diff --git a/.cirrus.yml b/.cirrus.yml index 8fb2554c2..299e11578 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -13,7 +13,7 @@ task: - chmod +x /tmp/rustup.sh - RUSTUP_IO_THREADS=1 /tmp/rustup.sh -y -q - env PATH=$HOME/.cargo/bin:$PATH bash get-deps - - chmod og-rw $HOME + - mkdir -p /run/sshd test_script: - env PATH=$HOME/.cargo/bin:$PATH cargo build --all --release - env PATH=$HOME/.cargo/bin:$PATH cargo test --all --release diff --git a/.github/workflows/gen_centos7.yml b/.github/workflows/gen_centos7.yml index f7792e65c..ade889240 100644 --- a/.github/workflows/gen_centos7.yml +++ b/.github/workflows/gen_centos7.yml @@ -45,6 +45,9 @@ jobs: - name: "Install curl" shell: bash run: "yum install -y curl" + - name: "Ensure /run/sshd exists" + shell: bash + run: "mkdir -p /run/sshd" - name: "Install openssh-server" shell: bash run: "yum install -y openssh-server" diff --git a/.github/workflows/gen_centos7_continuous.yml b/.github/workflows/gen_centos7_continuous.yml index 731a93201..38c58d9de 100644 --- a/.github/workflows/gen_centos7_continuous.yml +++ b/.github/workflows/gen_centos7_continuous.yml @@ -54,6 +54,11 @@ jobs: run: | export BUILD_REASON=Schedule yum install -y curl + - name: "Ensure /run/sshd exists" + shell: bash + run: | + export BUILD_REASON=Schedule + mkdir -p /run/sshd - name: "Install openssh-server" shell: bash run: | diff --git a/.github/workflows/gen_centos7_tag.yml b/.github/workflows/gen_centos7_tag.yml index d6fb4215a..9ab062be8 100644 --- a/.github/workflows/gen_centos7_tag.yml +++ b/.github/workflows/gen_centos7_tag.yml @@ -36,6 +36,9 @@ jobs: - name: "Install curl" shell: bash run: "yum install -y curl" + - name: "Ensure /run/sshd exists" + shell: bash + run: "mkdir -p /run/sshd" - name: "Install openssh-server" shell: bash run: "yum install -y openssh-server" diff --git a/.github/workflows/gen_centos8.yml b/.github/workflows/gen_centos8.yml index 4a03b5fb7..f29e0bf0a 100644 --- a/.github/workflows/gen_centos8.yml +++ b/.github/workflows/gen_centos8.yml @@ -31,6 +31,9 @@ jobs: - name: "Install curl" shell: bash run: "yum install -y curl" + - name: "Ensure /run/sshd exists" + shell: bash + run: "mkdir -p /run/sshd" - name: "Install openssh-server" shell: bash run: "yum install -y openssh-server" diff --git a/.github/workflows/gen_centos8_continuous.yml b/.github/workflows/gen_centos8_continuous.yml index 183a962e3..57c99d4cf 100644 --- a/.github/workflows/gen_centos8_continuous.yml +++ b/.github/workflows/gen_centos8_continuous.yml @@ -41,6 +41,11 @@ jobs: run: | export BUILD_REASON=Schedule yum install -y curl + - name: "Ensure /run/sshd exists" + shell: bash + run: | + export BUILD_REASON=Schedule + mkdir -p /run/sshd - name: "Install openssh-server" shell: bash run: | diff --git a/.github/workflows/gen_centos8_tag.yml b/.github/workflows/gen_centos8_tag.yml index aa9f79dc4..ceda146b9 100644 --- a/.github/workflows/gen_centos8_tag.yml +++ b/.github/workflows/gen_centos8_tag.yml @@ -22,6 +22,9 @@ jobs: - name: "Install curl" shell: bash run: "yum install -y curl" + - name: "Ensure /run/sshd exists" + shell: bash + run: "mkdir -p /run/sshd" - name: "Install openssh-server" shell: bash run: "yum install -y openssh-server" diff --git a/.github/workflows/gen_debian10.3.yml b/.github/workflows/gen_debian10.3.yml index 622e3bdcf..31f440304 100644 --- a/.github/workflows/gen_debian10.3.yml +++ b/.github/workflows/gen_debian10.3.yml @@ -31,6 +31,9 @@ jobs: - name: "Install curl" shell: bash run: "apt-get install -y curl" + - name: "Ensure /run/sshd exists" + shell: bash + run: "mkdir -p /run/sshd" - name: "Install openssh-server" shell: bash run: "apt-get install -y openssh-server" diff --git a/.github/workflows/gen_debian10.3_continuous.yml b/.github/workflows/gen_debian10.3_continuous.yml index fdbbe2c82..0038b38d7 100644 --- a/.github/workflows/gen_debian10.3_continuous.yml +++ b/.github/workflows/gen_debian10.3_continuous.yml @@ -41,6 +41,11 @@ jobs: run: | export BUILD_REASON=Schedule apt-get install -y curl + - name: "Ensure /run/sshd exists" + shell: bash + run: | + export BUILD_REASON=Schedule + mkdir -p /run/sshd - name: "Install openssh-server" shell: bash run: | diff --git a/.github/workflows/gen_debian10.3_tag.yml b/.github/workflows/gen_debian10.3_tag.yml index 19126ee1f..23921bef9 100644 --- a/.github/workflows/gen_debian10.3_tag.yml +++ b/.github/workflows/gen_debian10.3_tag.yml @@ -22,6 +22,9 @@ jobs: - name: "Install curl" shell: bash run: "apt-get install -y curl" + - name: "Ensure /run/sshd exists" + shell: bash + run: "mkdir -p /run/sshd" - name: "Install openssh-server" shell: bash run: "apt-get install -y openssh-server" diff --git a/.github/workflows/gen_debian11.yml b/.github/workflows/gen_debian11.yml index 6115394ab..acf6318bf 100644 --- a/.github/workflows/gen_debian11.yml +++ b/.github/workflows/gen_debian11.yml @@ -31,6 +31,9 @@ jobs: - name: "Install curl" shell: bash run: "apt-get install -y curl" + - name: "Ensure /run/sshd exists" + shell: bash + run: "mkdir -p /run/sshd" - name: "Install openssh-server" shell: bash run: "apt-get install -y openssh-server" diff --git a/.github/workflows/gen_debian11_continuous.yml b/.github/workflows/gen_debian11_continuous.yml index 739cdeef7..4963a798e 100644 --- a/.github/workflows/gen_debian11_continuous.yml +++ b/.github/workflows/gen_debian11_continuous.yml @@ -41,6 +41,11 @@ jobs: run: | export BUILD_REASON=Schedule apt-get install -y curl + - name: "Ensure /run/sshd exists" + shell: bash + run: | + export BUILD_REASON=Schedule + mkdir -p /run/sshd - name: "Install openssh-server" shell: bash run: | diff --git a/.github/workflows/gen_debian11_tag.yml b/.github/workflows/gen_debian11_tag.yml index 986cd538f..b9d6141af 100644 --- a/.github/workflows/gen_debian11_tag.yml +++ b/.github/workflows/gen_debian11_tag.yml @@ -22,6 +22,9 @@ jobs: - name: "Install curl" shell: bash run: "apt-get install -y curl" + - name: "Ensure /run/sshd exists" + shell: bash + run: "mkdir -p /run/sshd" - name: "Install openssh-server" shell: bash run: "apt-get install -y openssh-server" diff --git a/.github/workflows/gen_debian9.12.yml b/.github/workflows/gen_debian9.12.yml index 549c43c2c..cf8051f2f 100644 --- a/.github/workflows/gen_debian9.12.yml +++ b/.github/workflows/gen_debian9.12.yml @@ -45,6 +45,9 @@ jobs: - name: "Install curl" shell: bash run: "apt-get install -y curl" + - name: "Ensure /run/sshd exists" + shell: bash + run: "mkdir -p /run/sshd" - name: "Install openssh-server" shell: bash run: "apt-get install -y openssh-server" diff --git a/.github/workflows/gen_debian9.12_continuous.yml b/.github/workflows/gen_debian9.12_continuous.yml index 1c9673187..72f576b28 100644 --- a/.github/workflows/gen_debian9.12_continuous.yml +++ b/.github/workflows/gen_debian9.12_continuous.yml @@ -54,6 +54,11 @@ jobs: run: | export BUILD_REASON=Schedule apt-get install -y curl + - name: "Ensure /run/sshd exists" + shell: bash + run: | + export BUILD_REASON=Schedule + mkdir -p /run/sshd - name: "Install openssh-server" shell: bash run: | diff --git a/.github/workflows/gen_debian9.12_tag.yml b/.github/workflows/gen_debian9.12_tag.yml index 12a55d80e..b3f8a090e 100644 --- a/.github/workflows/gen_debian9.12_tag.yml +++ b/.github/workflows/gen_debian9.12_tag.yml @@ -36,6 +36,9 @@ jobs: - name: "Install curl" shell: bash run: "apt-get install -y curl" + - name: "Ensure /run/sshd exists" + shell: bash + run: "mkdir -p /run/sshd" - name: "Install openssh-server" shell: bash run: "apt-get install -y openssh-server" diff --git a/.github/workflows/gen_fedora33.yml b/.github/workflows/gen_fedora33.yml index fc7e13cac..565fa144a 100644 --- a/.github/workflows/gen_fedora33.yml +++ b/.github/workflows/gen_fedora33.yml @@ -25,6 +25,9 @@ jobs: - name: "Install curl" shell: bash run: "yum install -y curl" + - name: "Ensure /run/sshd exists" + shell: bash + run: "mkdir -p /run/sshd" - name: "Install openssh-server" shell: bash run: "yum install -y openssh-server" diff --git a/.github/workflows/gen_fedora33_continuous.yml b/.github/workflows/gen_fedora33_continuous.yml index e22143813..427207800 100644 --- a/.github/workflows/gen_fedora33_continuous.yml +++ b/.github/workflows/gen_fedora33_continuous.yml @@ -31,6 +31,11 @@ jobs: run: | export BUILD_REASON=Schedule yum install -y curl + - name: "Ensure /run/sshd exists" + shell: bash + run: | + export BUILD_REASON=Schedule + mkdir -p /run/sshd - name: "Install openssh-server" shell: bash run: | diff --git a/.github/workflows/gen_fedora33_tag.yml b/.github/workflows/gen_fedora33_tag.yml index a1249c4e1..145ff506e 100644 --- a/.github/workflows/gen_fedora33_tag.yml +++ b/.github/workflows/gen_fedora33_tag.yml @@ -16,6 +16,9 @@ jobs: - name: "Install curl" shell: bash run: "yum install -y curl" + - name: "Ensure /run/sshd exists" + shell: bash + run: "mkdir -p /run/sshd" - name: "Install openssh-server" shell: bash run: "yum install -y openssh-server" diff --git a/.github/workflows/gen_fedora34.yml b/.github/workflows/gen_fedora34.yml index 906141cea..f43115dcc 100644 --- a/.github/workflows/gen_fedora34.yml +++ b/.github/workflows/gen_fedora34.yml @@ -25,6 +25,9 @@ jobs: - name: "Install curl" shell: bash run: "yum install -y curl" + - name: "Ensure /run/sshd exists" + shell: bash + run: "mkdir -p /run/sshd" - name: "Install openssh-server" shell: bash run: "yum install -y openssh-server" diff --git a/.github/workflows/gen_fedora34_continuous.yml b/.github/workflows/gen_fedora34_continuous.yml index f68650d5f..33529b737 100644 --- a/.github/workflows/gen_fedora34_continuous.yml +++ b/.github/workflows/gen_fedora34_continuous.yml @@ -31,6 +31,11 @@ jobs: run: | export BUILD_REASON=Schedule yum install -y curl + - name: "Ensure /run/sshd exists" + shell: bash + run: | + export BUILD_REASON=Schedule + mkdir -p /run/sshd - name: "Install openssh-server" shell: bash run: | diff --git a/.github/workflows/gen_fedora34_tag.yml b/.github/workflows/gen_fedora34_tag.yml index 6b6f893b5..235b79490 100644 --- a/.github/workflows/gen_fedora34_tag.yml +++ b/.github/workflows/gen_fedora34_tag.yml @@ -16,6 +16,9 @@ jobs: - name: "Install curl" shell: bash run: "yum install -y curl" + - name: "Ensure /run/sshd exists" + shell: bash + run: "mkdir -p /run/sshd" - name: "Install openssh-server" shell: bash run: "yum install -y openssh-server" diff --git a/.github/workflows/gen_ubuntu20.04.yml b/.github/workflows/gen_ubuntu20.04.yml index 810361b76..c5c7af92a 100644 --- a/.github/workflows/gen_ubuntu20.04.yml +++ b/.github/workflows/gen_ubuntu20.04.yml @@ -31,6 +31,9 @@ jobs: - name: "Install curl" shell: bash run: "apt-get install -y curl" + - name: "Ensure /run/sshd exists" + shell: bash + run: "mkdir -p /run/sshd" - name: "Install openssh-server" shell: bash run: "apt-get install -y openssh-server" diff --git