Issue
The Heroku Exec documentation covers starting the exec process in a container, but it assumes Ubuntu is being used and can fail to start with other flavors of Linux.
Resolution
The heroku-exec.sh
script sources another script from $HEROKU_EXEC_URL
which contains these lines:
if ssh -V 2>&1 | grep -q -e '^OpenSSH_7\.2.*$' -e '^OpenSSH_6\.6.*$'; then
echo "UsePrivilegeSeparation no" >> $HOME/.ssh/sshd_config
fi
CentOS, for example, defaults to OpenSSH 7.4 so this condition is never met and there are permission errors when the script tries to start sshd
.
The script also expects $HOME
to be set to a valid path other than /
.
∴
It's not pretty, but this alternative heroku-exec.sh
script removes the condition before sourcing the downloaded script:
if [ -z "$SSH_CLIENT" ]; then
# ensure $HOME is set
export HOME=/heroku
curl --fail --retry 3 -sSL "$HEROKU_EXEC_URL" -o $HOME/exec-script.sh
# remove the condition around: echo "UsePrivilegeSeparation no" >> $HOME/.ssh/sshd_config
# first get the line number that matches: if ssh -V 2>&1 | grep -q -e '^OpenSSH_7\.2.*$' -e '^OpenSSH_6\.6.*$'; then
LINE_IF=$(grep -n "OpenSSH_" $HOME/exec-script.sh | cut -f1 -d:)
LINE_FI=$(($LINE_IF + 2))
sed -i.orig -e "${LINE_FI}d;${LINE_IF}d" $HOME/exec-script.sh
source $HOME/exec-script.sh
fi