snap and ssh

Seth Arnold seth.arnold at
Thu Nov 24 02:33:00 UTC 2016

On Wed, Nov 23, 2016 at 02:29:12PM +0100, Didier Roche wrote:
> It seems then that ssh is using hardcoded paths like /home/$USER/.ssh
> for looking by default to id_rsa file and not using $HOME. Multiple ways
> to get that fixed:
> * reading the openssh-client code and fix it to use $HOME (and so, it
> will use your snap $HOME)

openssh is using the standard getpwnam() interface to retrieve home
directory information:

openssh uses getpwnam(), getpwent(), getpwuid(), extensively. [1]
Undoing this would take a lot of time.

I can imagine a few ways to customize the home directory results for

- Write libraries to LD_PRELOAD to intercept this family of
  functions and modify the results of lookups

- Modify an /etc/passwd that's bind-mounted over the host's version so the
  standard library routines function normally

- Write an NSS library that knows snappy

- Ship a different ssh client that's easier to configure (really,
  untangling the standard unix password database from openssh looks like
  an extremely expensive task.)

Each of these have pros and cons for different use cases. (For example,
the LD_PRELOAD and NSS library choices may not even function in a
statically-compiled executable, so they may have limited applicability.)


1: $ grep -rE '(getpwnam|getpwuid|getpwent|pw->)' | wc -l

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <>

More information about the Snapcraft mailing list