1
0

Compare commits

..

2 Commits

Author SHA1 Message Date
ff64028597 feat: add support for configuring SSH2 HostKeys
All checks were successful
continuous-integration/drone/push Build is passing
2022-09-17 14:21:53 +02:00
726243a733 feat: generate SSH2 ED25519 HostKey during startup 2022-09-17 14:21:12 +02:00
3 changed files with 38 additions and 1 deletions

View File

@ -10,7 +10,8 @@ RUN set -eux; \
net-tools \ net-tools \
screen \ screen \
; \ ; \
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/* \
rm /etc/ssh/ssh_host_*key*
ADD start.sh / ADD start.sh /

View File

@ -15,6 +15,7 @@
| Key | Format | Description | | Key | Format | Description |
| --- | --- | --- | | --- | --- | --- |
| `ROOT_AUTHORIZED_KEYS` | `/path/to/file` | Path to file that contains the public SSH keys that can be used for root user authentication. This file will be copied to `/root/.ssh/authorized_keys` | | `ROOT_AUTHORIZED_KEYS` | `/path/to/file` | Path to file that contains the public SSH keys that can be used for root user authentication. This file will be copied to `/root/.ssh/authorized_keys` |
| `HOSTKEYS` | `/path/to/hostkey` | Specifies a (semi-colon separated list of) file(s) containing a private host key used by SSH. |
| `USERADD` | `{username}:{uid}:{gid};...` | Create user account(s) on startup | | `USERADD` | `{username}:{uid}:{gid};...` | Create user account(s) on startup |
| `GROUPADD` | `{groupname}:{gid};...` | Create group account(s) on startup | | `GROUPADD` | `{groupname}:{gid};...` | Create group account(s) on startup |
| `BASE_DIR` | `/home` | Basedir used for user account creation (Default: `/home`) | | `BASE_DIR` | `/home` | Basedir used for user account creation (Default: `/home`) |
@ -26,6 +27,7 @@ $ docker run -it \
--name jumpbox \ --name jumpbox \
-v $(pwd)/jumpbox:/var/lib/jumpbox \ -v $(pwd)/jumpbox:/var/lib/jumpbox \
-e "ROOT_AUTHORIZED_KEYS=/var/lib/jumpbox/authorized_keys" -e "ROOT_AUTHORIZED_KEYS=/var/lib/jumpbox/authorized_keys"
-e "HOSTKEYS=/var/lib/jumpbox/ssh_host_ed25519_key;/var/lib/jumpbox/ssh_host_rsa_key"
-e "USERADD=jumpbox:1000:1000" -e "USERADD=jumpbox:1000:1000"
-e "GROUPADD=jumpbox:1000" -e "GROUPADD=jumpbox:1000"
-p 1022:22 \ -p 1022:22 \
@ -47,6 +49,7 @@ services:
- '${PWD}/jumpbox:/var/lib/jumpbox' - '${PWD}/jumpbox:/var/lib/jumpbox'
environment: environment:
ROOT_AUTHORIZED_KEYS: /var/lib/jumpbox/authorized_keys ROOT_AUTHORIZED_KEYS: /var/lib/jumpbox/authorized_keys
HOSTKEYS: /var/lib/jumpbox/ssh_host_ed25519_key;/var/lib/jumpbox/ssh_host_rsa_key
USERADD: jumpbox:1000:1000 USERADD: jumpbox:1000:1000
GROUPADD: jumpbox:1000 GROUPADD: jumpbox:1000
``` ```

View File

@ -45,4 +45,37 @@ while [ "$USERADD" != "$i" ] ;do
useradd --home-dir "$BASE_DIR/$USER_NAME" --uid "$USER_UID" --gid "$USER_GID" "$USER_NAME" useradd --home-dir "$BASE_DIR/$USER_NAME" --uid "$USER_UID" --gid "$USER_GID" "$USER_NAME"
done done
# HOSTKEYS="/var/lib/jumpbox/ssh_host_ed25519_key;/var/lib/jumpbox/ssh_host_rsa_key"
if [ -n "$HOSTKEYS" ]; then
while [ "$HOSTKEYS" != "$i" ]; do
i=${HOSTKEYS%%;*}
HOSTKEYS="${HOSTKEYS#$i;}"
if [ ! -e "$i" ]; then
echo "Could not read $i, file is missing"
continue
else
echo "Configuring HostKey $i"
fi
FILENAME=$(basename "$i")
if [ ! -e "/etc/ssh/$FILENAME" ]; then
install -m 0600 "$i" "/etc/ssh/$FILENAME"
ssh-keygen -y -f "$i" > "/etc/ssh/$FILENAME.pub"
ssh-keygen -l -f "/etc/ssh/$FILENAME.pub"
fi
if ! grep "^HostKey /etc/ssh/$FILENAME" /etc/ssh/sshd_config; then
echo "HostKey /etc/ssh/$FILENAME" >> /etc/ssh/sshd_config
fi
done
fi
if [ -z "$(find /etc/ssh/ -maxdepth 1 -name 'ssh_host_*_key' -print -quit)" ]; then
echo "Creating SSH2 ED25519 key; this may take some time ..."
ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub
echo "HostKey /etc/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config
fi
exec /usr/sbin/sshd -D -e exec /usr/sbin/sshd -D -e