Ensure /run/sshd exists, explicitly set username in sshd fixture, add back use_privilege_mode no

.cirrus.yml

@@ -13,7 +13,7 @@ task:
     - chmod +x /tmp/rustup.sh
     - RUSTUP_IO_THREADS=1 /tmp/rustup.sh -y -q
     - env PATH=$HOME/.cargo/bin:$PATH bash get-deps
-    - chmod og-rw $HOME
+    - mkdir -p /run/sshd
   test_script:
     - env PATH=$HOME/.cargo/bin:$PATH cargo build --all --release
     - env PATH=$HOME/.cargo/bin:$PATH cargo test --all --release

.github/workflows/gen_centos7.yml

@@ -45,6 +45,9 @@ jobs:
       - name: "Install curl"
         shell: bash
         run: "yum install -y curl"
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: "mkdir -p /run/sshd"
       - name: "Install openssh-server"
         shell: bash
         run: "yum install -y openssh-server"

.github/workflows/gen_centos7_continuous.yml

@@ -54,6 +54,11 @@ jobs:
         run: |
           export BUILD_REASON=Schedule
           yum install -y curl
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: |
+          export BUILD_REASON=Schedule
+          mkdir -p /run/sshd
       - name: "Install openssh-server"
         shell: bash
         run: |

.github/workflows/gen_centos7_tag.yml

@@ -36,6 +36,9 @@ jobs:
       - name: "Install curl"
         shell: bash
         run: "yum install -y curl"
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: "mkdir -p /run/sshd"
       - name: "Install openssh-server"
         shell: bash
         run: "yum install -y openssh-server"

.github/workflows/gen_centos8.yml

@@ -31,6 +31,9 @@ jobs:
       - name: "Install curl"
         shell: bash
         run: "yum install -y curl"
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: "mkdir -p /run/sshd"
       - name: "Install openssh-server"
         shell: bash
         run: "yum install -y openssh-server"

.github/workflows/gen_centos8_continuous.yml

@@ -41,6 +41,11 @@ jobs:
         run: |
           export BUILD_REASON=Schedule
           yum install -y curl
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: |
+          export BUILD_REASON=Schedule
+          mkdir -p /run/sshd
       - name: "Install openssh-server"
         shell: bash
         run: |

.github/workflows/gen_centos8_tag.yml

@@ -22,6 +22,9 @@ jobs:
       - name: "Install curl"
         shell: bash
         run: "yum install -y curl"
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: "mkdir -p /run/sshd"
       - name: "Install openssh-server"
         shell: bash
         run: "yum install -y openssh-server"

.github/workflows/gen_debian10.3.yml

@@ -31,6 +31,9 @@ jobs:
       - name: "Install curl"
         shell: bash
         run: "apt-get install -y curl"
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: "mkdir -p /run/sshd"
       - name: "Install openssh-server"
         shell: bash
         run: "apt-get install -y openssh-server"

.github/workflows/gen_debian10.3_continuous.yml

@@ -41,6 +41,11 @@ jobs:
         run: |
           export BUILD_REASON=Schedule
           apt-get install -y curl
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: |
+          export BUILD_REASON=Schedule
+          mkdir -p /run/sshd
       - name: "Install openssh-server"
         shell: bash
         run: |

.github/workflows/gen_debian10.3_tag.yml

@@ -22,6 +22,9 @@ jobs:
       - name: "Install curl"
         shell: bash
         run: "apt-get install -y curl"
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: "mkdir -p /run/sshd"
       - name: "Install openssh-server"
         shell: bash
         run: "apt-get install -y openssh-server"

.github/workflows/gen_debian11.yml

@@ -31,6 +31,9 @@ jobs:
       - name: "Install curl"
         shell: bash
         run: "apt-get install -y curl"
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: "mkdir -p /run/sshd"
       - name: "Install openssh-server"
         shell: bash
         run: "apt-get install -y openssh-server"

.github/workflows/gen_debian11_continuous.yml

@@ -41,6 +41,11 @@ jobs:
         run: |
           export BUILD_REASON=Schedule
           apt-get install -y curl
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: |
+          export BUILD_REASON=Schedule
+          mkdir -p /run/sshd
       - name: "Install openssh-server"
         shell: bash
         run: |

.github/workflows/gen_debian11_tag.yml

@@ -22,6 +22,9 @@ jobs:
       - name: "Install curl"
         shell: bash
         run: "apt-get install -y curl"
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: "mkdir -p /run/sshd"
       - name: "Install openssh-server"
         shell: bash
         run: "apt-get install -y openssh-server"

.github/workflows/gen_debian9.12.yml

@@ -45,6 +45,9 @@ jobs:
       - name: "Install curl"
         shell: bash
         run: "apt-get install -y curl"
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: "mkdir -p /run/sshd"
       - name: "Install openssh-server"
         shell: bash
         run: "apt-get install -y openssh-server"

.github/workflows/gen_debian9.12_continuous.yml

@@ -54,6 +54,11 @@ jobs:
         run: |
           export BUILD_REASON=Schedule
           apt-get install -y curl
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: |
+          export BUILD_REASON=Schedule
+          mkdir -p /run/sshd
       - name: "Install openssh-server"
         shell: bash
         run: |

.github/workflows/gen_debian9.12_tag.yml

@@ -36,6 +36,9 @@ jobs:
       - name: "Install curl"
         shell: bash
         run: "apt-get install -y curl"
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: "mkdir -p /run/sshd"
       - name: "Install openssh-server"
         shell: bash
         run: "apt-get install -y openssh-server"

