From 20bf6afee47246ae846c56c595e679d6b33b0c75 Mon Sep 17 00:00:00 2001 From: Conan Scott Date: Mon, 2 Feb 2026 05:01:17 +0000 Subject: [PATCH] Fix SSH session crash: Disable PAM and enable stderr logging --- manifests/deployment.yaml | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml index f1846de..58e6277 100644 --- a/manifests/deployment.yaml +++ b/manifests/deployment.yaml @@ -27,7 +27,7 @@ spec: - | # 1. Fix data volume permissions chown -R 1000:0 /data && chmod -R 775 /data - + # 2. Setup writable SSH tirectory from Secret cp /mnt/keys/authorized_keys /working-ssh/ chown 1000:0 /working-ssh/authorized_keys @@ -37,12 +37,26 @@ spec: mountPath: /data - name: ssh-keys-secret mountPath: /mnt/keys - - name: ssh-working + - name: ssh-working mountPath: /working-ssh containers: - name: clawdbox image: default-route-openshift-image-registry.apps.lab.apilab.us/clawdbox/clawdbox:latest imagePullPolicy: Always + command: + - /bin/bash + - "-c" + - | + mkdir -p /data/ssh + if [ ! -f /data/ssh/ssh_host_rsa_key ]; then + echo 'Generating persistent host keys...' + ssh-keygen -f /data/ssh/ssh_host_rsa_key -N '' -t rsa + ssh-keygen -f /data/ssh/ssh_host_ecdsa_key -N '' -t ecdsa + ssh-keygen -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519 + fi + chmod 600 /data/ssh/ssh_host_*_key + # Run sshd with PAM disabled and logging to stderr + /usr/sbin/sshd -D -e -f /etc/ssh/sshd_config -o UsePAM=no ports: - containerPort: 2222 name: ssh @@ -62,7 +76,7 @@ spec: runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 - allowPrivilegeEscalation: true + allowPrivilegeEscalation: false capabilities: drop: ["ALL"] volumes: @@ -74,4 +88,4 @@ spec: secretName: clawdbox-ssh-keys defaultMode: 0600 - name: ssh-working - emptyDir: {} + emptyDir: {} \ No newline at end of file