Issue
The Heroku Exec documentation covers starting the exec process in a container, but it assumes Ubuntu is being used and can fail to start with other flavors of Linux.
Resolution
The heroku-exec.sh script sources another script from $HEROKU_EXEC_URL which contains these lines:
if ssh -V 2>&1 | grep -q -e '^OpenSSH_7\.2.*$' -e '^OpenSSH_6\.6.*$'; then
echo "UsePrivilegeSeparation no" >> $HOME/.ssh/sshd_config
fi
CentOS, for example, defaults to OpenSSH 7.4 so this condition is never met and there are permission errors when the script tries to start sshd.
The script also expects $HOME to be set to a valid path other than /.
∴
It's not pretty, but this alternative heroku-exec.sh script removes the condition before sourcing the downloaded script:
if [ -z "$SSH_CLIENT" ]; then
# ensure $HOME is set
export HOME=/heroku
curl --fail --retry 3 -sSL "$HEROKU_EXEC_URL" -o $HOME/exec-script.sh
# remove the condition around: echo "UsePrivilegeSeparation no" >> $HOME/.ssh/sshd_config
# first get the line number that matches: if ssh -V 2>&1 | grep -q -e '^OpenSSH_7\.2.*$' -e '^OpenSSH_6\.6.*$'; then
LINE_IF=$(grep -n "OpenSSH_" $HOME/exec-script.sh | cut -f1 -d:)
LINE_FI=$(($LINE_IF + 2))
sed -i.orig -e "${LINE_FI}d;${LINE_IF}d" $HOME/exec-script.sh
source $HOME/exec-script.sh
fi