From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7188033154287927296 X-Received: by 2002:a17:907:8b08:b0:7bd:f57f:76a4 with SMTP id sz8-20020a1709078b0800b007bdf57f76a4mr3939038ejc.413.1674636351995; Wed, 25 Jan 2023 00:45:51 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a17:906:5052:b0:7c1:2050:cc5f with SMTP id e18-20020a170906505200b007c12050cc5fls11171256ejk.0.-pod-prod-gmail; Wed, 25 Jan 2023 00:45:50 -0800 (PST) X-Google-Smtp-Source: AMrXdXtmQbfcVqHsqXrjqJDFEBz2z2CFqO9F3KnScAcFPrMXHlhHILlnSPZx+OKDQPRPfd5XNiqC X-Received: by 2002:a17:906:b50:b0:870:5ed6:74a0 with SMTP id v16-20020a1709060b5000b008705ed674a0mr34452973ejg.73.1674636350907; Wed, 25 Jan 2023 00:45:50 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1674636350; cv=pass; d=google.com; s=arc-20160816; b=IgSVSdDOKMjWS0ho1avIIQtmzSUtr5IDgvvbwMsNU451U6zugmEjSqePVswSa59Pq/ fymIkDJ4XH1nyreSIKfm8mgVTG1kz/F4lSuSpH59YDk3nBYpbCeSAgT0uDlJmhcqC5Mi 4az1eZ0/tiw5o5siJ74/ur+cwWw87DTMKs9Y3NzU5DwkxglxnUjM0Ol78admOHxJWv8u f4WVnQq04ADcqOEARkHePBLP7tRmSalwne/Pwv81zfPIukvS4lfsZVg7N86V5wXY6xjd Spn6GYxqRVP03fFUsEqJaNA6yA5brpjF9KEal/CLRiAqNjxBfdTW63kJmBsq3is57+Gj o3uw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:subject:cc:to:from:date:dkim-signature; bh=G/ooC96p9Tg75PGfYO5G155tbkecE0YrVCBUj1gEXrs=; b=d7y9qyMdwKfbunVY07bGBz1fHM0zCGCZvWNt0lSp/XrkB9e/l1MUSgyx7sj2TtwaU0 SI/UEV6TqxyGHcgzkNyKx/kzK+nozRMjfFjfd7b90FZjKpA3KAu8KWVBb73wrkT/tVSb vciRAx9RDWwG/Kcuk/K1Ht/L2z2XfmR5oJtbcZs/xF3xLRVjlM409G6qbjnrawzOt7Np Nun2gS26FibKWmazeJpv/NZnnma3Ss6EITdKYirvZOEHZcblzkZIszCthe/1zm2UB/8G g6ft4DJOgzocCjv3UoBzKzl6KK6zARH1u7adCDPBsfZGjhvW9AT3Qk+Fewatfp/4yDyJ 9N4Q== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=KDdXa3DT; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of henning.schild@siemens.com designates 40.107.21.44 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2044.outbound.protection.outlook.com. [40.107.21.44]) by gmr-mx.google.com with ESMTPS id g8-20020a056402320800b0046920d68fe2si228017eda.4.2023.01.25.00.45.50 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Jan 2023 00:45:50 -0800 (PST) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 40.107.21.44 as permitted sender) client-ip=40.107.21.44; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=KDdXa3DT; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of henning.schild@siemens.com designates 40.107.21.44 