enable keypair auth and some refactoring
This commit is contained in:
		
							parent
							
								
									279065bbec
								
							
						
					
					
						commit
						6f1544c7f0
					
				
							
								
								
									
										36
									
								
								.travis.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										36
									
								
								.travis.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,36 @@ | |||||||
|  | sudo: required | ||||||
|  | 
 | ||||||
|  | language: bash | ||||||
|  | 
 | ||||||
|  | addons: | ||||||
|  |   apt: | ||||||
|  |     packages: | ||||||
|  |       - docker-ce | ||||||
|  |       - w3m | ||||||
|  | 
 | ||||||
|  | env: | ||||||
|  |   global: | ||||||
|  |     - IMAGE="alpine-sshd" | ||||||
|  |     - IMAGE_NAME="${DOCKER_USER}/${IMAGE}" | ||||||
|  | 
 | ||||||
|  | before_script: | ||||||
|  |   - sudo sysctl -w net.ipv4.ip_forward=1 | ||||||
|  |   - docker login -u "${DOCKER_USER}" -p "${DOCKER_PASSWORD}" | ||||||
|  |   - export ALPINE_VERSION="3.8" | ||||||
|  |   - export OPENSSH_VERSION="$(w3m -dump "https://pkgs.alpinelinux.org/packages?name=openssh&branch=v${ALPINE_VERSION}" | grep -m 1 "x86" | awk '{print $2}')" | ||||||
|  | 
 | ||||||
|  | script: | | ||||||
|  |   docker build \ | ||||||
|  |           --no-cache \ | ||||||
|  |           --pull \ | ||||||
|  |           --quiet \ | ||||||
|  |           --build-arg ALPINE_VERSION="${ALPINE_VERSION}" \ | ||||||
|  |           --build-arg OPENSSH_VERSION="${OPENSSH_VERSION}" \ | ||||||
|  |           --tag "${IMAGE_NAME}:${OPENSSH_VERSION}-alpine{ALPINE_VERSION}" \ | ||||||
|  |           --tag "${IMAGE_NAME}:latest" \ | ||||||
|  |           --file "${TRAVIS_BUILD_DIR}/Dockerfile" \ | ||||||
|  |           "${TRAVIS_BUILD_DIR}" | ||||||
|  |   if [[ "${TRAVIS_BRANCH}" == "master" ]] && [[ "${TRAVIS_PULL_REQUEST}" == "false" ]]; then | ||||||
|  |     docker push "${IMAGE_NAME}:${OPENSSH_VERSION}-alpine{ALPINE_VERSION}" | ||||||
|  |     docker push "${IMAGE_NAME}:latest" | ||||||
|  |   fi | ||||||
							
								
								
									
										27
									
								
								Dockerfile
									
									
									
									
									
								
							
							
						
						
									
										27
									
								
								Dockerfile
									
									
									
									
									
								
							| @ -1,16 +1,19 @@ | |||||||
| FROM alpine:latest | ARG         ALPINE_VERSION=${ALPINE_VERSION:-3.8} | ||||||
|  | FROM        alpine:${ALPINE_VERSION} | ||||||
| 
 | 
 | ||||||
| LABEL maintainer="https://github.com/hermsi1337" | LABEL       maintainer="https://github.com/hermsi1337" | ||||||
| 
 | 
 | ||||||
| ENV ROOT_PASSWORD root | ARG         OPENSSH_VERSION=${OPENSSH_VERSION:-7.7_p1-r3} | ||||||
|  | ENV         OPENSSH_VERSION=${OPENSSH_VERSION} \ | ||||||
|  |             ROOT_PASSWORD=root \ | ||||||
|  |             KEYPAIR_LOGIN=false | ||||||
| 
 | 
 | ||||||
| RUN apk update	&& apk upgrade && apk add openssh \ | ADD         entrypoint.sh / | ||||||
| 		&& sed -i s/#PermitRootLogin.*/PermitRootLogin\ yes/ /etc/ssh/sshd_config \ | RUN         apk update && apk upgrade && apk add openssh=${OPENSSH_VERSION} \ | ||||||
| 		&& echo "root:${ROOT_PASSWORD}" | chpasswd \ | 		        && chmod +x /entrypoint.sh \ | ||||||
| 		&& rm -rf /var/cache/apk/* /tmp/* | 		        && mkdir -p /root/.ssh \ | ||||||
|  | 		        && rm -rf /var/cache/apk/* /tmp/* | ||||||
| 
 | 
 | ||||||
| COPY entrypoint.sh /usr/local/bin/ | EXPOSE      22 | ||||||
| 
 | VOLUME      ["/etc/ssh"] | ||||||
| EXPOSE 22 | ENTRYPOINT  ["/entrypoint.sh"] | ||||||
| 
 |  | ||||||
| ENTRYPOINT ["entrypoint.sh"] |  | ||||||
|  | |||||||
							
