echo \${reason} \${interface} >> \$LOG
|
|
set >> \$LOG
|
|
|
|
[ -n "\${new_interface_mtu}" ] && ip link set dev \${interface} mtu \${new_interface_mtu}
|
|
|
|
[ -n "\${new_ip_address}" ] && ip addr add \${new_ip_address}/\${new_subnet_mask} dev \${interface}
|
|
[ -n "\${new_routers}" ] && for r in \${new_routers}; do ip route add default via \${r} dev \${interface}; done
|
|
:> /etc/resolv.conf
|
|
[ -n "\${new_domain_name_servers}" ] && for d in \${new_domain_name_servers}; do echo "nameserver \${d}" >> /etc/resolv.conf; done
|
|
[ -n "\${new_domain_name}" ] && echo "search \${new_domain_name}" >> /etc/resolf.conf
|
|
[ -n "\${new_domain_search}" ] && (printf "search"; for d in \${new_domain_search}; do printf " %s" "\${d}"; done; printf "\n") >> /etc/resolv.conf
|
|
[ -n "\${new_ip6_address}" ] && ip addr add \${new_ip6_address}/\${new_ip6_prefixlen} dev \${interface}
|
|
[ -n "\${new_dhcp6_name_servers}" ] && for d in \${new_dhcp6_name_servers}; do echo "nameserver \${d}%\${interface}" >> /etc/resolv.conf; done
|
|
[ -n "\${new_dhcp6_domain_search}" ] && (printf "search"; for d in \${new_dhcp6_domain_search}; do printf " %s" "\${d}"; done; printf "\n") >> /etc/resolv.conf
|
|
[ -n "\${new_host_name}" ] && hostname "\${new_host_name}"
|
|
exit 0
|
|
EOF
|
|
chmod 755 /sbin/dhclient-script
|
|
ln -s /bin /usr/bin
|
|
ln -s /run /var/run
|
|
:> /etc/fstab
|
|
|
|
# sshd via vsock
|
|
cat > /etc/passwd << EOF
|
|
root:x:0:0:root:/root:/bin/sh
|
|
sshd:x:100:100:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
|
|
EOF
|
|
cat > /etc/shadow << EOF
|
|
root:::0:99999:7:::
|
|
EOF
|
|
chmod 000 /etc/shadow
|
|
|
|
cat > /etc/ssh/sshd_config << EOF
|
|
Subsystem sftp internal-sftp
|
|
EOF
|
|
ssh-keygen -A
|
|
chmod 700 /root/.ssh
|
|
chmod 700 /run/sshd
|
|
# Alternative location for the priv separation dir
|
|
ln -s /run/sshd /usr/share/empty.sshd
|
|
|
|
cat > /root/.ssh/authorized_keys <<EOF
|
|
'"$(cat guest-key.pub 2>/dev/null || :)"'
|
|
EOF
|
|
chmod 600 /root/.ssh/authorized_keys
|
|
chmod 700 /root
|
|
socat VSOCK-LISTEN:22,fork EXEC:"/sbin/sshd -i -e" 2> /var/log/vsock-ssh.log &
|
|
sh +m
|
|
'
|
|
|
|
OUTPUT="KERNEL=__KERNEL__
|
|
INITRD=__INITRD__
|
|
"
|