diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5816bcb..93ba9c3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -10,7 +10,7 @@ jobs: strategy: fail-fast: false matrix: - repository: [immich-souvenirs, dnsupdater, rsync-server, sshd, webhook, gandi, http-tunnel, restic-auto, restic-rest, shairport-sync, telegraf] + repository: [chrooted-sshd, immich-souvenirs, dnsupdater, rsync-server, sshd, webhook, gandi, http-tunnel, restic-auto, restic-rest, shairport-sync, telegraf] steps: - name: Checkout diff --git a/chrooted-sshd/Dockerfile b/chrooted-sshd/Dockerfile new file mode 100644 index 0000000..ebe86a5 --- /dev/null +++ b/chrooted-sshd/Dockerfile @@ -0,0 +1,9 @@ +FROM alpine:latest + +RUN apk add --no-cache openssh + +COPY entrypoint.sh /usr/local/bin/entrypoint.sh + +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] + +CMD ["/usr/sbin/sshd", "-D", "-e"] diff --git a/chrooted-sshd/entrypoint.sh b/chrooted-sshd/entrypoint.sh new file mode 100644 index 0000000..115ec08 --- /dev/null +++ b/chrooted-sshd/entrypoint.sh @@ -0,0 +1,56 @@ +#!/bin/sh + +# Make sure a volume is properly mounted +if [ ! -d "/config" ] ; then + echo "####################################################################" + echo "### Please start this container with a volume mounted to /config ###" + echo "####################################################################" + exit +fi + +# First use : init the /config directory +if [ ! -f "/config/ssh_host_ed25519_key" ] ; then + ssh-keygen -t ed25519 -f /config/ssh_host_ed25519_key -N "" < /dev/null +fi +if [ ! -f "/config/passwd" ] ; then + echo -n "Enter username:" + read + NEW_USER=$REPLY + adduser -u 666 $NEW_USER + echo $NEW_USER > /config/username + grep -E "root|sshd|$NEW_USER" /etc/passwd > /config/passwd + grep -E "root|sshd|$NEW_USER" /etc/shadow > /config/shadow + grep -E "root|sshd|$NEW_USER" /etc/group > /config/group +fi +if [ ! -f "/config/sshd_config" ] ; then + echo "ChrootDirectory /chroot" > /config/sshd_config +fi + +# Use the config provided +cp -f /config/ssh_host_ed25519_key* /etc/ssh/ +cp -f /config/sshd_config /etc/ssh/ +cp -f /config/passwd /etc/passwd +cp -f /config/shadow /etc/shadow +cp -f /config/group /etc/group + +# Prepare the chrooted env +if [ ! -d "/chroot" ] ; then + mkdir /chroot + mkdir /chroot/dev + mknod -m 666 /chroot/dev/null c 1 3 + mknod -m 666 /chroot/dev/zero c 1 5 + mknod -m 666 /chroot/dev/tty c 5 0 + mkdir /chroot/bin + cp /bin/sh /chroot/bin/ + mkdir /chroot/lib + cp /lib/*.so.* /chroot/lib/ + mkdir /chroot/usr + mkdir /chroot/usr/bin + cp /usr/bin/ssh /chroot/usr/bin/ + mkdir /chroot/etc + cp /etc/passwd /chroot/etc/ + mkdir /chroot/home + mkdir /chroot/home/$(cat /config/username) +fi + +"$@"