								
								
									
										14
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										14
									
								
								README.md
									
									
									
									
									
								
							| @ -8,6 +8,7 @@ Use this Dockerfile / -image to start a sshd-server upon a lightweight Alpine co | |||||||
| * Password of "root"-user can be changed when starting the container using --env | * Password of "root"-user can be changed when starting the container using --env | ||||||
| 
 | 
 | ||||||
| ### Basic Usage | ### Basic Usage | ||||||
|  | #### Authentication by password | ||||||
| ``` | ``` | ||||||
| $ docker run --rm \ | $ docker run --rm \ | ||||||
| --publish=1337:22 \ | --publish=1337:22 \ | ||||||
| @ -19,7 +20,18 @@ After the container is up you are able to ssh in it as root with the in --env pr | |||||||
| ``` | ``` | ||||||
| $ ssh root@mydomain.tld -p 1337 | $ ssh root@mydomain.tld -p 1337 | ||||||
| ``` | ``` | ||||||
| 
 | #### Authentication by ssh-keypair | ||||||
|  | ``` | ||||||
|  | $ docker run --rm \ | ||||||
|  | --publish=1337:22 \ | ||||||
|  | --env KEYPAIR_LOGIN=true \ | ||||||
|  | --volume /path/to/authorized_keys:/root/.ssh/authorized_keys \ | ||||||
|  | hermsi/alpine-sshd | ||||||
|  | ``` | ||||||
|  | After the container is up you are able to ssh in it as root by a keypair which matches the provided public-key in authorized_keys for "root"-user. | ||||||
|  | ``` | ||||||
|  | $ ssh root@mydomain.tld -p 1337 -i /path/to/private_key | ||||||
|  | ``` | ||||||
| ### Use with docker-compose | ### Use with docker-compose | ||||||
| I built this image in order to use it along with a nginx and fpm-php container for transferring files via sftp. | I built this image in order to use it along with a nginx and fpm-php container for transferring files via sftp. | ||||||
| If you are interested in a Dockerfile which fulfills this need: [this way](https://github.com/Hermsi1337/docker-compose/blob/master/full_php_dev_stack/docker-compose.yml) | If you are interested in a Dockerfile which fulfills this need: [this way](https://github.com/Hermsi1337/docker-compose/blob/master/full_php_dev_stack/docker-compose.yml) | ||||||
| @ -3,9 +3,19 @@ | |||||||
| # generate host keys if not present | # generate host keys if not present | ||||||
| ssh-keygen -A | ssh-keygen -A | ||||||
| 
 | 
 | ||||||
| # check wether a random root-password is provided | # set root login mode by password or keypair | ||||||
| if [ ! -z "${ROOT_PASSWORD}" ] && [ "${ROOT_PASSWORD}" != "root" ]; then | if [ "${KEYPAIR_LOGIN}" = "true" ] && [ -f "${HOME}/.ssh/authorized_keys" ] ; then | ||||||
|     echo "root:${ROOT_PASSWORD}" | chpasswd |     sed -i "s/#PermitRootLogin.*/PermitRootLogin without-password/" /etc/ssh/sshd_config | ||||||
|  |     sed -i "s/#PasswordAuthentication.*/PasswordAuthentication no/" /etc/ssh/sshd_config | ||||||
|  |     echo "Enabled root-login by keypair and disabled password-login" | ||||||
|  | else | ||||||
|  |     sed -i s/#PermitRootLogin.*/PermitRootLogin\ yes/ /etc/ssh/sshd_config | ||||||
|  |     set +x | ||||||
|  |     if [ -n "${ROOT_PASSWORD}" ] && [ "${ROOT_PASSWORD}" != "root" ]; then | ||||||
|  |         echo "root:${ROOT_PASSWORD}" | chpasswd | ||||||
|  |     fi | ||||||
|  |     set -x | ||||||
|  |     echo "Enabled root-login by password" | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| # do not detach (-D), log to stderr (-e), passthrough other arguments | # do not detach (-D), log to stderr (-e), passthrough other arguments | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user