thomas/docker-ssh
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update for new openssh versions

Browse Source
This commit is contained in:
Thomas Lovén 2025-04-05 16:24:05 +02:00
parent c3392bb97f
commit 0cf6dd8730
4 changed files with 20 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -14,6 +14,9 @@ Ex:
`SSH_USERS=myuser:1000:1000,anotheruser:1001:1001` `SSH_USERS=myuser:1000:1000,anotheruser:1001:1001`
### ENV variables `YUBICO_API_ID`, `YUBICO_API_KEY`
Get API ID and Key from here: [here](https://upgrade.yubico.com/getapikey/)
### Key files ### Key files
The directory mapped to `/conf.d/authorized_keys` contain files for authorized_keys, authorized yubikeys and ssh config. The directory mapped to `/conf.d/authorized_keys` contain files for authorized_keys, authorized yubikeys and ssh config.

3
build/Dockerfile
View File

@ -1,6 +1,7 @@
FROM hermsi/alpine-sshd:latest FROM hermsi/alpine-sshd:latest
RUN apk add --no-cache \ RUN apk add --upgrade --no-cache \
openssh \
openssh-server-pam \ openssh-server-pam \
yubico-pam \ yubico-pam \
google-authenticator \ google-authenticator \

15
build/entrypoint.sh
View File

@ -43,7 +43,7 @@ ensure_mod() {
G_ID="${4}" G_ID="${4}"
chmod "${MOD}" "${FILE}" chmod "${MOD}" "${FILE}"
chown "${U_ID}"."${G_ID}" "${FILE}" chown "${U_ID}":"${G_ID}" "${FILE}"
} }
generate_passwd() { generate_passwd() {
@ -212,10 +212,15 @@ fi
# ADDED # ADDED
############################################# #############################################
sed -i "s/#ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/" /etc/ssh/sshd_config if [[ -n "${YUBICO_API_ID}" ]]; then
sed -i "s/#UsePAM.*/UsePAM yes/" /etc/ssh/sshd_config sed -i "s/#ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/" /etc/ssh/sshd_config
sed -i "s/#UsePAM.*/UsePAM yes/" /etc/ssh/sshd_config
if ! grep -Fxq "auth sufficient pam_yubico.sh" /etc/pam.d/sshd; then
echo "auth [success=done default=bad] pam_yubico.so id=${YUBICO_API_ID} key=${YUBICO_API_KEY}" >> /etc/pam.d/sshd
fi
fi
echo "auth sufficient pam_yubico.so id=16 debug" >> /etc/pam.d/sshd
############################################# #############################################
# END OF ADDITION # END OF ADDITION
@ -224,4 +229,4 @@ echo "auth sufficient pam_yubico.so id=16 debug" >> /etc/pam.d/sshd
echo "" echo ""
# do not detach (-D), log to stderr (-e), passthrough other arguments # do not detach (-D), log to stderr (-e), passthrough other arguments
exec /usr/sbin/sshd -D -e "$@" exec /usr/sbin/sshd.pam -D -e "$@"

4
docker-compose.yaml
View File

@ -1,5 +1,3 @@
version: "3"
networks: networks:
web: web:
external: true external: true
@ -12,6 +10,8 @@ services:
web: web:
environment: environment:
SSH_USERS: SSH_USERS:
YUBICO_API_ID:
YUBICO_API_KEY:
volumes: volumes:
- ./authorized_keys:/conf.d/authorized_keys - ./authorized_keys:/conf.d/authorized_keys
- ./ssh:/etc/ssh - ./ssh:/etc/ssh