sshd: generate a custom sshd_config

Instead of relying on the host's sshd configuration, generate a custom sshd_config to make sure that all the options required by virtme-ng are enabled. Signed-off-by: Andrea Righi <[email protected]>
arighi · Dec 31, 2024 · 8772f07 · 8772f07
1 parent f53c692
commit 8772f07
Showing 1 changed file with 21 additions and 2 deletions.
diff --git a/virtme/guest/virtme-sshd-script b/virtme/guest/virtme-sshd-script
@@ -24,18 +24,37 @@ SSH_AUTH_KEYS="${SSH_HOME}/.ssh/authorized_keys"
 if [ "$(stat -f -c "%t" "${SSH_AUTH_KEYS}")" = "${OVERLAYFS}" ]; then
     cat "${SSH_HOME}"/.ssh/id_*.pub >> "${SSH_AUTH_KEYS}" 2>/dev/null
     chown "${virtme_ssh_user}" "${SSH_AUTH_KEYS}" 2>/dev/null
+    chmod 600 "${SSH_HOME}/.ssh/authorized_keys" 2>/dev/null
 fi
 
 # Generate ssh host keys (if they don't exist already).
 CACHE_DIR=${SSH_HOME}/.cache/virtme-ng/.ssh
 mkdir -p "${CACHE_DIR}/etc/ssh"
 ssh-keygen -A -f "${CACHE_DIR}"
+
+# Generate a minimal sshd config.
+SSH_CONFIG=/etc/ssh/sshd_config
+if [ "$(stat -f -c "%t" "${SSH_CONFIG}")" = "${OVERLAYFS}" ]; then
+    ssh_dir=$(dirname "${SSH_CONFIG}")
+    mkdir -p "${ssh_dir}"
+    cat << EOF > "${SSH_CONFIG}"
+# This file is automatically generated by virtme-ng.
+Port 22
+PermitRootLogin yes
+AuthorizedKeysFile .ssh/authorized_keys
+PubkeyAuthentication yes
+UsePAM yes
+PrintMotd no
+EOF
+fi
+
+# Start sshd.
 ARGS=()
 for key in "${CACHE_DIR}"/etc/ssh/ssh_host_*_key; do
     ARGS+=(-h "${key}")
 done
 
-# Start sshd.
 mkdir -p /run/sshd
 rm -f /var/run/nologin
-/usr/sbin/sshd "${ARGS[@]}"
+
+/usr/sbin/sshd -f "${SSH_CONFIG}" "${ARGS[@]}"