From 41ee133f71cd3d24faeac9b158c749637acb8e8d Mon Sep 17 00:00:00 2001 From: Florent Revest Date: Mon, 18 Mar 2024 19:25:04 +0100 Subject: vm/isolated: allow the use of system-wide SSH config Most of the VM types tightly manage the target they SSH into and can safely assume that system wide SSH configuration would mess with the SSH flags provided by syzkaller. However, in the "isolate" VM type, one can connect to a host that is not at all managed by syzkaller. In this case, it can be useful to leverage system wide SSH config, maybe provided by a corporate environment. This adds an option to the isolated config to skip some of the SSH and SCP flags that would drop system wide config. --- vm/vmimpl/util.go | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) (limited to 'vm/vmimpl') diff --git a/vm/vmimpl/util.go b/vm/vmimpl/util.go index 9a007b386..a04914e6d 100644 --- a/vm/vmimpl/util.go +++ b/vm/vmimpl/util.go @@ -23,7 +23,8 @@ func SleepInterruptible(d time.Duration) bool { } } -func WaitForSSH(debug bool, timeout time.Duration, addr, sshKey, sshUser, OS string, port int, stop chan error) error { +func WaitForSSH(debug bool, timeout time.Duration, addr, sshKey, sshUser, OS string, port int, stop chan error, + systemSSHCfg bool) error { pwd := "pwd" if OS == targets.Windows { pwd = "dir" @@ -38,7 +39,7 @@ func WaitForSSH(debug bool, timeout time.Duration, addr, sshKey, sshUser, OS str case <-Shutdown: return fmt.Errorf("shutdown in progress") } - args := append(SSHArgs(debug, sshKey, port), sshUser+"@"+addr, pwd) + args := append(SSHArgs(debug, sshKey, port, systemSSHCfg), sshUser+"@"+addr, pwd) if debug { log.Logf(0, "running ssh: %#v", args) } @@ -55,28 +56,31 @@ func WaitForSSH(debug bool, timeout time.Duration, addr, sshKey, sshUser, OS str } } -func SSHArgs(debug bool, sshKey string, port int) []string { - return sshArgs(debug, sshKey, "-p", port, 0) +func SSHArgs(debug bool, sshKey string, port int, systemSSHCfg bool) []string { + return sshArgs(debug, sshKey, "-p", port, 0, systemSSHCfg) } -func SSHArgsForward(debug bool, sshKey string, port, forwardPort int) []string { - return sshArgs(debug, sshKey, "-p", port, forwardPort) +func SSHArgsForward(debug bool, sshKey string, port, forwardPort int, systemSSHCfg bool) []string { + return sshArgs(debug, sshKey, "-p", port, forwardPort, systemSSHCfg) } -func SCPArgs(debug bool, sshKey string, port int) []string { - return sshArgs(debug, sshKey, "-P", port, 0) +func SCPArgs(debug bool, sshKey string, port int, systemSSHCfg bool) []string { + return sshArgs(debug, sshKey, "-P", port, 0, systemSSHCfg) } -func sshArgs(debug bool, sshKey, portArg string, port, forwardPort int) []string { - args := []string{ - portArg, fmt.Sprint(port), - "-F", "/dev/null", - "-o", "UserKnownHostsFile=/dev/null", +func sshArgs(debug bool, sshKey, portArg string, port, forwardPort int, systemSSHCfg bool) []string { + args := []string{portArg, fmt.Sprint(port)} + if !systemSSHCfg { + args = append(args, + "-F", "/dev/null", + "-o", "UserKnownHostsFile=/dev/null", + "-o", "IdentitiesOnly=yes") + } + args = append(args, "-o", "BatchMode=yes", - "-o", "IdentitiesOnly=yes", "-o", "StrictHostKeyChecking=no", "-o", "ConnectTimeout=10", - } + ) if sshKey != "" { args = append(args, "-i", sshKey) } -- cgit mrf-deployment