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jyz0dnwBKo11dDjomy7GVnoXQ6XbExsdT4noYVwKNyTBdiJpI0yQyOM4acw2EoGWspO6yH/Iafbh75G+CpCGn3WH4S4AS+vbPRylQCbKwua8AOztSTOgSfUcLDu0YUD4e3VoEJGBcDbxNjrg+tRpL0ykRyaQ21ZVft+KYZMhzTX1eu6NW0sl3MLZYvK0T1l5vlMdhxxOSuHprL6kyJoxxuxWOFLYddjJRascCsG1o42G6cu3LLmVirWKJBBfZ3JX3+cPd8ZYX0xo7jq1HuiHnryk0RS+6t3O6O920ZGUMw3isUYFgib8x4AoY7iVhYoBBYpKN2hrCwUW3RSex8qQGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=G/ooC96p9Tg75PGfYO5G155tbkecE0YrVCBUj1gEXrs=; b=NEAggSQubx0OPXrXrssn1rZ9UcW4rAUDD4kqku7BWSKSUOtoGxNAAqx5YuVQEMPGndXKgeANbRFdsfla4dlZLm5wPDUDZqKQSJgLuTFzpMwbd8Hq84gKJHoLVZfMnyHC4vOFnsZnf6mnHRr7o25ZMATvHiP+53m/G+n8p2ujlqjjNzFMUoT434D6PVr5KQQWdleLpjzA6LB5y5GR36IfP6fThXfQaNW2324iNtoslBolNxhRBAd3zXXLxCMcBKtbHK10GSkPep1Pk35arXR5svcoxhQYEEjQftubSHEMHdbxQSjR/Hjo1x9p2txaPsc1A5JpkC0N5o25CH34VtobLA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G/ooC96p9Tg75PGfYO5G155tbkecE0YrVCBUj1gEXrs=; b=KDdXa3DT9zGxbbgy5/NISh5WkInSajDAaxdpnoKxfyD8l3/n1j6TFwN+Lm/UKVZ1MRro+57xeKvpg434FIZkqmZcpH2hTGLI4CEdZqS3u2aIIfHgiuEVhVMbgsOVulM/VSYrmr5sJu/CdS8vOYHtSuqJLxekBW/TcVUsiqCDjaweaHhl6O4UHq4barswVTfUJ6/3stnsBShldNGvw+2YuFPVzwgltoodJ4vUzZNfixI62jMuafsZlLM9TJ8WnBJyXw3IUnv7cCK5Hs+jPY/Hmy5LfazULIYvbToQHmg0F6B9ag5XJrSgdJ+akyvglMgcl+E9bDkGA6rIWxdJzk82IQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:269::8) by DU0PR10MB6440.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:407::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.33; Wed, 25 Jan 2023 08:45:49 +0000 Received: from PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM ([fe80::bdf0:fdeb:f955:bc79]) by PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM ([fe80::bdf0:fdeb:f955:bc79%4]) with mapi id 15.20.6002.033; Wed, 25 Jan 2023 08:45:49 +0000 Date: Wed, 25 Jan 2023 09:45:43 +0100 From: Henning Schild To: Uladzimir Bely Cc: isar-users@googlegroups.com Subject: Re: [PATCH 05/11] image-account-extension: Add copy-ci-key flag for user Message-ID: <20230125094543.296194ac@md1za8fc.ad001.siemens.net> In-Reply-To: <1900519.7Z3S40VBb9@hp> References: <20230113071942.22506-1-ubely@ilbers.de> <20230124080924.5c7d5a99@md1za8fc.ad001.siemens.net> <20230124081828.3ecd59bb@md1za8fc.ad001.siemens.net> <1900519.7Z3S40VBb9@hp> X-Mailer: Claws Mail 4.1.0 (GTK 3.24.35; x86_64-pc-linux-gnu) Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: VI1P194CA0002.EURP194.PROD.OUTLOOK.COM (2603:10a6:800:be::12) To PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:269::8) Return-Path: henning.schild@siemens.