a/.github/workflows/gen_ubuntu20.04_continuous.yml b/.github/workflows/gen_ubuntu20.04_continuous.yml index dac5ae39a..37bb61af9 100644 --- a/.github/workflows/gen_ubuntu20.04_continuous.yml +++ b/.github/workflows/gen_ubuntu20.04_continuous.yml @@ -41,6 +41,11 @@ jobs: run: | export BUILD_REASON=Schedule apt-get install -y curl + - name: "Ensure /run/sshd exists" + shell: bash + run: | + export BUILD_REASON=Schedule + mkdir -p /run/sshd - name: "Install openssh-server" shell: bash run: | diff --git a/.github/workflows/gen_ubuntu20.04_tag.yml b/.github/workflows/gen_ubuntu20.04_tag.yml index 3555d61c5..9b4403181 100644 --- a/.github/workflows/gen_ubuntu20.04_tag.yml +++ b/.github/workflows/gen_ubuntu20.04_tag.yml @@ -22,6 +22,9 @@ jobs: - name: "Install curl" shell: bash run: "apt-get install -y curl" + - name: "Ensure /run/sshd exists" + shell: bash + run: "mkdir -p /run/sshd" - name: "Install openssh-server" shell: bash run: "apt-get install -y openssh-server" diff --git a/Cargo.lock b/Cargo.lock index 602aab9d2..5e0c02422 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -5382,6 +5382,7 @@ dependencies = [ "structopt", "termwiz", "thiserror", + "whoami", ] [[package]] @@ -5485,6 +5486,16 @@ dependencies = [ "bitflags", ] +[[package]] +name = "whoami" +version = "1.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cabfe22aa4936611957e0b5ad9ed0472ac52b2bfb9aedac4a3f3a91a03bd1ff0" +dependencies = [ + "wasm-bindgen", + "web-sys", +] + [[package]] name = "winapi" version = "0.2.8" diff --git a/ci/generate-workflows.py b/ci/generate-workflows.py index e2117691d..38d279505 100755 --- a/ci/generate-workflows.py +++ b/ci/generate-workflows.py @@ -162,7 +162,10 @@ class Target(object): def install_openssh_server(self): if self.uses_yum() or (self.uses_apt() and self.container): - return self.install_system_package("openssh-server") + return ( + [RunStep("Ensure /run/sshd exists", "mkdir -p /run/sshd")] + + self.install_system_package("openssh-server") + ) return [] def install_newer_compiler(self): diff --git a/wezterm-ssh/Cargo.toml b/wezterm-ssh/Cargo.toml index 2cb38646c..c46da0153 100644 --- a/wezterm-ssh/Cargo.toml +++ b/wezterm-ssh/Cargo.toml @@ -41,3 +41,4 @@ shell-words = "1.0" smol-potat = "1.1.2" structopt = "0.3" termwiz = { path = "../termwiz" } +whoami = "1.1" diff --git a/wezterm-ssh/tests/sshd.rs b/wezterm-ssh/tests/sshd.rs index 9326d9e64..1c5817471 100644 --- a/wezterm-ssh/tests/sshd.rs +++ b/wezterm-ssh/tests/sshd.rs @@ -1,5 +1,5 @@ use assert_fs::{prelude::*, TempDir}; -use once_cell::sync::OnceCell; +use once_cell::sync::{Lazy, OnceCell}; use rstest::*; use std::{ collections::HashMap, @@ -21,6 +21,8 @@ const BIN_PATH_STR: &str = "/usr/sbin/sshd"; /// Port range to use when finding a port to bind to (using IANA guidance) const PORT_RANGE: (u16, u16) = (49152, 65535); +const USERNAME: Lazy = Lazy::new(|| whoami::username()); + pub struct SshKeygen; impl SshKeygen { @@ -92,6 +94,7 @@ impl Default for SshdConfig { let mut config = Self::new(); config.set_authentication_methods(vec!["publickey".to_string()]); + config.set_use_privilege_separation(false); config.set_subsystem(true, true); config.set_use_pam(false); config.set_x11_forwarding(true); @@ -400,6 +403,7 @@ pub async fn session(sshd: &'_ Sshd) -> Session { // generated identity file, and host file let mut config = config.for_host("localhost"); config.insert("port".to_string(), port.to_string()); + config.insert("user".to_string(), USERNAME.to_string()); config.insert("identitiesonly".to_string(), "yes".to_string()); config.insert( "identityfile".to_string(),