From 41ee133f71cd3d24faeac9b158c749637acb8e8d Mon Sep 17 00:00:00 2001 From: Florent Revest Date: Mon, 18 Mar 2024 19:25:04 +0100 Subject: vm/isolated: allow the use of system-wide SSH config Most of the VM types tightly manage the target they SSH into and can safely assume that system wide SSH configuration would mess with the SSH flags provided by syzkaller. However, in the "isolate" VM type, one can connect to a host that is not at all managed by syzkaller. In this case, it can be useful to leverage system wide SSH config, maybe provided by a corporate environment. This adds an option to the isolated config to skip some of the SSH and SCP flags that would drop system wide config. --- vm/gce/gce.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'vm/gce') diff --git a/vm/gce/gce.go b/vm/gce/gce.go index f775f43b5..16f3f996f 100644 --- a/vm/gce/gce.go +++ b/vm/gce/gce.go @@ -228,7 +228,7 @@ func (pool *Pool) Create(workdir string, index int) (vmimpl.Instance, error) { consoleReadCmd: pool.consoleReadCmd, } if err := vmimpl.WaitForSSH(pool.env.Debug, 5*time.Minute, ip, - sshKey, sshUser, pool.env.OS, 22, nil); err != nil { + sshKey, sshUser, pool.env.OS, 22, nil, false); err != nil { output, outputErr := inst.getSerialPortOutput() if outputErr != nil { output = []byte(fmt.Sprintf("failed to get boot output: %v", outputErr)) @@ -253,7 +253,7 @@ func (inst *instance) Forward(port int) (string, error) { func (inst *instance) Copy(hostSrc string) (string, error) { vmDst := "./" + filepath.Base(hostSrc) - args := append(vmimpl.SCPArgs(true, inst.sshKey, 22), hostSrc, inst.sshUser+"@"+inst.ip+":"+vmDst) + args := append(vmimpl.SCPArgs(true, inst.sshKey, 22, false), hostSrc, inst.sshUser+"@"+inst.ip+":"+vmDst) if err := runCmd(inst.debug, "scp", args...); err != nil { return "", err } @@ -433,7 +433,7 @@ func (inst *instance) ssh(args ...string) ([]byte, error) { } func (inst *instance) sshArgs(args ...string) []string { - sshArgs := append(vmimpl.SSHArgs(inst.debug, inst.sshKey, 22), inst.sshUser+"@"+inst.ip) + sshArgs := append(vmimpl.SSHArgs(inst.debug, inst.sshKey, 22, false), inst.sshUser+"@"+inst.ip) if inst.env.OS == targets.Linux && inst.sshUser != "root" { args = []string{"sudo", "bash", "-c", "'" + strings.Join(args, " ") + "'"} } @@ -455,7 +455,7 @@ func (inst *instance) serialPortArgs(replay bool) []string { } conAddr := fmt.Sprintf("%v.%v.%v.%s.port=1%s@%v-ssh-serialport.googleapis.com", inst.GCE.ProjectID, inst.GCE.ZoneID, inst.name, user, replayArg, inst.GCE.RegionID) - conArgs := append(vmimpl.SSHArgs(inst.debug, key, 9600), conAddr) + conArgs := append(vmimpl.SSHArgs(inst.debug, key, 9600, false), conAddr) // TODO(blackgnezdo): Remove this once ssh-serialport.googleapis.com stops using // host key algorithm: ssh-rsa. return append(conArgs, "-o", "HostKeyAlgorithms=+ssh-rsa") -- cgit mrf-deployment