Core: allow getting ssh user and password from environment variables

Co-authored-by: João Antônio Cardoso <joao.maker@gmail.com>

Author: Williangalvani

core/libs/commonwealth/commonwealth/utils/commands.py

@@ -1,3 +1,4 @@
+import os
 import subprocess
 from pathlib import Path
 from typing import List, Optional
@@ -12,8 +13,8 @@ class KeyNotFound(Exception):
 def run_command_with_password(command: str, check: bool = True) -> "subprocess.CompletedProcess['str']":
     # attempt to run the command with sshpass
     # used as a fallback if the ssh key is not found
-    user = "pi"
-    password = "raspberry"
+    user = os.environ.get("SSH_USER", "pi")
+    password = os.environ.get("SSH_PASSWORD", "raspberry")
 
     return subprocess.run(
         [
@@ -35,7 +36,7 @@ def run_command_with_password(command: str, check: bool = True) -> "subprocess.C
 
 def run_command_with_ssh_key(command: str, check: bool = True) -> "subprocess.CompletedProcess['str']":
     # attempt to run the command with the ssh key
-    user = "pi"
+    user = os.environ.get("SSH_USER", "pi")
     id_file = "/root/.config/.ssh/id_rsa"
     if not Path(id_file).exists():
         raise KeyNotFound
@@ -84,8 +85,8 @@ def upload_file_with_password(
 ) -> "subprocess.CompletedProcess['str']":
     # attempt to upload the file with sshpass
     # used as a fallback if the ssh key is not found
-    user = "pi"
-    password = "raspberry"
+    user = os.environ.get("SSH_USER", "pi")
+    password = os.environ.get("SSH_PASSWORD", "raspberry")
 
     return subprocess.run(
         [
@@ -105,7 +106,7 @@ def upload_file_with_password(
 
 def upload_file_with_ssh_key(source: str, destination: str, check: bool = True) -> "subprocess.CompletedProcess['str']":
     # attempt to upload the file with the ssh key
-    user = "pi"
+    user = os.environ.get("SSH_USER", "pi")
     id_file = "/root/.config/.ssh/id_rsa"
     if not Path(id_file).exists():
         raise KeyNotFound

core/services/commander/main.py

@@ -226,7 +226,10 @@ def setup_ssh() -> None:
     key_path = Path("/root/.config/.ssh")
     private_key = key_path / "id_rsa"
     public_key = private_key.with_suffix(".pub")
-    authorized_keys = Path("/home/pi/.ssh/authorized_keys")
+    user = os.environ.get("SSH_USER", "pi")
+    gid = int(os.environ.get("USER_GID", 1000))
+    uid = int(os.environ.get("USER_UID", 1000))
+    authorized_keys = Path(f"/home/{user}/.ssh/authorized_keys")
 
     try:
         key_path.mkdir(parents=True, exist_ok=True)
@@ -247,7 +250,7 @@ def setup_ssh() -> None:
             authorized_keys_text += public_key_text
             authorized_keys.write_text(authorized_keys_text, "utf-8")
 
-        shutil.chown(authorized_keys, "pi", "pi")
+        os.chown(authorized_keys, uid, gid)
         authorized_keys.chmod(0o600)
     except Exception as error:
         logger.error(f"Error setting up ssh: {error}")

core/start-blueos-core

@@ -159,8 +159,10 @@ function create_service {
     tmux send-keys -t $SESSION_NAME "run-service '$SERVICE_NAME' '$command' $memory_limit_mb " C-m
 }
 
+SSH_USER=${SSH_USER:-pi}
+
 ssh_command() {
-  ssh -i /root/.config/.ssh/id_rsa -o StrictHostKeyChecking=no pi@localhost "$1"
+  ssh -i /root/.config/.ssh/id_rsa -o StrictHostKeyChecking=no $SSH_USER@localhost "$1"
 }
 
 prepare_cgroups() {

core/tools/scripts/red-pill

@@ -9,7 +9,7 @@ usage() {
 }
 
 # Default values
-user="pi"
+user=${SSH_USER:-pi}
 
 while getopts ":hu:" opt; do
   case ${opt} in