/usr/lib/condor/libexec/condor_ssh_to_job_sshd_setup is in htcondor 8.6.8~dfsg.1-2.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 | #!/bin/sh
die() {
echo $1
exit 1
}
base_dir="$1"
ssh_to_job_shell_setup="$2"
sshd_config_template="$3"
ssh_keygen="$4"
# create sshd session directory
num=1
while [ 1 ]; do
sshd_dir="${base_dir}/.condor_ssh_to_job_${num}"
if /bin/mkdir "${sshd_dir}" > /dev/null 2>&1; then
break
fi
if [ -e "${sshd_dir}" ]; then
num=$(($num+1))
continue
fi
die "Failed to create ${sshd_dir}"
done
# save environment so that ssh_to_job_shell_setup can restore it
# do not preserve the job's DISPLAY environment variable, because
# that will conflict with X forwarding in the ssh session
unset DISPLAY
export -p > "${sshd_dir}/env.sh"
if [ -x /bin/sed ]; then
SED=/bin/sed
elif [ -x /usr/bin/sed ]; then
SED=/usr/bin/sed
else
SED=sed
fi
sshkey="${sshd_dir}/sshkey"
# modify ssh-keygen command string
# replace %% --> %, %f --> ${sshkey}
ssh_keygen=$(echo "${ssh_keygen}" | "${SED}" 's|\([^%]\)%f|\1'"${sshkey}"'|g;s|%%|%|g')
# run ssh-keygen
eval $ssh_keygen > "${sshd_dir}/keygen.log" 2>&1
if [ $? != 0 ]; then
/bin/cat "${sshd_dir}/keygen.log"
die "Failed to create ssh key ${sshkey} with command ${ssh_keygen}"
fi
# inject our shell setup command into authorized keys options
force_command="${ssh_to_job_shell_setup} ${sshd_dir}/env.sh"
/bin/echo -n "command=\"${force_command}\" " > "${sshd_dir}/authorized_keys" \
|| die "Failed to create ${sshd_dir}/authorized_keys"
/bin/cat "${sshkey}.pub" >> "${sshd_dir}/authorized_keys" \
|| die "Failed to append ${sshkey}.pub to ${sshd_dir}/authorized_keys."
# create sshd_config by substituting into our template
sshd_config="${sshd_dir}/sshd_config"
"${SED}" \
< "${sshd_config_template}" \
> "${sshd_config}" \
"s|_INSERT_HOST_KEY_|${sshkey}|g;
s|_INSERT_AUTHORIZED_KEYS_FILE_|${sshd_dir}/authorized_keys|g;
s|_INSERT_FORCE_COMMAND_|${force_command}|g"\
|| die "Failed to create ${sshd_config}"
sshd_user=`/usr/bin/whoami` || die "Failed to run /usr/bin/whoami"
# now transmit stuff back to our caller on stdout
# the caller expects specific markers before and after each item
echo "condor_ssh_to_job_sshd_setup SSHD USER BEGIN"
echo "${sshd_user}"
echo "condor_ssh_to_job_sshd_setup SSHD USER END"
echo "condor_ssh_to_job_sshd_setup SSHD DIR BEGIN"
echo "${sshd_dir}"
echo "condor_ssh_to_job_sshd_setup SSHD DIR END"
echo "condor_ssh_to_job_sshd_setup PUBLIC SERVER KEY BEGIN"
/bin/cat "${sshkey}.pub" \
|| die "Failed to read ${sshkey}.pub"
echo "condor_ssh_to_job_sshd_setup PUBLIC SERVER KEY END"
echo "condor_ssh_to_job_sshd_setup AUTHORIZED CLIENT KEY BEGIN"
/bin/cat "${sshkey}" \
|| die "Failed to read ${sshkey}"
echo "condor_ssh_to_job_sshd_setup AUTHORIZED CLIENT KEY END"
echo "condor_ssh_to_job_sshd_setup SUCCESS"
|