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PA4PR10MB5780:EE_|DU0PR10MB6440:EE_ X-MS-Office365-Filtering-Correlation-Id: 9a8500b8-3525-414d-4ce6-08dafeb08ed1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: /nh/isQaP5RE89YvNQs2e8OGQAropmtxlSaiYVTrAIfSzhuTZHwAwfnA3cf85FMdTbJz645LrGwNrdYiMztBhUxmbcmtSeAMUkG64mOZs0wzLSNniXmnSf5SdA16yuDxLwpi9p/gQUmbpugYlIsuedFt6lNBDbHd8i4aLqq5U7nZWPvK+hC7wbAq9oSR3OIOtvYKpZzrm90uB8222G5Bafw5f8n2wr80qe5DOYSYMR3dtZv3LUW9aAwjYScQrqGzV1Ml3nNgXUpjFo7ATfokwLb+FlQHhYVuDm4tsvP/s3jDpN+VgBKjkEbAgIcAsCsVnsuBcuJw1s+nLwdaBzBo4d2Xv5B45scY9qNB5avqvtcjKyJMI5Ze6ruKeyteHwetkl/ihqQK/iKeW1O6tcLqFbcXwWwaFk/i/lyJcJ7PtttFo80QSHb61yZ52EfavlCik6mTaFG+JNBgY5nL2G5VjxwX4Idif4GZJ8Do7CjKVl70r27o50q+/f4ejMYJHCkVQTXHe9T0JS9uJR1jWm92MlfRWnPuSzIHGTYQgF6G6ELcwKjf1Xb+La+gri+p5lL6qg73S796XZJq1vyIzoohgJO3BU2lRko9tDa2WtdGHbGZQDRuBNZfEtuY/4Ajr6WLio2mHH7lGpWzVfTi7NLb3Q== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230025)(4636009)(346002)(39860400002)(366004)(396003)(136003)(376002)(451199018)(83380400001)(6486002)(4326008)(9686003)(1076003)(186003)(316002)(66946007)(6666004)(66556008)(8676002)(86362001)(478600001)(44832011)(82960400001)(2906002)(38100700002)(15650500001)(66476007)(6916009)(6506007)(6512007)(41300700001)(5660300002)(8936002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?QUZ5MW9rTE8ybjlTeUVZSkFXWU9YKzc2MWFyb285SlB4R3ZyN3JWQ09wc2JS?= =?utf-8?B?ME8zdy9PN0w0QjkxZ1hnS2xNWmJ5WUlnYUk2NUU4YWVvenArcThBNVFVdVRq?= =?utf-8?B?amtjTjZEQWU0QmlpTEJWNytzZ0lwbjRsbWp3RDNHOUIzUlF6RmU4VDRGUERp?= =?utf-8?B?Mlowb0VnQWkvRGdzWWdPd25ybVZqL2c0eXNoZkZoWE84UjdoOTdaYXBQamZP?= =?utf-8?B?SmVCYWhHUUJkWnZGWjMveG14ZFZxNW5oUGV2OTlleFZBY1NWcURERjJsWTFK?= =?utf-8?B?ZC9iTEZVREJzM0ZUOFlsdDA4Ti9NbjE0bHoxamFzLytzMFB6Y202M1I5eVor?= =?utf-8?B?Z0Q5YWkzdW9uNmphcWtQb1JmYXBBbHNIUzN6UFh3aFB1VlRtUTRIUXdCaXZU?= =?utf-8?B?M3NYbjdJUnJYUm8xZ1Zzb1VGL2tmcDFwL2U5WHJlZ1paLy81RnFwLzhjUVQ5?= =?utf-8?B?azkvVHYyQi9mUElSWHBDeURCWi95VnJpUWtxblBXWmdEUi9QcCtnRGN6THFu?= =?utf-8?B?eXdoYnJ6RFFNYWYrWENOQXlkZkEyN3YyUi9YNDY1UWN6QWhPYlNWNU9wWVdm?= =?utf-8?B?RVJFcVZMdlhlc0dLMjhTUGNNWWZobzJ2T0syZFFsTS80S3NZVUhoaUh5dlM2?= =?utf-8?B?VEZxVHREU1RWdUdtVi9qUGhNNmhZV0hBeVMxc2g5VXNZS2Q1dCthOW5pRWtq?= =?utf-8?B?a3d3N1ZJbVhzRHY0RVNuQkhPSXZjOWpRVXZqYllaOHlBcG8xbEp2emxBTGdH?= =?utf-8?B?ZHR5Sll1NXd1YlU0MExuajdzTGlyTWFZeWNlVE93ZE94SHNycTJrWmZvbVNG?= =?utf-8?B?eHBEazMrWDc3L29mc1QyalZhbGllemVFSnlodlRBenpxS2tBUHYrYWRnOVl2?= =?utf-8?B?cWQ1N0FlVEhIYm1hWm4zU3V4dWVsTlZHa2RRUXFNcFo2R2RCSEQzUnZhallw?= =?utf-8?B?WTBmbEhVajFid2VYOWErYTNJK3ZLMXpGWm5HQ2xjZzk5d0YyYlBOSUViV3F1?= =?utf-8?B?cU5tWVBXZk1EVEl4TXZZL1FzdXQvRi9xdmtzT2s5Vk1wUWtYZVdWT1VISGlR?= =?utf-8?B?bkJnMm9UV0VKbExNUHovL2JIcjVobU52ZTN0OUlHd3NQc3pKN2h4QUQ0TnRO?= =?utf-8?B?SHlVNDNBbC9zbFlUMHQ3MTNrUEFKMnhjLzhkbnZGbklUMCtEWTgwV2xlNWlu?= =?utf-8?B?a2taTGVZQUxaOHRSdS9IT3g3WmRPU2tNTVhOUGxnUURsQUpFenBmeTNqSGh0?= =?utf-8?B?Y0xxdXMwd05hU3lQT1FwMTUyQWhQZnJYOUhOL0FuOWpEUUwyK0lTN1liVXBG?= =?utf-8?B?cFJWYjVRR3lCRnBienNHNEs3WTlqS3k3c3E2RDVZZEQ1dmhXbXNGckhwY21Y?