diff --git a/enos/modules/docker_openssh_server_ca_key/custom-cont-init.d/00-trust-user-ca b/enos/modules/docker_openssh_server_ca_key/custom-cont-init.d/00-trust-user-ca index 00cd08e724c..de348a417ad 100644 --- a/enos/modules/docker_openssh_server_ca_key/custom-cont-init.d/00-trust-user-ca +++ b/enos/modules/docker_openssh_server_ca_key/custom-cont-init.d/00-trust-user-ca @@ -2,13 +2,13 @@ # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: BUSL-1.1 -cp /ca/ca-key.pub /etc/ssh/ca-key.pub -chown 1000:1000 /etc/ssh/ca-key.pub -chmod 644 /etc/ssh/ca-key.pub -echo TrustedUserCAKeys /etc/ssh/ca-key.pub >> /etc/ssh/sshd_config -echo PermitTTY yes >> /etc/ssh/sshd_config -sed -i 's/X11Forwarding no/X11Forwarding yes/' /etc/ssh/sshd_config -echo "X11UseLocalhost no" >> /etc/ssh/sshd_config +cp /ca/ca-key.pub /config/sshd/ca-key.pub +chown 1000:1000 /config/sshd/ca-key.pub +chmod 644 /config/sshd/ca-key.pub +echo TrustedUserCAKeys /config/sshd/ca-key.pub >> /config/sshd/sshd_config +echo PermitTTY yes >> /config/sshd/sshd_config +sed -i 's/X11Forwarding no/X11Forwarding yes/' /config/sshd/sshd_config +echo "X11UseLocalhost no" >> /config/sshd/sshd_config apk update apk add xterm util-linux dbus ttf-freefont xauth firefox diff --git a/enos/modules/docker_openssh_server_ca_key/custom-cont-init.d/01-allow-tcp-forwarding b/enos/modules/docker_openssh_server_ca_key/custom-cont-init.d/01-allow-tcp-forwarding new file mode 100644 index 00000000000..b5f589da23f --- /dev/null +++ b/enos/modules/docker_openssh_server_ca_key/custom-cont-init.d/01-allow-tcp-forwarding @@ -0,0 +1,5 @@ +#!/usr/bin/with-contenv bash +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: BUSL-1.1 + +sed -i 's/AllowTcpForwarding no/AllowTcpForwarding yes/' /config/sshd/sshd_config diff --git a/enos/modules/docker_openssh_server_ca_key/main.tf b/enos/modules/docker_openssh_server_ca_key/main.tf index c6cd4bab6c4..11fcfc8b4a2 100644 --- a/enos/modules/docker_openssh_server_ca_key/main.tf +++ b/enos/modules/docker_openssh_server_ca_key/main.tf @@ -61,9 +61,14 @@ locals { ca_public_key = data.tls_public_key.ca_key.public_key_openssh } +data "docker_registry_image" "openssh" { + name = var.image_name +} + resource "docker_image" "openssh_server" { name = var.image_name keep_locally = true + pull_triggers = [data.docker_registry_image.openssh.sha256_digest] } resource "docker_container" "openssh_server" { @@ -75,6 +80,7 @@ resource "docker_container" "openssh_server" { "TZ=US/Eastern", "USER_NAME=${var.target_user}", "PUBLIC_KEY=${local.ssh_public_key}", + "SUDO_ACCESS=true", ] network_mode = "bridge" dynamic "networks_advanced" {