From 058adb051496f23dcb9bfb955ae67c5dafc32534 Mon Sep 17 00:00:00 2001 From: Pim van den Berg Date: Sat, 17 Sep 2022 14:21:53 +0200 Subject: [PATCH] feat: add support for configuring SSH2 HostKeys --- README.md | 3 +++ start.sh | 26 ++++++++++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/README.md b/README.md index 9398910..585beba 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ | Key | Format | Description | | --- | --- | --- | | `ROOT_AUTHORIZED_KEYS` | `/path/to/file` | Path to file that contains the public SSH keys that can be used for root user authentication. This file will be copied to `/root/.ssh/authorized_keys` | +| `HOSTKEYS` | `/path/to/hostkey;...` | Specifies a (semi-colon separated list of) file(s) containing a private host key used by SSH. | | `USERADD` | `{username}:{uid}:{gid};...` | Create user account(s) on startup | | `GROUPADD` | `{groupname}:{gid};...` | Create group account(s) on startup | | `BASE_DIR` | `/home` | Basedir used for user account creation (Default: `/home`) | @@ -26,6 +27,7 @@ $ docker run -it \ --name jumpbox \ -v $(pwd)/jumpbox:/var/lib/jumpbox \ -e "ROOT_AUTHORIZED_KEYS=/var/lib/jumpbox/authorized_keys" + -e "HOSTKEYS=/var/lib/jumpbox/ssh_host_ed25519_key;/var/lib/jumpbox/ssh_host_rsa_key" -e "USERADD=jumpbox:1000:1000" -e "GROUPADD=jumpbox:1000" -p 1022:22 \ @@ -47,6 +49,7 @@ services: - '${PWD}/jumpbox:/var/lib/jumpbox' environment: ROOT_AUTHORIZED_KEYS: /var/lib/jumpbox/authorized_keys + HOSTKEYS: /var/lib/jumpbox/ssh_host_ed25519_key;/var/lib/jumpbox/ssh_host_rsa_key USERADD: jumpbox:1000:1000 GROUPADD: jumpbox:1000 ``` diff --git a/start.sh b/start.sh index 2f949ec..044ca12 100755 --- a/start.sh +++ b/start.sh @@ -45,6 +45,32 @@ while [ "$USERADD" != "$i" ] ;do useradd --home-dir "$BASE_DIR/$USER_NAME" --uid "$USER_UID" --gid "$USER_GID" "$USER_NAME" done +# HOSTKEYS="/var/lib/jumpbox/ssh_host_ed25519_key;/var/lib/jumpbox/ssh_host_rsa_key" +if [ -n "$HOSTKEYS" ]; then + while [ "$HOSTKEYS" != "$i" ]; do + i=${HOSTKEYS%%;*} + HOSTKEYS="${HOSTKEYS#$i;}" + + if [ ! -e "$i" ]; then + echo "Could not read $i, file is missing" + continue + else + echo "Configuring HostKey $i" + fi + + FILENAME=$(basename "$i") + if [ ! -e "/etc/ssh/$FILENAME" ]; then + install -m 0600 "$i" "/etc/ssh/$FILENAME" + ssh-keygen -y -f "$i" > "/etc/ssh/$FILENAME.pub" + ssh-keygen -l -f "/etc/ssh/$FILENAME.pub" + fi + + if ! grep "^HostKey /etc/ssh/$FILENAME" /etc/ssh/sshd_config; then + echo "HostKey /etc/ssh/$FILENAME" >> /etc/ssh/sshd_config + fi + done +fi + if [ -z "$(find /etc/ssh/ -maxdepth 1 -name 'ssh_host_*_key' -print -quit)" ]; then echo "Creating SSH2 ED25519 key; this may take some time ..." ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519