pommi/docker-jumpbox
1
0
Fork 0
Code Releases Activity

Compare commits

base: pommi:ff64028597615b1b3ceb9c234ff116e55beb424b
Branches Tags
pommi:master
..
compare: pommi:master
Branches Tags
pommi:master

15 Commits
ff64028597 ... master

Author SHA1 Message Date
Pim van den Berg
20f5c653ac feat: install rsync
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-01-31 18:35:03 +01:00
Pim van den Berg
0b8f55ca05 feat: install unzip
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-08-02 10:55:33 +02:00
Pim van den Berg
c58f97d2c8 feat: install bind9-dnsutils
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-03-09 14:01:58 +01:00
Pim van den Berg
5fda9a6457 feat: install less
All checks were successful
continuous-integration/drone/push Build is passing
Details
2023-02-16 14:56:44 +01:00
Pim van den Berg
0d85cf61ae fix(rebuild): the input device is not a TTY
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
2022-11-19 17:10:31 +01:00
Pim van den Berg
82c406ffa3 feat: add git, man
All checks were successful
continuous-integration/drone/push Build is passing
Details
2022-10-30 11:52:20 +00:00
Pim van den Berg
67cfd6b9a5 fix: configure MTU for docker:dind service to 1492
All checks were successful
continuous-integration/drone/push Build is passing
Details 
https://blog.zespre.com/dind-mtu-size-matters.html
 2022-09-18 15:53:04 +02:00
Pim van den Berg
3c1c0ad41f feat: install sudoers + allow sudo access for created users
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
2022-09-18 14:50:54 +02:00
Pim van den Berg
84df38ba0d feat: split setup to setup.sh and only run once 
This supports `docker-compose stop` + `docker-compose up`.
 2022-09-18 14:32:32 +02:00
Pim van den Berg
e6337a497f feat: install locales + configure en_US.UTF-8 locale 2022-09-18 14:06:54 +02:00
Pim van den Berg
699498fe2c feat: support configuring a shell for a user
Some checks failed
continuous-integration/drone/push Build is failing
Details
2022-09-17 15:01:11 +02:00
Pim van den Berg
aeee18b935 feat: install vim 2022-09-17 15:00:56 +02:00
Pim van den Berg
825e872a8d fix(Dockerfile): fail build when apt-get fails 2022-09-17 15:00:56 +02:00
Pim van den Berg
058adb0514 feat: add support for configuring SSH2 HostKeys 2022-09-17 15:00:53 +02:00
Pim van den Berg
78b83de803 feat: generate SSH2 ED25519 HostKey during startup 2022-09-17 14:39:12 +02:00
7 changed files with 125 additions and 85 deletions
Expand all files Collapse all files

10
.drone.yml
View File

@ -30,6 +30,11 @@ services:
volumes:
- name: dockersock
path: /var/run
command:
- dockerd-entrypoint.sh
- dockerd
- --host=unix:///var/run/docker.sock
- --mtu=1492
volumes:
- name: dockersock
@ -68,6 +73,11 @@ services:
volumes:
- name: dockersock
path: /var/run
command:
- dockerd-entrypoint.sh
- dockerd
- --host=unix:///var/run/docker.sock
- --mtu=1492
volumes:
- name: dockersock

25
Dockerfile
View File

@ -1,19 +1,32 @@
FROM debian:bookworm-slim
RUN set -eux; \
apt-get update; \
DEBIAN_FRONTEND=noninteractive apt-get upgrade -y; \
RUN set -eux && \
apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
openssh-server \
sudo \
locales \
curl \
telnet \
net-tools \
screen \
; \
rm -rf /var/lib/apt/lists/* \
rm /etc/ssh/ssh_host_*key*
vim \
git \
man \
less \
bind9-dnsutils \
unzip \
rsync \
&& \
rm -rf /var/lib/apt/lists/* && \
rm /etc/ssh/ssh_host_*key* && \
echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen && \
/usr/sbin/locale-gen && \
/usr/sbin/update-locale 'LANG=en_US.UTF-8'
ADD start.sh /
ADD setup.sh /
EXPOSE 22/tcp

