Prevent copying of offending lines when creating .ssh/config

Some ssh configuration options are not accepted by the ssh version running inside chroot. Those options need to be filtered out when the configuration is copied while executing enter_chroot.sh. A new function is being added to do that. The list of substrings to be filtered out is defined as an array and can be extended as required. BUG=chromium-os:16441 TEST=manual: scripts 78 $ egrep '(UseProxyIf=|GSSAPIAuthentication no)' ~/.ssh/config UseProxyIf=false scripts 79 $ ./enter_chroot.sh (Grepo1) vbendeb@eskimo ~/trunk/src/scripts $ egrep '(UseProxyIf=|GSSAPIAuthentication no)' ~/.ssh/config (Grepo1) vbendeb@eskimo ~/trunk/src/scripts $ Change-Id: Ic52ef1ba7d015d76558efc39e178156f3d81bf78 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: http://gerrit.chromium.org/gerrit/2515 Reviewed-by: Chris Sosa <sosa%chromium.org@gtempaccount.com>
2025-09-24 07:01:13 +02:00 · 2011-06-12 12:09:16 -07:00 · 2011-06-12 12:09:16 -07:00 · 0779f528f5
commit 0779f528f5
parent 3cb23de123
1 changed files with 33 additions and 1 deletions
--- a/enter_chroot.sh
+++ b/enter_chroot.sh
@ -179,6 +179,38 @@ function env_sync_proc {
  done
 }

+function copy_ssh_config {
+  # Copy user .ssh/config into the chroot filtering out strings not supported
+  # by the chroot ssh. The chroot .ssh directory is passed in as the first
+  # parameter.
+
+  # ssh options to filter out. The entire strings containing these substrings
+  # will be deleted before copying.
+  local bad_options=(
+    'UseProxyIf='
+    'GSSAPIAuthentication no'
+  )
+  local sshc="${HOME}/.ssh/config"
+  local chroot_ssh_dir="${1}"
+  local filter
+  local option
+
+  if [ ! -f "${sshc}" ]; then
+    return # Nothing to copy.
+  fi
+
+  for option in "${bad_options[@]}"
+  do
+    if [ -z "${filter}" ]; then
+      filter="${option}"
+    else
+      filter+="\\|${option}"
+    fi
+  done
+
+  sed "/^.*\(${filter}\).*$/d" "${sshc}" > "${chroot_ssh_dir}/config"
+}
+
 function setup_env {
  # Validate sudo timestamp before entering the critical section so that we
  # don't stall for a password while we have the lockfile.
@ -210,7 +242,7 @@ function setup_env {
      if [ -n "${SSH_AUTH_SOCK}" -a -d "${HOME}/.ssh" ]; then
        mkdir -p "${TARGET_DIR}"
        cp -r "${HOME}/.ssh/known_hosts" "${TARGET_DIR}"
-        cp -r "${HOME}/.ssh/config" "${TARGET_DIR}"
+        copy_ssh_config "${TARGET_DIR}"
        ASOCK="$(dirname "${SSH_AUTH_SOCK}")"
        ensure_mounted "${ASOCK}" "--bind" "${ASOCK}"
      fi