Crostini image to include openssh server |
||||||||
Issue descriptionOpenssh server is required for FilesApp to do SFTP mount and make crositini files accessible.
,
Apr 18 2018
,
Apr 19 2018
,
Apr 20 2018
,
Apr 25 2018
,
Apr 25 2018
Is there a doc for describing how this works? I have some concerns: First, I don't think we should ship a container that out-of-the-box has services listening over TCP/UDP. Disregarding the above, installing openssh in the container means that we cannot rely on it. The user is free to trash the container as they see fit, including uninstalling openssh-server, changing the port/auth mechanisms, deleting SSH keys, ... SSH could be lddtree'd and run in the container, or just be run via maitred.
,
Apr 25 2018
Doc at https://docs.google.com/document/d/1vZPG4iOq2HHdqL9a98QBAModHVDS7etHmnNrD58huUg/edit We are aware that users may perform actions like you mention (uninstall sshd, change keys) which would break the files integration. We assume that these users know what they are doing, and they will not be surprised/upset at what breaks. I'm not familiar with lddtree or maitred. Are you suggesting an alternative way that an ssh server could run outside the container and still have access to the files within the container?
,
Apr 26 2018
So I think we want to do the same thing for the ssh server that we currently do for garcon and sommelier: ship it with the termina component, bind mount it into the container, and have it listen on some non-standard port with its own custom config. This way the user is free to install and run their own ssh server and be able to modify the config without having their files suddenly disappear.
,
Apr 27 2018
i don't think the lddtree approach works here. ssh relies on quite a bit more than just `sshd` ... it needs config files, keys, and maybe even auth stacks (e.g. pam).
,
May 4 2018
Set smbarber as owner.
,
May 15 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/board-overlays/+/988aea9365a1a849996f1b8d972c0b89a1633ef8 commit 988aea9365a1a849996f1b8d972c0b89a1633ef8 Author: Stephen Barber <smbarber@chromium.org> Date: Tue May 15 06:57:04 2018 termina: add sshd bind mounts to run_container BUG= chromium:834086 TEST=test sftp Change-Id: I7e65c789ae61561b78130c0216271e58c2b59bcf Reviewed-on: https://chromium-review.googlesource.com/1056497 Commit-Ready: Stephen Barber <smbarber@chromium.org> Tested-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> Reviewed-by: Jeffrey Kardatzke <jkardatzke@google.com> Reviewed-by: Joel Hockey <joelhockey@chromium.org> [rename] https://crrev.com/988aea9365a1a849996f1b8d972c0b89a1633ef8/project-termina/chromeos-base/termina-lxd-scripts/termina-lxd-scripts-0.0.1-r18.ebuild [modify] https://crrev.com/988aea9365a1a849996f1b8d972c0b89a1633ef8/project-termina/chromeos-base/termina-lxd-scripts/termina-lxd-scripts-0.0.1.ebuild [add] https://crrev.com/988aea9365a1a849996f1b8d972c0b89a1633ef8/project-termina/chromeos-base/termina-lxd-scripts/files/container_sshd_config [modify] https://crrev.com/988aea9365a1a849996f1b8d972c0b89a1633ef8/project-termina/chromeos-base/termina-lxd-scripts/files/run_container.sh
,
May 15 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/608649bd1bbc4912333437d8bf2187ea898ffe6d commit 608649bd1bbc4912333437d8bf2187ea898ffe6d Author: Stephen Barber <smbarber@chromium.org> Date: Tue May 15 21:13:15 2018 vm_tools: maitred: set /run/sshd/ to sticky dir BUG= chromium:834086 TEST=run_container script can add ssh keys Change-Id: I585c0349498d010b9364b229208b04948fa0805f Reviewed-on: https://chromium-review.googlesource.com/1056496 Commit-Ready: Stephen Barber <smbarber@chromium.org> Tested-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> [modify] https://crrev.com/608649bd1bbc4912333437d8bf2187ea898ffe6d/vm_tools/maitred/init.cc
,
May 16 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/containers/cros-container-guest-tools/+/dccd0c918f15878d7c23c4e22228bca217954531 commit dccd0c918f15878d7c23c4e22228bca217954531 Author: Stephen Barber <smbarber@chromium.org> Date: Wed May 16 05:00:06 2018 cros-sftp: add initial package BUG= chromium:834086 TEST=install cros-sftp package Change-Id: I89860d2e98068481c59f7da4582390e535939c57 Reviewed-on: https://chromium-review.googlesource.com/1046369 Reviewed-by: Stephen Barber <smbarber@chromium.org> Tested-by: Stephen Barber <smbarber@chromium.org> [add] https://crrev.com/dccd0c918f15878d7c23c4e22228bca217954531/cros-sftp/cros-sftp.service [add] https://crrev.com/dccd0c918f15878d7c23c4e22228bca217954531/cros-sftp/BUILD [add] https://crrev.com/dccd0c918f15878d7c23c4e22228bca217954531/cros-sftp/deb-description [modify] https://crrev.com/dccd0c918f15878d7c23c4e22228bca217954531/cros-guest-tools/BUILD
,
May 19 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/board-overlays/+/0c14afe42753b36537cb445abc1681274c641c02 commit 0c14afe42753b36537cb445abc1681274c641c02 Author: Stephen Barber <smbarber@chromium.org> Date: Sat May 19 06:07:37 2018 termina: lxd: disable strict mode checking BUG= chromium:834086 TEST=sftp works Change-Id: Ia0b98f65edba30836da2800a79efb78797f00a15 Reviewed-on: https://chromium-review.googlesource.com/1064482 Commit-Ready: Stephen Barber <smbarber@chromium.org> Tested-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> Reviewed-by: Joel Hockey <joelhockey@chromium.org> [modify] https://crrev.com/0c14afe42753b36537cb445abc1681274c641c02/project-termina/chromeos-base/termina-lxd-scripts/files/container_sshd_config [rename] https://crrev.com/0c14afe42753b36537cb445abc1681274c641c02/project-termina/chromeos-base/termina-lxd-scripts/termina-lxd-scripts-0.0.1-r21.ebuild
,
May 19 2018
Fixed, will land with the next VM uprev.
,
May 23 2018
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by joelhockey@chromium.org
, Apr 17 2018