snap and ssh
Seth Arnold
seth.arnold at canonical.com
Thu Nov 24 02:33:00 UTC 2016
On Wed, Nov 23, 2016 at 02:29:12PM +0100, Didier Roche wrote:
> It seems then that ssh is using hardcoded paths like /home/$USER/.ssh
> for looking by default to id_rsa file and not using $HOME. Multiple ways
> to get that fixed:
> * reading the openssh-client code and fix it to use $HOME (and so, it
> will use your snap $HOME)
openssh is using the standard getpwnam() interface to retrieve home
directory information:
http://sources.debian.net/src/openssh/1:7.3p1-3/misc.c/#L579
openssh uses getpwnam(), getpwent(), getpwuid(), extensively. [1]
Undoing this would take a lot of time.
I can imagine a few ways to customize the home directory results for
openssh:
- Write libraries to LD_PRELOAD to intercept this family of
functions and modify the results of lookups
- Modify an /etc/passwd that's bind-mounted over the host's version so the
standard library routines function normally
- Write an NSS library that knows snappy
- Ship a different ssh client that's easier to configure (really,
untangling the standard unix password database from openssh looks like
an extremely expensive task.)
Each of these have pros and cons for different use cases. (For example,
the LD_PRELOAD and NSS library choices may not even function in a
statically-compiled executable, so they may have limited applicability.)
Thanks
1: $ grep -rE '(getpwnam|getpwuid|getpwent|pw->)' | wc -l
350
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20161123/a873fc69/attachment.sig>
More information about the Snapcraft
mailing list