8
README.md
View File

@ -15,8 +15,8 @@
| Key | Format | Description |
| --- | --- | --- |
| `ROOT_AUTHORIZED_KEYS` | `/path/to/file` | Path to file that contains the public SSH keys that can be used for root user authentication. This file will be copied to `/root/.ssh/authorized_keys` |
| `HOSTKEYS` | `/path/to/hostkey` | Specifies a (semi-colon separated list of) file(s) containing a private host key used by SSH. |
| `USERADD` | `{username}:{uid}:{gid};...` | Create user account(s) on startup |
| `HOSTKEYS` | `/path/to/hostkey;...` | Specifies a (semi-colon separated list of) file(s) containing a private host key used by SSH. |
| `USERADD` | `{username}:{uid}:{gid}:{shell};...` | Create user account(s) on startup |
| `GROUPADD` | `{groupname}:{gid};...` | Create group account(s) on startup |
| `BASE_DIR` | `/home` | Basedir used for user account creation (Default: `/home`) |
@ -28,7 +28,7 @@ $ docker run -it \
-v $(pwd)/jumpbox:/var/lib/jumpbox \
-e "ROOT_AUTHORIZED_KEYS=/var/lib/jumpbox/authorized_keys"
-e "HOSTKEYS=/var/lib/jumpbox/ssh_host_ed25519_key;/var/lib/jumpbox/ssh_host_rsa_key"
-e "USERADD=jumpbox:1000:1000"
-e "USERADD=jumpbox:1000:1000:/bin/bash"
-e "GROUPADD=jumpbox:1000"
-p 1022:22 \
pommib/jumpbox:latest
@ -50,6 +50,6 @@ services:
environment:
ROOT_AUTHORIZED_KEYS: /var/lib/jumpbox/authorized_keys
HOSTKEYS: /var/lib/jumpbox/ssh_host_ed25519_key;/var/lib/jumpbox/ssh_host_rsa_key
USERADD: jumpbox:1000:1000
USERADD: jumpbox:1000:1000:/bin/bash
GROUPADD: jumpbox:1000
```

2
build.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh
set -x
set -ex
IMAGE=pommib/jumpbox:latest
docker pull $IMAGE

4
rebuild.sh
View File

@ -1,8 +1,10 @@
#!/bin/sh
set -x
updates_available () {
docker pull "$1"
if test "$(docker run -it --rm "$1" /bin/sh -c 'apt -qqq update && apt -qq list --upgradable')" != ""; then
if test "$(docker run --rm "$1" /bin/sh -c 'apt -qqq update && apt -qq list --upgradable')" != ""; then
return 0
else
return 1

86
setup.sh Executable file
View File

@ -0,0 +1,86 @@
#!/bin/sh
set -ex
if [ -n "$ROOT_AUTHORIZED_KEYS" ]; then
if [ -f "$ROOT_AUTHORIZED_KEYS" ]; then
mkdir -p /root/.ssh
cp "$ROOT_AUTHORIZED_KEYS" /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
fi
fi
if [ -z "$BASE_DIR" ]; then
BASE_DIR="/home"
fi
if [ ! -d "$BASE_DIR" ]; then
echo "BASE_DIR $BASE_DIR does not exist, creating..."
mkdir -p $BASE_DIR
fi
# GROUPADD="group1:1000;group2:1001;group3:1002"
i=""
while [ "$GROUPADD" != "$i" ] ;do
i=${GROUPADD%%;*}
GROUPADD="${GROUPADD#$i;}"
GROUP_NAME=${i%%:*}
GROUP_GID="${i#$GROUP_NAME:}"
groupadd --gid "$GROUP_GID" "$GROUP_NAME"
done
# USERADD="user1:1000:1000:/bin/bash;user2:1001:1000:/bin/sh;user3:1002:1002:/bin/sh"
i=""
j=""
while [ "$USERADD" != "$i" ] ;do
i=${USERADD%%;*}
USERADD="${USERADD#$i;}"
USER_NAME=${i%%:*}
j="${i#$USER_NAME:}"
USER_UID="${j%%:*}"
j="${j#$USER_UID:}"
USER_GID="${j%%:*}"
j="${j#$USER_GID:}"
USER_SHELL=$j
useradd --home-dir "$BASE_DIR/$USER_NAME" --shell "$USER_SHELL" --uid "$USER_UID" --gid "$USER_GID" "$USER_NAME"
