diff --git a/Dockerfile b/Dockerfile index 0d41f20..4feb282 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,8 +5,6 @@ RUN set -eux && \ DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ openssh-server \ - sudo \ - locales \ curl \ telnet \ net-tools \ @@ -14,13 +12,9 @@ RUN set -eux && \ vim \ && \ rm -rf /var/lib/apt/lists/* && \ - rm /etc/ssh/ssh_host_*key* && \ - echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen && \ - /usr/sbin/locale-gen && \ - /usr/sbin/update-locale 'LANG=en_US.UTF-8' + rm /etc/ssh/ssh_host_*key* ADD start.sh / -ADD setup.sh / EXPOSE 22/tcp diff --git a/setup.sh b/setup.sh deleted file mode 100755 index f909624..0000000 --- a/setup.sh +++ /dev/null @@ -1,86 +0,0 @@ -#!/bin/sh -set -ex - -if [ -n "$ROOT_AUTHORIZED_KEYS" ]; then - if [ -f "$ROOT_AUTHORIZED_KEYS" ]; then - mkdir -p /root/.ssh - cp "$ROOT_AUTHORIZED_KEYS" /root/.ssh/authorized_keys - chmod 600 /root/.ssh/authorized_keys - fi -fi - -if [ -z "$BASE_DIR" ]; then - BASE_DIR="/home" -fi - -if [ ! -d "$BASE_DIR" ]; then - echo "BASE_DIR $BASE_DIR does not exist, creating..." - mkdir -p $BASE_DIR -fi - -# GROUPADD="group1:1000;group2:1001;group3:1002" -i="" -while [ "$GROUPADD" != "$i" ] ;do - i=${GROUPADD%%;*} - GROUPADD="${GROUPADD#$i;}" - - GROUP_NAME=${i%%:*} - GROUP_GID="${i#$GROUP_NAME:}" - - groupadd --gid "$GROUP_GID" "$GROUP_NAME" -done - -# USERADD="user1:1000:1000:/bin/bash;user2:1001:1000:/bin/sh;user3:1002:1002:/bin/sh" -i="" -j="" -while [ "$USERADD" != "$i" ] ;do - i=${USERADD%%;*} - USERADD="${USERADD#$i;}" - - USER_NAME=${i%%:*} - j="${i#$USER_NAME:}" - USER_UID="${j%%:*}" - j="${j#$USER_UID:}" - USER_GID="${j%%:*}" - j="${j#$USER_GID:}" - USER_SHELL=$j - - useradd --home-dir "$BASE_DIR/$USER_NAME" --shell "$USER_SHELL" --uid "$USER_UID" --gid "$USER_GID" "$USER_NAME" - echo "$USER_NAME ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/$USER_NAME" -done - -# HOSTKEYS="/var/lib/jumpbox/ssh_host_ed25519_key;/var/lib/jumpbox/ssh_host_rsa_key" -i="" -if [ -n "$HOSTKEYS" ]; then - while [ "$HOSTKEYS" != "$i" ]; do - i=${HOSTKEYS%%;*} - HOSTKEYS="${HOSTKEYS#$i;}" - - if [ ! -e "$i" ]; then - echo "Could not read $i, file is missing" - continue - else - echo "Configuring HostKey $i" - fi - - FILENAME=$(basename "$i") - if [ ! -e "/etc/ssh/$FILENAME" ]; then - install -m 0600 "$i" "/etc/ssh/$FILENAME" - ssh-keygen -y -f "$i" > "/etc/ssh/$FILENAME.pub" - ssh-keygen -l -f "/etc/ssh/$FILENAME.pub" - fi - - if ! grep "^HostKey /etc/ssh/$FILENAME" /etc/ssh/sshd_config; then - echo "HostKey /etc/ssh/$FILENAME" >> /etc/ssh/sshd_config - fi - done -fi - -if [ -z "$(find /etc/ssh/ -maxdepth 1 -name 'ssh_host_*_key' -print -quit)" ]; then - echo "Creating SSH2 ED25519 key; this may take some time ..." - ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519 - ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub - echo "HostKey /etc/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config -fi - -touch /var/tmp/jumpbox.done diff --git a/start.sh b/start.sh index c1a4c7d..6da2504 100755 --- a/start.sh +++ b/start.sh @@ -1,10 +1,88 @@ #!/bin/sh + set -ex mkdir -p /run/sshd -if [ ! -e "/var/tmp/jumpbox.done" ]; then - ./setup.sh +if [ -n "$ROOT_AUTHORIZED_KEYS" ]; then + if [ -f "$ROOT_AUTHORIZED_KEYS" ]; then + mkdir -p /root/.ssh + cp "$ROOT_AUTHORIZED_KEYS" /root/.ssh/authorized_keys + chmod 600 /root/.ssh/authorized_keys + fi +fi + +if [ -z "$BASE_DIR" ]; then + BASE_DIR="/home" +fi + +if [ ! -d "$BASE_DIR" ]; then + echo "BASE_DIR $BASE_DIR does not exist, creating..." + mkdir -p $BASE_DIR +fi + +# GROUPADD="group1:1000;group2:1001;group3:1002" +i="" +while [ "$GROUPADD" != "$i" ] ;do + i=${GROUPADD%%;*} + GROUPADD="${GROUPADD#$i;}" + + GROUP_NAME=${i%%:*} + GROUP_GID="${i#$GROUP_NAME:}" + + groupadd --gid "$GROUP_GID" "$GROUP_NAME" +done + +# USERADD="user1:1000:1000:/bin/bash;user2:1001:1000:/bin/sh;user3:1002:1002:/bin/sh" +i="" +j="" +while [ "$USERADD" != "$i" ] ;do + i=${USERADD%%;*} + USERADD="${USERADD#$i;}" + + USER_NAME=${i%%:*} + j="${i#$USER_NAME:}" + USER_UID="${j%%:*}" + j="${j#$USER_UID:}" + USER_GID="${j%%:*}" + j="${j#$USER_GID:}" + USER_SHELL=$j + + useradd --home-dir "$BASE_DIR/$USER_NAME" --shell "$USER_SHELL" --uid "$USER_UID" --gid "$USER_GID" "$USER_NAME" +done + +# HOSTKEYS="/var/lib/jumpbox/ssh_host_ed25519_key;/var/lib/jumpbox/ssh_host_rsa_key" +i="" +if [ -n "$HOSTKEYS" ]; then + while [ "$HOSTKEYS" != "$i" ]; do + i=${HOSTKEYS%%;*} + HOSTKEYS="${HOSTKEYS#$i;}" + + if [ ! -e "$i" ]; then + echo "Could not read $i, file is missing" + continue + else + echo "Configuring HostKey $i" + fi + + FILENAME=$(basename "$i") + if [ ! -e "/etc/ssh/$FILENAME" ]; then + install -m 0600 "$i" "/etc/ssh/$FILENAME" + ssh-keygen -y -f "$i" > "/etc/ssh/$FILENAME.pub" + ssh-keygen -l -f "/etc/ssh/$FILENAME.pub" + fi + + if ! grep "^HostKey /etc/ssh/$FILENAME" /etc/ssh/sshd_config; then + echo "HostKey /etc/ssh/$FILENAME" >> /etc/ssh/sshd_config + fi + done +fi + +if [ -z "$(find /etc/ssh/ -maxdepth 1 -name 'ssh_host_*_key' -print -quit)" ]; then + echo "Creating SSH2 ED25519 key; this may take some time ..." + ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519 + ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub + echo "HostKey /etc/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config fi exec /usr/sbin/sshd -D -e