From 44910d6b3552d751c8ab3c32ab183be9ab9ed97d Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone <exarkun@twistedmatrix.com> Date: Wed, 10 Jun 2020 15:36:03 -0400 Subject: [PATCH] Fix handling of root user ssh configuration --- nixos/modules/ssh.nix | 2 +- nixos/modules/tests/private-storage.nix | 11 +++++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/nixos/modules/ssh.nix b/nixos/modules/ssh.nix index ca9b3154..93c1be87 100644 --- a/nixos/modules/ssh.nix +++ b/nixos/modules/ssh.nix @@ -45,7 +45,7 @@ users.users = let makeUserConfig = username: sshPublicKey: { - isNormalUser = true; + isNormalUser = username != "root"; openssh.authorizedKeys.keys = [ sshPublicKey ]; }; in builtins.mapAttrs makeUserConfig cfg.sshUsers; diff --git a/nixos/modules/tests/private-storage.nix b/nixos/modules/tests/private-storage.nix index 2bdd25a8..47acfbf4 100644 --- a/nixos/modules/tests/private-storage.nix +++ b/nixos/modules/tests/private-storage.nix @@ -5,14 +5,15 @@ let sshPrivateKey = ./probeuser_ed25519; sshPublicKey = ./probeuser_ed25519.pub; sshUsers = { + root = (builtins.readFile sshPublicKey); probeuser = (builtins.readFile sshPublicKey); }; # Generate a command which can be used with runOnNode to ssh to the given # host. - ssh = hostname: [ + ssh = username: hostname: [ "cp" sshPrivateKey "/tmp/ssh_key" ";" "chmod" "0400" "/tmp/ssh_key" ";" - "ssh" "-oStrictHostKeyChecking=no" "-i" "/tmp/ssh_key" "probeuser@${hostname}" ":" + "ssh" "-oStrictHostKeyChecking=no" "-i" "/tmp/ssh_key" "${username}@${hostname}" ":" ]; # Separate helper programs so we can write as little perl inside a string @@ -186,9 +187,11 @@ import <nixpkgs/nixos/tests/make-test.nix> { # doesn't prove it is so but if it fails it's a pretty good indication # it isn't so. $storage->waitForOpenPort(22); - ${runOnNode "issuer" (ssh "storage")} + ${runOnNode "issuer" (ssh "probeuser" "storage")} + ${runOnNode "issuer" (ssh "root" "storage")} $issuer->waitForOpenPort(22); - ${runOnNode "storage" (ssh "issuer")} + ${runOnNode "storage" (ssh "probeuser" "issuer")} + ${runOnNode "storage" (ssh "root" "issuer")} # Set up a Tahoe-LAFS introducer. $introducer->copyFileFromHost( -- GitLab