docker-env: change --ssh-host login as root

cmd/minikube/cmd/docker-env.go

@@ -384,6 +384,11 @@ docker-cli install instructions: https://minikube.sigs.k8s.io/docs/tutorials/doc
 			sshAgentPID: co.Config.SSHAgentPID,
 		}
 
+		if sshHost == true {
+			ec.username = "root"
+			sshAdd = true
+		}
+
 		dockerPath, err := exec.LookPath("docker")
 		if err != nil {
 			klog.Warningf("Unable to find docker in path - skipping connectivity check: %v", err)
@@ -425,10 +430,8 @@ docker-cli install instructions: https://minikube.sigs.k8s.io/docs/tutorials/doc
 			}
 
 			// TODO: refactor to work with docker, temp fix to resolve regression
-			if cr == constants.Containerd {
-				// eventually, run something similar to ssh --append-known
-				appendKnownHelper(nodeName, true)
-			}
+			// eventually, run something similar to ssh --append-known
+			appendKnownHelper(nodeName, true)
 		}
 	},
 }

cmd/minikube/cmd/start.go

@@ -2096,10 +2096,30 @@ func startNerdctld(options *run.CommandOptions) {
 		exit.Error(reason.StartNerdctld, fmt.Sprintf("Failed to enable nerdctl.socket: %s", rest.Output()), err)
 	}
 
-	// set up environment variable on remote machine. docker client uses 'non-login & non-interactive shell' therefore the only way is to modify .bashrc file of user 'docker'
-	// insert this at 4th line
-	envSetupCommand := exec.Command("/bin/bash", "-c", "sed -i '4i export DOCKER_HOST=unix:///var/run/nerdctl.sock' .bashrc")
-	if rest, err := runner.RunCmd(envSetupCommand); err != nil {
-		exit.Error(reason.StartNerdctld, fmt.Sprintf("Failed to set up DOCKER_HOST: %s", rest.Output()), err)
+	// set up DOCKER_HOST in both docker and root .bashrc so docker-env --ssh-host works for both users
+	ensureNerdctlDockerHostInBashrc(runner, "/home/docker/.bashrc", false)
+	ensureNerdctlDockerHostInBashrc(runner, "/root/.bashrc", true)
+}
+
+// ensureNerdctlDockerHostInBashrc adds export DOCKER_HOST=unix:///var/run/nerdctl.sock to the given user's .bashrc if not already present.
+func ensureNerdctlDockerHostInBashrc(runner command.Runner, bashrcPath string, useSudo bool) {
+	const exportLine = "export DOCKER_HOST=unix:///var/run/nerdctl.sock"
+
+	checkArgs := []string{"-c", fmt.Sprintf("grep -q 'DOCKER_HOST=unix:///var/run/nerdctl.sock' %s", bashrcPath)}
+	checkCmd := exec.Command("sh", checkArgs...)
+	if useSudo {
+		checkCmd = exec.Command("sudo", append([]string{"sh"}, checkArgs...)...)
+	}
+	if _, err := runner.RunCmd(checkCmd); err == nil {
+		return // already present
+	}
+
+	sedArgs := []string{"-c", fmt.Sprintf("sed -i '4i %s' %s", exportLine, bashrcPath)}
+	sedCmd := exec.Command("sh", sedArgs...)
+	if useSudo {
+		sedCmd = exec.Command("sudo", append([]string{"sh"}, sedArgs...)...)
+	}
+	if rest, err := runner.RunCmd(sedCmd); err != nil {
+		exit.Error(reason.StartNerdctld, fmt.Sprintf("Failed to set up DOCKER_HOST in %s: %s", bashrcPath, rest.Output()), err)
 	}
 }

pkg/provision/provision.go

@@ -135,7 +135,11 @@ func configureAuth(p miniProvisioner) error {
 		return fmt.Errorf("error generating server cert: %v", err)
 	}
 
-	return copyRemoteCerts(authOptions, driver)
+	if err := copyRemoteCerts(authOptions, driver); err != nil {
+		return err
+	}
+
+	return configureRootSSH(p)
 }
 
 func copyHostCerts(authOptions auth.Options) error {
@@ -212,6 +216,14 @@ func copyRemoteCerts(authOptions auth.Options, driver drivers.Driver) error {
 	return nil
 }
 
+func configureRootSSH(p miniProvisioner) error {
+	cmd := "sudo mkdir -p /root/.ssh && sudo cp /home/docker/.ssh/authorized_keys /root/.ssh/authorized_keys && sudo chown -R root:root /root/.ssh"
+	if _, err := p.SSHCommand(cmd); err != nil {
+		return fmt.Errorf("configure root SSH: %w", err)
+	}
+	return nil
+}
+
 func setRemoteAuthOptions(p provision.Provisioner) auth.Options {
 	dockerDir := p.GetDockerOptionsDir()
 	authOptions := p.GetAuthOptions()