diff options
| author | Craig Jennings <c@cjennings.net> | 2026-06-25 01:24:33 -0400 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-06-25 01:24:33 -0400 |
| commit | f50fc1def85c1dbbb0ec781be4071b7ec9285785 (patch) | |
| tree | 256b852c91a0a9289d130fcd8e79f5146b73c6cf /scripts/testing/lib/validation.sh | |
| parent | 3cac3b3dfcd432395201a309920c2491ee9caf01 (diff) | |
| download | archsetup-f50fc1def85c1dbbb0ec781be4071b7ec9285785.tar.gz archsetup-f50fc1def85c1dbbb0ec781be4071b7ec9285785.zip | |
fix(testing): authorize a root key so make test survives sshd hardening
The VM test SSHes into the guest as root with a password for the whole run. archsetup hardens sshd to PermitRootLogin prohibit-password and reloads it partway through the install, so every SSH after that step failed with "Permission denied" and the run aborted before any validation — make test had been silently broken since the hardening landed.
inject_root_key authorizes a throwaway root key right after the first SSH (before archsetup runs) and the ssh/scp helpers now add -i <key> via SSH_KEY_OPT. prohibit-password still allows root key auth, so the harness survives the very hardening it validates. Password stays as the fallback, so the change is additive.
Diffstat (limited to 'scripts/testing/lib/validation.sh')
| -rw-r--r-- | scripts/testing/lib/validation.sh | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/scripts/testing/lib/validation.sh b/scripts/testing/lib/validation.sh index 6855da7..900d675 100644 --- a/scripts/testing/lib/validation.sh +++ b/scripts/testing/lib/validation.sh @@ -21,7 +21,7 @@ declare -a UNKNOWN_ISSUES # SSH helper (uses globals: VM_IP, ROOT_PASSWORD) ssh_cmd() { sshpass -p "$ROOT_PASSWORD" ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \ - -o ConnectTimeout=10 -p "${SSH_PORT:-22}" "root@$VM_IP" "$@" 2>/dev/null + -o ConnectTimeout=10 ${SSH_KEY_OPT:-} -p "${SSH_PORT:-22}" "root@$VM_IP" "$@" 2>/dev/null } # Validation result helpers |