Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

podman machine ssh failed in fedora for rootless #11731

Closed
pendulm opened this issue Sep 24, 2021 · 6 comments · Fixed by #11752
Closed

podman machine ssh failed in fedora for rootless #11731

pendulm opened this issue Sep 24, 2021 · 6 comments · Fixed by #11752
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. machine

Comments

@pendulm
Copy link
Contributor

pendulm commented Sep 24, 2021

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

podman machine works on Fedora 34, But failed when ssh login in the machine.

$  podman machine ssh podman-machine-default
Connecting to vm podman-machine-default. To close connection, use `~.` or `exit`
Bad owner or permissions on /etc/ssh/ssh_config.d/50-redhat.conf
Error: exit status 255

Steps to reproduce the issue:
In Fedora Linux 34

  1. podman machine init

  2. podman machine start podman-machine-default

  3. podman machine ssh podman-machine-default
    failed

Describe the results you received:
Bad owner or permissions on /etc/ssh/ssh_config.d/50-redhat.conf
Error: exit status 255

Describe the results you expected:

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Version:      3.3.1
API Version:  3.3.1
Go Version:   go1.16.6
Built:        Tue Aug 31 04:46:36 2021
OS/Arch:      linux/amd64
@pendulm
Copy link
Contributor Author

pendulm commented Sep 24, 2021

In rootless mode, podman enter userns which ssh complain abount permission.

$ podman unshare

# ls -lh /etc/ssh/ssh_config.d/50-redhat.conf
-rw-r--r--. 1 nobody nobody 831 May 24 20:15 /etc/ssh/ssh_config.d/50-redhat.conf

# ssh  -i /home/mike/.ssh/podman-machine-default  -p 40317 core@localhost "-o UserKnownHostsFile /dev/null" "-o StrictHostKeyChecking no"
Bad owner or permissions on /etc/ssh/ssh_config.d/50-redhat.conf

@vrothberg
Copy link
Member

Thanks for reaching out, @pendulm. I guess that podman machine shouldn't enter the user ns. @giuseppe WDYT?

@Luap99 Luap99 added kind/bug Categorizes issue or PR as related to a bug. machine labels Sep 24, 2021
pendulm added a commit to pendulm/podman that referenced this issue Sep 24, 2021
@pendulm
Fix machine ssh login failed in rootless mode
d1fe291 
add option to not read system ssh configurations
Fixes: containers#11731

Signed-off-by: pendulm <lonependulm@gmail.com>
@pendulm pendulm mentioned this issue Sep 24, 2021
Closed
@Luap99
Copy link
Member

Luap99 commented Sep 24, 2021

Yes it should not need to join the usersns. All machine commands already disabled the normal podman setup.

I guess this should work:

$ git diff
diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c
index 4d8443fcb..6ce4b1e29 100644
--- a/pkg/rootless/rootless_linux.c
+++ b/pkg/rootless/rootless_linux.c
@@ -212,6 +212,7 @@ can_use_shortcut ()
         continue;
 
       if (strcmp (argv[argc], "mount") == 0
+          || strcmp (argv[argc], "machine") == 0
           || strcmp (argv[argc], "search") == 0
           || (strcmp (argv[argc], "system") == 0 && argv[argc+1] && strcmp (argv[argc+1], "service") != 0))
         {

@rhatdan
Copy link
Member

rhatdan commented Sep 24, 2021

Yes Please open a PR.

@giuseppe
Copy link
Member

the patch LGTM. @Luap99 please open a PR

Luap99 added a commit to Luap99/libpod that referenced this issue Sep 27, 2021
@Luap99
podman machine: do not join userns
c668ca8 
The go logic already prevents podman from joining the userns for machine
commands but the c shortcut code did not.

[NO TESTS NEEDED]

Fixes containers#11731

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
@Luap99 Luap99 mentioned this issue Sep 27, 2021
Merged
@Luap99
Copy link
Member

Luap99 commented Sep 27, 2021

PR #11752

mheon pushed a commit to mheon/libpod that referenced this issue Sep 29, 2021
@Luap99 @mheon
podman machine: do not join userns
7395459 
The go logic already prevents podman from joining the userns for machine
commands but the c shortcut code did not.

[NO TESTS NEEDED]

Fixes containers#11731

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 21, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. machine
Projects
None yet
Milestone
No milestone
5 participants
@giuseppe @pendulm @rhatdan @vrothberg @Luap99