= =?utf-8?B?ckZEbEhpZzZ2eWUvOWxnNWpyUXRieERTckhxU29CZ0ZhMGVyL09KQm9UbW1V?= =?utf-8?B?UldDMlBDa0J2UVA2T0t1c2pmQ2h0ZXB4TEVTa2M2V0syVFpmSHZzbThqS2pv?= =?utf-8?B?YU1wVm5maDRWSFpmb3Vkc1hPOFVybksvN1lEVEJvbEM5eThnRkZtZGcxQTF2?= =?utf-8?B?eFZoVnZXTFF5QXE1RFdGMHR3Z01BdmpGQnFvSTNuWnVSM3FGWHp0VEU4M2JP?= =?utf-8?B?YTZzUEdqby9HWEwrdS9PK0pjcEFneUQ3dTZvREprcDE3WUlYazNqSHVGMWZp?= =?utf-8?B?M0xocnRzeHR5ZHpVREY4ZWRNWElsazNoZGdVcWRzMGhzVGhQdDczUjlFZWly?= =?utf-8?B?N25hZWxaZytTVStlYm54UUNGL3N6OXByRis5WFZnQ1N0eGsyWkRMRWMvNk1m?= =?utf-8?B?UHdQdUhaNDhBY2NGczJxUFdqcElvL3pyTGNIQno2enAzQ1EvaWlkZDYyanYy?= =?utf-8?B?VE16MTFLVEFXTkZWZkxUR0FMN1B4ZUV2L01Vckw5S0xsZmgzRjdHYmtuZlhz?= =?utf-8?B?UGVyektROCt6ektTTG5jbmVReExkS0RScEM5NnQxZ3I1UGRCWDUxMWdXS1pl?= =?utf-8?B?RzFhQ2dENmgrQXZVaGs4VWFQc3l4WC9oanJJTVBBYmp3Q0xFTlFTTk9uaXo2?= =?utf-8?B?VWZYQVF1Vm9tV1MzUUFFTklhajluTWxMTGJxOFkxQWU5VlJCYnZBQ3o3Q0RE?= =?utf-8?B?SlhYUDNJOUl2SUdHS25ucTh3RXMzU0wvQUwwaytHbVE3bmdMV1dYZ1N2MVFC?= =?utf-8?B?dElRNFlEOFJvNkI5NlYrMk5ma0t3QUdzMEROOXJkengzbi92c2lMMmp5aVE3?= =?utf-8?B?cmd2czdueDM5TTNBM2dBQURSa2JnPT0=?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9a8500b8-3525-414d-4ce6-08dafeb08ed1 X-MS-Exchange-CrossTenant-AuthSource: PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jan 2023 08:45:49.2001 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: YLk5mg/3itoRiSVQjpQbpwHy5m3W75HSdFPDaf/F8pgghZQfKD7957L9vNGrbOAVbkmY7q3MinMDjyd0NLLQda+I9DzdtnqyaSJBV/t1VOE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB6440 X-TUID: iWu4nuKYwBnS Am Wed, 25 Jan 2023 10:36:55 +0300 schrieb Uladzimir Bely : > In mail from =D0=B2=D1=82=D0=BE=D1=80=D0=BD=D0=B8=D0=BA, 24 =D1=8F=D0=BD= =D0=B2=D0=B0=D1=80=D1=8F 2023 =D0=B3. 10:18:28 +03 user Henning > Schild wrote: > > Am Tue, 24 Jan 2023 08:09:24 +0100 > >=20 > > schrieb Henning Schild : =20 > > > Am Fri, 13 Jan 2023 08:19:36 +0100 > > >=20 > > > schrieb Uladzimir Bely : =20 > > > > If the flag enabled, CI ssh public key is copied > > > > `authorized_keys` in `$USER/.ssh/` directory. > > > >=20 > > > > This allows non-interactive SSH access to the machine with > > > > executing custom commands on the guest VM. =20 > > >=20 > > > I would suggest to make that a debian raw package, examples on > > > how to do that can be found in many public layers. > > >=20 > > > You could i.e. drop an authorized-keys file into /etc/ssh/ and > > > using postinst append/change the AuthorizedKeysFile line in the > > > global ssh config =20 > >=20 > > Create the user ci like we create the user isar in example-raw, and > > drop that file into HOME/.ssh/, maybe depend on sudo and make sure > > that user