.github/workflows/gen_fedora33.yml

@@ -25,6 +25,9 @@ jobs:
       - name: "Install curl"
         shell: bash
         run: "yum install -y curl"
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: "mkdir -p /run/sshd"
       - name: "Install openssh-server"
         shell: bash
         run: "yum install -y openssh-server"

.github/workflows/gen_fedora33_continuous.yml

@@ -31,6 +31,11 @@ jobs:
         run: |
           export BUILD_REASON=Schedule
           yum install -y curl
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: |
+          export BUILD_REASON=Schedule
+          mkdir -p /run/sshd
       - name: "Install openssh-server"
         shell: bash
         run: |

.github/workflows/gen_fedora33_tag.yml

@@ -16,6 +16,9 @@ jobs:
       - name: "Install curl"
         shell: bash
         run: "yum install -y curl"
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: "mkdir -p /run/sshd"
       - name: "Install openssh-server"
         shell: bash
         run: "yum install -y openssh-server"

.github/workflows/gen_fedora34.yml

@@ -25,6 +25,9 @@ jobs:
       - name: "Install curl"
         shell: bash
         run: "yum install -y curl"
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: "mkdir -p /run/sshd"
       - name: "Install openssh-server"
         shell: bash
         run: "yum install -y openssh-server"

.github/workflows/gen_fedora34_continuous.yml

@@ -31,6 +31,11 @@ jobs:
         run: |
           export BUILD_REASON=Schedule
           yum install -y curl
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: |
+          export BUILD_REASON=Schedule
+          mkdir -p /run/sshd
       - name: "Install openssh-server"
         shell: bash
         run: |

.github/workflows/gen_fedora34_tag.yml

@@ -16,6 +16,9 @@ jobs:
       - name: "Install curl"
         shell: bash
         run: "yum install -y curl"
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: "mkdir -p /run/sshd"
       - name: "Install openssh-server"
         shell: bash
         run: "yum install -y openssh-server"

.github/workflows/gen_ubuntu20.04.yml

@@ -31,6 +31,9 @@ jobs:
       - name: "Install curl"
         shell: bash
         run: "apt-get install -y curl"
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: "mkdir -p /run/sshd"
       - name: "Install openssh-server"
         shell: bash
         run: "apt-get install -y openssh-server"

.github/workflows/gen_ubuntu20.04_continuous.yml

@@ -41,6 +41,11 @@ jobs:
         run: |
           export BUILD_REASON=Schedule
           apt-get install -y curl
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: |
+          export BUILD_REASON=Schedule
+          mkdir -p /run/sshd
       - name: "Install openssh-server"
         shell: bash
         run: |

.github/workflows/gen_ubuntu20.04_tag.yml

@@ -22,6 +22,9 @@ jobs:
       - name: "Install curl"
         shell: bash
         run: "apt-get install -y curl"
+      - name: "Ensure /run/sshd exists"
+        shell: bash
+        run: "mkdir -p /run/sshd"
       - name: "Install openssh-server"
         shell: bash
         run: "apt-get install -y openssh-server"

Cargo.lock

@@ -5382,6 +5382,7 @@ dependencies = [
  "structopt",
  "termwiz",
  "thiserror",
+ "whoami",
 ]
 
 [[package]]
@@ -5485,6 +5486,16 @@ dependencies = [
  "bitflags",
 ]
 
+[[package]]
+name = "whoami"
+version = "1.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cabfe22aa4936611957e0b5ad9ed0472ac52b2bfb9aedac4a3f3a91a03bd1ff0"
+dependencies = [
+ "wasm-bindgen",
+ "web-sys",
+]
+
 [[package]]
 name = "winapi"
 version = "0.2.8"

ci/generate-workflows.py

@@ -162,7 +162,10 @@ class Target(object):
 
     def install_openssh_server(self):
         if self.uses_yum() or (self.uses_apt() and self.container):
-            return self.install_system_package("openssh-server")
+            return (
+                [RunStep("Ensure /run/sshd exists", "mkdir -p /run/sshd")]
+                + self.install_system_package("openssh-server")
+            )
         return []
 
     def install_newer_compiler(self):

wezterm-ssh/Cargo.toml

@@ -41,3 +41,4 @@ shell-words = "1.0"
 smol-potat = "1.1.2"
 structopt = "0.3"
 termwiz = { path = "../termwiz" }
+whoami = "1.1"

wezterm-ssh/tests/sshd.rs

@@ -1,5 +1,5 @@
 use assert_fs::{prelude::*, TempDir};
-use once_cell::sync::OnceCell;
+use once_cell::sync::{Lazy, OnceCell};
 use rstest::*;
 use std::{
     collections::HashMap,
@@ -21,6 +21,8 @@ const BIN_PATH_STR: &str = "/usr/sbin/sshd";
 /// Port range to use when finding a port to bind to (using IANA guidance)
 const PORT_RANGE: (u16, u16) = (49152, 65535);
 
+const USERNAME: Lazy<String> = Lazy::new(|| whoami::username());
+
 pub struct SshKeygen;
 
 impl SshKeygen {
@@ -92,6 +94,7 @@ impl Default for SshdConfig {
         let mut config = Self::new();
 
         config.set_authentication_methods(vec!["publickey".to_string()]);
+        config.set_use_privilege_separation(false);
         config.set_subsystem(true, true);
         config.set_use_pam(false);
         config.set_x11_forwarding(true);
@@ -400,6 +403,7 @@ pub async fn session(sshd: &'_ Sshd) -> Session {
     // generated identity file, and host file
     let mut config = config.for_host("localhost");
     config.insert("port".to_string(), port.to_string());
+    config.insert("user".to_string(), USERNAME.to_string());
     config.insert("identitiesonly".to_string(), "yes".to_string());
     config.insert(
         "identityfile".to_string(),