From 8772f0706369e2ce550751ce35bff02df79518ac Mon Sep 17 00:00:00 2001
From: Andrea Righi <arighi@nvidia.com>
Date: Tue, 31 Dec 2024 07:54:34 +0100
Subject: [PATCH] sshd: generate a custom sshd_config

Instead of relying on the host's sshd configuration, generate a custom
sshd_config to make sure that all the options required by virtme-ng are
enabled.

Signed-off-by: Andrea Righi <arighi@nvidia.com>
---
 virtme/guest/virtme-sshd-script | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/virtme/guest/virtme-sshd-script b/virtme/guest/virtme-sshd-script
index 50a0d453..c8b84f2c 100755
--- a/virtme/guest/virtme-sshd-script
+++ b/virtme/guest/virtme-sshd-script
@@ -24,18 +24,37 @@ SSH_AUTH_KEYS="${SSH_HOME}/.ssh/authorized_keys"
 if [ "$(stat -f -c "%t" "${SSH_AUTH_KEYS}")" = "${OVERLAYFS}" ]; then
     cat "${SSH_HOME}"/.ssh/id_*.pub >> "${SSH_AUTH_KEYS}" 2>/dev/null
     chown "${virtme_ssh_user}" "${SSH_AUTH_KEYS}" 2>/dev/null
+    chmod 600 "${SSH_HOME}/.ssh/authorized_keys" 2>/dev/null
 fi
 
 # Generate ssh host keys (if they don't exist already).
 CACHE_DIR=${SSH_HOME}/.cache/virtme-ng/.ssh
 mkdir -p "${CACHE_DIR}/etc/ssh"
 ssh-keygen -A -f "${CACHE_DIR}"
+
+# Generate a minimal sshd config.
+SSH_CONFIG=/etc/ssh/sshd_config
+if [ "$(stat -f -c "%t" "${SSH_CONFIG}")" = "${OVERLAYFS}" ]; then
+    ssh_dir=$(dirname "${SSH_CONFIG}")
+    mkdir -p "${ssh_dir}"
+    cat << EOF > "${SSH_CONFIG}"
+# This file is automatically generated by virtme-ng.
+Port 22
+PermitRootLogin yes
+AuthorizedKeysFile .ssh/authorized_keys
+PubkeyAuthentication yes
+UsePAM yes
+PrintMotd no
+EOF
+fi
+
+# Start sshd.
 ARGS=()
 for key in "${CACHE_DIR}"/etc/ssh/ssh_host_*_key; do
     ARGS+=(-h "${key}")
 done
 
-# Start sshd.
 mkdir -p /run/sshd
 rm -f /var/run/nologin
-/usr/sbin/sshd "${ARGS[@]}"
+
+/usr/sbin/sshd -f "${SSH_CONFIG}" "${ARGS[@]}"