can run any command without password. > > We could also use a trivial password and not have a key at all. > >=20 > > And when it is a package we can depend on regen-keys. > >=20 > > Henning > > =20 >=20 > Yes, it sounds reasonable. I't should be easier to manage everything > in one recipe, instead of specific image and image extensions. >=20 > I'm just not sure we can avoid using keys - I didn't manage to > execute commands (by running `ssh ` ) in > non-interactive way with only user passwords. Quick google pointed me to "sshpass -p ci ssh ". The tool would have to be installed with apt-get like we do with qemu-system. In fact ssh will also have to be installed. If that does not work, we use the key. Henning > > > That way we know which package owned that file and if we have a > > > prerm we can even remove everything with apt. > > >=20 > > > Henning > > > =20 > > > > Signed-off-by: Uladzimir Bely > > > > --- > > > >=20 > > > > meta/classes/image-account-extension.bbclass | 14 > > > > +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) > > > >=20 > > > > diff --git a/meta/classes/image-account-extension.bbclass > > > > b/meta/classes/image-account-extension.bbclass index > > > > 70950a7b..c9b86250 100644 --- > > > > a/meta/classes/image-account-extension.bbclass +++ > > > > b/meta/classes/image-account-extension.bbclass @@ -17,7 +17,7 @@ > > > > USERS ??=3D "" #USER_root[home] =3D "/home/root" > > > >=20 > > > > #USER_root[shell] =3D "/bin/sh" > > > > #USER_root[groups] =3D "audio video" > > > >=20 > > > > -#USER_root[flags] =3D "no-create-home create-home system > > > > allow-empty-password clear-text-password force-passwd-change" > > > > +#USER_root[flags] =3D "no-create-home create-home system > > > > allow-empty-password clear-text-password force-passwd-change > > > > copy-ci-key" GROUPS ??=3D "" > > > > @@ -263,5 +263,17 @@ image_postprocess_accounts() { > > > >=20 > > > > sudo -E chroot '${ROOTFSDIR}' \ > > > > =20 > > > > /usr/bin/passwd --expire "$name" > > > > =20 > > > > fi > > > >=20 > > > > + > > > > + # Add CI ssh key for noninteractive login > > > > + if [ "${flags}" !=3D "${flags%*,copy-ci-key,*}" ]; then > > > > + echo "Add CI ssh key for \"$name\"" > > > > + sudo sh -c " \ > > > > + mkdir -p ${ROOTFSDIR}/${home}/.ssh && \ > > > > + cat ${TESTSUITEDIR}/keys/ssh/id_rsa.pub > > > > > ${ROOTFSDIR}/${home}/.ssh/authorized_keys && \ > > > > + chmod -R go-rwx ${ROOTFSDIR}/${home}/.ssh > > > > + " > > > > + sudo -E chroot '${ROOTFSDIR}' \ > > > > + chown -R ${name}:${gid} ${home}/.ssh > > > > + fi > > > >=20 > > > > done > > > > =20 > > > > } =20 >=20 >=20 >=20 >=20