From 506aa3713b7a572bdce54eb7dadf9ccb11225821 Mon Sep 17 00:00:00 2001
From: Sam Leonard <sam.leonard@codethink.co.uk>
Date: Wed, 10 Apr 2024 16:21:12 +0100
Subject: [PATCH] vmspawn: add a dropin override to sshd-vsock@.service

---
 src/vmspawn/vmspawn.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/vmspawn/vmspawn.c b/src/vmspawn/vmspawn.c
index 3279d147e05..116c043709f 100644
--- a/src/vmspawn/vmspawn.c
+++ b/src/vmspawn/vmspawn.c
@@ -1867,6 +1867,18 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
                 r = unit_name_to_prefix(trans_scope, &scope_prefix);
                 if (r < 0)
                         return log_error_errno(r, "Failed to strip .scope suffix from scope: %m");
+
+                /* on distros that provide their own sshd@.service file we need to provide a dropin which
+                 * picks up our public key credential */
+                r = machine_credential_set(
+                                &arg_credentials,
+                                "systemd.unit-dropin.sshd-vsock@.service:"
+                                "[Service]\n"
+                                "ExecStart=\n"
+                                "ExecStart=sshd -i -o 'AuthorizedKeysFile=%d/ssh.ephemeral-authorized_keys-all .ssh/authorized_keys'\n"
+                                "ImportCredential=ssh.ephemeral-authorized_keys-all\n");
+                if (r < 0)
+                        return log_error_errno(r, "Failed to set credential systemd.unit-dropin.sshd-vsock@.service: %m");
         }
 
         if (ARCHITECTURE_SUPPORTS_SMBIOS)
-- 
2.47.3