diff options
| author | Sam Leonard <sam.leonard@codethink.co.uk> | 2024-04-10 17:21:12 +0200 |
|---|---|---|
| committer | Luca Boccassi <bluca@debian.org> | 2024-05-09 00:24:54 +0200 |
| commit | 506aa3713b7a572bdce54eb7dadf9ccb11225821 (patch) | |
| tree | ac617b65e16e88dc5d7b7dc8a77a2f12b2202025 /src/vmspawn | |
| parent | systemctl-show: make show_memory_available cover memory_available itself (diff) | |
| download | systemd-506aa3713b7a572bdce54eb7dadf9ccb11225821.tar.xz systemd-506aa3713b7a572bdce54eb7dadf9ccb11225821.zip | |
vmspawn: add a dropin override to sshd-vsock@.service
Diffstat (limited to 'src/vmspawn')
| -rw-r--r-- | src/vmspawn/vmspawn.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/vmspawn/vmspawn.c b/src/vmspawn/vmspawn.c index 3279d147e0..116c043709 100644 --- a/src/vmspawn/vmspawn.c +++ b/src/vmspawn/vmspawn.c @@ -1867,6 +1867,18 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) { r = unit_name_to_prefix(trans_scope, &scope_prefix); if (r < 0) return log_error_errno(r, "Failed to strip .scope suffix from scope: %m"); + + /* on distros that provide their own sshd@.service file we need to provide a dropin which + * picks up our public key credential */ + r = machine_credential_set( + &arg_credentials, + "systemd.unit-dropin.sshd-vsock@.service:" + "[Service]\n" + "ExecStart=\n" + "ExecStart=sshd -i -o 'AuthorizedKeysFile=%d/ssh.ephemeral-authorized_keys-all .ssh/authorized_keys'\n" + "ImportCredential=ssh.ephemeral-authorized_keys-all\n"); + if (r < 0) + return log_error_errno(r, "Failed to set credential systemd.unit-dropin.sshd-vsock@.service: %m"); } if (ARCHITECTURE_SUPPORTS_SMBIOS) |