~elchenberg/docker-openssh-server

b74d00897455b64b8438eb9e70d46df20e58040e — elchenberg 3 months ago main
initial commit
5 files changed, 113 insertions(+), 0 deletions(-)

A .editorconfig
A Dockerfile
A docker-compose.yml
A rootfs/etc/ssh/entrypoint.sh
A rootfs/etc/ssh/sshd_config
A  => .editorconfig +16 -0
@@ 1,16 @@
root = true

[*]
indent_style = space
indent_size = 2
end_of_line = lf
trim_trailing_spaces = true
insert_final_newline = true

# trailing spaces in markdown indicate word wrap
[*.md]
trim_trailing_spaces = false
max_line_length = 80

[{Dockerfile,Dockerfile.*}]
indent_size = 4

A  => Dockerfile +14 -0
@@ 1,14 @@
FROM alpine:3.13
SHELL [ "/bin/ash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-o", "xtrace", "-c" ]
ENV OPENSSH_SERVER_VERSION=8.4_p1-r2 \
    OPENSSH_SERVER_PAM_VERSION=8.4_p1-r2 \
    RSYNC_VERSION=3.2.3-r1 \
    TINI_VERSION=0.19.0-r0
RUN apk add --no-cache \
    openssh-server="${OPENSSH_SERVER_VERSION:?}" \
    openssh-server-pam="${OPENSSH_SERVER_PAM_VERSION:?}" \
    rsync="${RSYNC_VERSION:?}" \
    tini="${TINI_VERSION:?}"
COPY rootfs /
ENTRYPOINT [ "tini", "--", "ash", "/etc/ssh/entrypoint.sh" ]
CMD [ "-D", "-e" ]

A  => docker-compose.yml +11 -0
@@ 1,11 @@
version: "3.8"
services:
  sshd:
    build: .
    environment:
      SSH_AUTHORIZED_KEYS_BASE64:
      SSH_HOST_ED25519_KEY_BASE64:
      SSH_HOST_RSA_KEY_BASE64:
      SSH_PORT: 2222
    ports:
      - 2222:2222

A  => rootfs/etc/ssh/entrypoint.sh +68 -0
@@ 1,68 @@
#!/bin/sh

set -o errexit
set -o nounset

if set +o | grep -Eq '^set +o pipefail$'; then
  # shellcheck disable=SC2039
  set -o pipefail
fi

if [ "${DEBUG:-}" = "true" ]; then
  set -o xtrace
fi

SSH_HOST_ED25519_KEY_PATH=/etc/ssh/ssh_host_ed25519_key
if [ -n "${SSH_HOST_ED25519_KEY_BASE64:-}" ] && [ ! -f "${SSH_HOST_ED25519_KEY_PATH:?}" ]; then
  echo "Creating ${SSH_HOST_ED25519_KEY_PATH:?} from SSH_HOST_ED25519_KEY_BASE64 ..."
  echo "${SSH_HOST_ED25519_KEY_BASE64:?}" | base64 -d >"${SSH_HOST_ED25519_KEY_PATH:?}"
  chmod 0600 "${SSH_HOST_ED25519_KEY_PATH:?}"
  unset SSH_HOST_ED25519_KEY_BASE64
elif [ ! -f "${SSH_HOST_ED25519_KEY_PATH:?}" ]; then
  echo "Generating ${SSH_HOST_ED25519_KEY_PATH:?} ..."
  ssh-keygen -a 100 -f "${SSH_HOST_ED25519_KEY_PATH:?}" -N "" -t ed25519
fi

SSH_HOST_RSA_KEY_PATH=/etc/ssh/ssh_host_rsa_key
if [ -n "${SSH_HOST_RSA_KEY_BASE64:-}" ] && [ ! -f "${SSH_HOST_RSA_KEY_PATH:?}" ]; then
  echo "Creating ${SSH_HOST_RSA_KEY_PATH:?} from SSH_HOST_RSA_KEY_BASE64 ..."
  echo "${SSH_HOST_RSA_KEY_BASE64:?}" | base64 -d >"${SSH_HOST_RSA_KEY_PATH:?}"
  chmod 0600 "${SSH_HOST_RSA_KEY_PATH:?}"
  unset SSH_HOST_RSA_KEY_BASE64
elif [ ! -f "${SSH_HOST_RSA_KEY_PATH:?}" ]; then
  echo "Generating ${SSH_HOST_RSA_KEY_PATH:?} ..."
  ssh-keygen -a 100 -b 4096 -f "${SSH_HOST_RSA_KEY_PATH:?}" -N "" -o -t rsa
fi

HOME_DIRECTORY=$(awk -F":" '$3 == '"$(id -u)"' {print $6}' /etc/passwd)
mkdir -p "${HOME_DIRECTORY:?}/.ssh"
if [ -n "${SSH_AUTHORIZED_KEYS_BASE64:-}" ] && [ ! -f "${HOME_DIRECTORY:?}/.ssh/authorized_keys" ]; then
  echo "Creating ${HOME_DIRECTORY:?}/.ssh/authorized_keys from SSH_AUTHORIZED_KEYS_BASE64 ..."
  echo "${SSH_AUTHORIZED_KEYS_BASE64:?}" | base64 -d >"${HOME_DIRECTORY:?}/.ssh/authorized_keys"
  chmod 0600 "${SSH_HOST_RSA_KEY_PATH:?}"
  unset SSH_AUTHORIZED_KEYS_BASE64
fi

if [ ! -f "${HOME_DIRECTORY:?}/.ssh/environment" ]; then
  echo "Preparing the user environment ..."
  printenv >"${HOME_DIRECTORY:?}/.ssh/environment"
fi

CMD_SETS_SSH_PORT=false
while getopts ":p:" OPT; do
  case "${OPT}" in
    p)
      CMD_SETS_SSH_PORT=true
      break
      ;;
    *)
      continue
      ;;
  esac
done
if [ "${CMD_SETS_SSH_PORT:?}" = "false" ]; then
  echo "Appending \"-p ${SSH_PORT:-22}\" to the command ..."
  set -- "$@" "-p" "${SSH_PORT:-22}"
fi

exec /usr/sbin/sshd "$@"

A  => rootfs/etc/ssh/sshd_config +4 -0
@@ 1,4 @@
PermitUserEnvironment yes
PrintMotd no
StrictModes yes
UsePAM yes