See Determining the location of the SSH keys inside the container.Ĭopy the custom SSH software into the contaier (SSH daemon, SSH client). and 9.ĭetermine the location of the SSH keys in the container. Get the username from the passwd file supplied by step 2.ĭetermine the user’s hook directory (where the SSH keys are stored) using data from steps 1. Read the user’s UID/GID from the OCI bundle’s config.json Read from stdin the container’s state as defined in the OCI specification.Įnter the container’s mount namespaces in order to access the container’s OCI bundle.Įnter the container’s pid namespace in order to start the sshd process inside the container. Read from the environment variables the port number to be used by the SSH daemon. Specified the SSH hook with the “start-ssh-daemon” CLI argument. Then runc executes the OCI prestart hooks specified in sarus.json. When the command “sarus run –ssh ” is issued, Sarus sets up the OCI bundle and executes How the SSH daemon and SSH client are setup in the container ¶ When the command sarus run -ssh is issued, the command object cli::CommandRun getsĮxecuted which in turn executes the SSH hook with the check-user-has-sshkeys CLI argument.Ĭheck that the user’s hook directory contains the SSH keys. How the existance of the SSH keys is checked ¶ The other key ( id_dropbear) will be used by the SSH client. One key ( dropbear_ecdsa_host_key) will be used by the SSH daemon, Read from the environment variables the location of the custom SSH software.Įxecute the program dropbearkey to generate two keys in the user’s hook directory, using the ECDSA algorithm. Get the username from the passwd file and use it to determine the user’s hook directory (where the SSH keys are stored). Read from the environment variables the location of the passwd file. Read from the environment variables the hook base directory. The hook performs the following operations:
In turn executes the SSH hook with the keygen CLI argument. When the command sarus ssh-keygen is issued, the command object cli::CommandSshkeygen gets executed which Such script also creates a localoptions.h header, overriding some of the default compile-time options of Dropbear.
The custom Dropbear is built and installed under the Sarus’s installation directory.ĭropbear is built according to the instructions provided in the /dep/build_dropbear.sh script. The SSH hook uses a custom statically-linked version of Dropbear.Īt build time, if the CMake’s parameter ENABLE_SSH=TRUE is specified, The nitty gritty ¶ The custom SSH software ¶ Performs different ssh-related operations depending on the CLI command that receives as parameter from the container engine. The SSH hook is an executable binary that Most of the ssh-related logic is encapsulated in the SSH hook.