echo "$USER_NAME ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/$USER_NAME"
done
# HOSTKEYS="/var/lib/jumpbox/ssh_host_ed25519_key;/var/lib/jumpbox/ssh_host_rsa_key"
i=""
if [ -n "$HOSTKEYS" ]; then
while [ "$HOSTKEYS" != "$i" ]; do
i=${HOSTKEYS%%;*}
HOSTKEYS="${HOSTKEYS#$i;}"
if [ ! -e "$i" ]; then
echo "Could not read $i, file is missing"
continue
else
echo "Configuring HostKey $i"
fi
FILENAME=$(basename "$i")
if [ ! -e "/etc/ssh/$FILENAME" ]; then
install -m 0600 "$i" "/etc/ssh/$FILENAME"
ssh-keygen -y -f "$i" > "/etc/ssh/$FILENAME.pub"
ssh-keygen -l -f "/etc/ssh/$FILENAME.pub"
fi
if ! grep "^HostKey /etc/ssh/$FILENAME" /etc/ssh/sshd_config; then
echo "HostKey /etc/ssh/$FILENAME" >> /etc/ssh/sshd_config
fi
done
fi
if [ -z "$(find /etc/ssh/ -maxdepth 1 -name 'ssh_host_*_key' -print -quit)" ]; then
echo "Creating SSH2 ED25519 key; this may take some time ..."
ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub
echo "HostKey /etc/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config
fi
touch /var/tmp/jumpbox.done

75
start.sh
View File

@ -1,81 +1,10 @@
#!/bin/sh
set -ex
mkdir -p /run/sshd
if [ -n "$ROOT_AUTHORIZED_KEYS" ]; then
if [ -f "$ROOT_AUTHORIZED_KEYS" ]; then
mkdir -p /root/.ssh
cp "$ROOT_AUTHORIZED_KEYS" /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
fi
fi
if [ -z "$BASE_DIR" ]; then
BASE_DIR="/home"
fi
if [ ! -d "$BASE_DIR" ]; then
echo "BASE_DIR $BASE_DIR does not exist, creating..."
mkdir -p $BASE_DIR
fi
# GROUPADD="group1:1000;group2:1001;group3:1002"
while [ "$GROUPADD" != "$i" ] ;do
i=${GROUPADD%%;*}
GROUPADD="${GROUPADD#$i;}"
GROUP_NAME=${i%%:*}
GROUP_GID="${i#$GROUP_NAME:}"
groupadd --gid "$GROUP_GID" "$GROUP_NAME"
done
# USERADD="user1:1000:1000;user2:1001:1000;user3:1002:1002"
while [ "$USERADD" != "$i" ] ;do
i=${USERADD%%;*}
USERADD="${USERADD#$i;}"
USER_NAME=${i%%:*}
UID_GID="${i#$USER_NAME:}"
USER_UID="${UID_GID%%:*}"
USER_GID="${UID_GID#$USER_UID:}"
useradd --home-dir "$BASE_DIR/$USER_NAME" --uid "$USER_UID" --gid "$USER_GID" "$USER_NAME"
done
# HOSTKEYS="/var/lib/jumpbox/ssh_host_ed25519_key;/var/lib/jumpbox/ssh_host_rsa_key"
if [ -n "$HOSTKEYS" ]; then
while [ "$HOSTKEYS" != "$i" ]; do
i=${HOSTKEYS%%;*}
HOSTKEYS="${HOSTKEYS#$i;}"
if [ ! -e "$i" ]; then
echo "Could not read $i, file is missing"
continue
else
echo "Configuring HostKey $i"
fi
FILENAME=$(basename "$i")
if [ ! -e "/etc/ssh/$FILENAME" ]; then
install -m 0600 "$i" "/etc/ssh/$FILENAME"
ssh-keygen -y -f "$i" > "/etc/ssh/$FILENAME.pub"
ssh-keygen -l -f "/etc/ssh/$FILENAME.pub"
fi
if ! grep "^HostKey /etc/ssh/$FILENAME" /etc/ssh/sshd_config; then
echo "HostKey /etc/ssh/$FILENAME" >> /etc/ssh/sshd_config
fi
done
fi
if [ -z "$(find /etc/ssh/ -maxdepth 1 -name 'ssh_host_*_key' -print -quit)" ]; then
echo "Creating SSH2 ED25519 key; this may take some time ..."
ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub
echo "HostKey /etc/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config
if [ ! -e "/var/tmp/jumpbox.done" ]; then
./setup.sh
fi
exec /usr/sbin/sshd -D -e