thomas/multiarch-docker-images
1
0
Fork 0
mirror of https://github.com/napnap75/multiarch-docker-images.git synced 2025-12-16 03:34:18 +01:00
Code Issues Projects Releases Wiki Activity

Added the sshd server

Browse Source
This commit is contained in:
napnap75
2022-04-10 12:55:46 +02:00
parent fcfd24571e
commit 0805c53420
5 changed files with 141 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/build.yml vendored
View File

@@ -10,7 +10,7 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
repository: [webhook, docker2mqtt, gandi, go-ipfs, http-tunnel, ipfs-cluster, mopidy, piwigo-souvenirs, restic-auto, restic-rest, shairport-sync, slack-eraser, snapserver, telegraf] repository: [sshd, webhook, docker2mqtt, gandi, http-tunnel, mopidy, piwigo-souvenirs, restic-auto, restic-rest, shairport-sync, slack-eraser, snapserver, telegraf]
steps: steps:
- name: Checkout - name: Checkout

20
sshd/Dockerfile Normal file
View File

@@ -0,0 +1,20 @@
FROM alpine:edge AS builder
ARG TARGETPLATFORM
RUN apk add --no-cache curl jq \
&& DOWNLOAD_ARCH=$(echo ${TARGETPLATFORM} | sed "s#linux/arm/v6#arm#" | sed "s#linux/arm/v7#armhf#" | sed "s#linux/arm64#aarch64#" | sed "s#linux/amd64#amd64#") \
&& echo "DOWNLOAD_ARCH=${DOWNLOAD_ARCH}" \
&& S6_DOWNLOAD_URL=$(curl -s https://api.github.com/repos/just-containers/s6-overlay/releases/latest | jq -r '.assets | map(select(.name == "s6-overlay-'${DOWNLOAD_ARCH}'.tar.xz"))[0].browser_download_url') \
&& curl --retry 3 -L -s -o /tmp/s6-overlay.tar.xz $S6_DOWNLOAD_URL \
&& mkdir /tmp/s6-overlay \
&& tar -xf /tmp/s6-overlay.tar.xz -C /tmp/s6-overlay
FROM alpine:edge
RUN apk add --no-cache bash curl openssh-server rsync rrsync borgbackup
COPY --from=builder /tmp/s6-overlay /
ADD etc /etc/
ENTRYPOINT ["/init"]
CMD /usr/sbin/sshd -D -e

7
sshd/etc/cont-init.d/init-host-keys.sh Executable file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
if [ ! -f "/config/host_keys/ssh_host_rsa_key" ] ; then
mkdir -p /config/host_keys
ssh-keygen -t ed25519 -f /config/host_keys/ssh_host_ed25519_key -N "" < /dev/null
ssh-keygen -t rsa -b 4096 -f /config/host_keys/ssh_host_rsa_key -N "" < /dev/null
fi

88
sshd/etc/cont-init.d/init-sshd.sh Executable file
View File

@@ -0,0 +1,88 @@
#! /bin/bash
cp /etc/ssh/sshd_config.default /etc/ssh/sshd_config
function init_user {
# First create the user
options=
if [[ "$3" != "" ]]; then
options+="-u $3 "
fi
if [[ "$4" != "" ]]; then
grep ":$4:" /etc/group || addgroup -g $4 "group-$4"
options+="-G `getent group $4 | sed 's/:.*//'` "
fi
if [[ "$5" != "" ]]; then
options+="-h $5 "
else
options+="-h /home/$1 "
fi
if [[ "$2" = "ssh" || "$2" = "borg" || "$2" = "rsync" ]]; then
adduser -D $options -s /bin/bash $1
else
adduser -D $options -s /bin/false $1
fi
passwd -u $1
# Adjust the keys permissions
chown $1 /config/users_keys/$1
chmod 400 /config/users_keys/$1
# Update sshd-config
sed -i "/^AllowUsers/ s/$/ $1/" /etc/ssh/sshd_config
if [[ $2 = "sftp" ]]; then
echo "Match User $1" >> /etc/ssh/sshd_config
echo " ForceCommand internal-sftp" >> /etc/ssh/sshd_config
if [[ $6 != "" ]]; then
echo " ChrootDirectory $6" >> /etc/ssh/sshd_config
chown root:root $6
fi
elif [[ $2 = "borg" ]]; then
echo "Match User $1" >> /etc/ssh/sshd_config
if [[ $6 != "" ]]; then
echo " ForceCommand borg serve --restrict-to-path $6" >> /etc/ssh/sshd_config
else
echo " ForceCommand borg serve" >> /etc/ssh/sshd_config
fi
elif [[ $2 = "rsync" ]]; then
echo "Match User $1" >> /etc/ssh/sshd_config
if [[ $6 != "" ]]; then
echo " ForceCommand rrsync $6" >> /etc/ssh/sshd_config
else
echo " ForceCommand rrsync ." >> /etc/ssh/sshd_config
fi
fi
}
while read line; do
if [[ "$line" =~ ^\[ ]]; then
if [[ "$user" != "" ]]; then
init_user "$user" "$type" "$uid" "$gid" "$home" "$chroot"
fi
name=${line#*\[}
name=${name%%\]}
user=$name
type=
uid=
gid=
home=
chroot=
elif [[ "$line" =~ ^[^#]*= ]]; then
name=${line%% =*}
value=${line#*= }
if [[ $name = "Type" ]]; then
type=$value
elif [[ $name = "UID" ]]; then
uid=$value
elif [[ $name = "GID" ]]; then
gid=$value
elif [[ $name = "Home" ]]; then
home=$value
elif [[ $name = "Chroot" ]]; then
chroot=$value
fi
fi
done < /config/config.ini
init_user "$user" "$type" "$uid" "$gid" "$home" "$chroot"

25
sshd/etc/ssh/sshd_config.default Normal file
View File

@@ -0,0 +1,25 @@
HostKey /config/host_keys/ssh_host_rsa_key
HostKey /config/host_keys/ssh_host_ed25519_key
Protocol 2
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
#LogLevel DEBUG
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile /config/users_keys/%u
IgnoreUserKnownHosts yes
PasswordAuthentication no
ChallengeResponseAuthentication no
AllowAgentForwarding no
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
PrintMotd no
UseDNS no
Subsystem sftp internal-sftp
AllowUsers