Store authorized_keys in /config
As sshd refused to use /tmp because it has too open permissions
This commit is contained in:
parent
ffc78f7d6b
commit
e2fb9fc75d
|
@ -2,19 +2,23 @@
|
|||
|
||||
set -euo pipefail
|
||||
|
||||
# Else, sshd will refuse using authorized_keys
|
||||
chmod 700 /config
|
||||
|
||||
for TYPE in rsa ecdsa ed25519; do
|
||||
[ -e "/config/ssh_host_${TYPE}_key" ] || ssh-keygen -q -N "" -t ${TYPE} -f /config/ssh_host_${TYPE}_key
|
||||
chmod 600 /config/ssh_host_${TYPE}_key
|
||||
chmod 644 /config/ssh_host_${TYPE}_key.pub
|
||||
done
|
||||
|
||||
rm -f /config/authorized_keys
|
||||
OLD_IFS=${IFS}
|
||||
IFS=$'\n'
|
||||
for VAR in $(env | grep -E '^SSH_AUTH_KEY'); do
|
||||
echo "Adding ssh key ${VAR}"
|
||||
echo "${VAR}" | sed -E 's/^SSH_AUTH_KEY[^=]*=//' >> /tmp/authorized_keys
|
||||
echo "${VAR}" | sed -E 's/^SSH_AUTH_KEY[^=]*=//' >> /config/authorized_keys
|
||||
done
|
||||
IFS=${OLD_IFS}
|
||||
chmod 600 /tmp/authorized_keys
|
||||
chmod 600 /config/authorized_keys
|
||||
|
||||
envsubst < /home/ssh/sshd_config.template > /tmp/sshd_config
|
||||
|
|
|
@ -4,7 +4,7 @@ HostKey /config/ssh_host_rsa_key
|
|||
HostKey /config/ssh_host_ecdsa_key
|
||||
HostKey /config/ssh_host_ed25519_key
|
||||
PermitRootLogin no
|
||||
AuthorizedKeysFile /tmp/authorized_keys
|
||||
AuthorizedKeysFile /config/authorized_keys
|
||||
PasswordAuthentication no
|
||||
AllowTcpForwarding no
|
||||
GatewayPorts no
|
||||
|
|
|
@ -165,7 +165,7 @@ _EOF
|
|||
driver = "docker"
|
||||
|
||||
config {
|
||||
image = "danielberteaud/rsync-ssh:24.1-3"
|
||||
image = "danielberteaud/rsync-ssh:24.2-2"
|
||||
pids_limit = 100
|
||||
readonly_rootfs = true
|
||||
mount {
|
||||
|
|
|
@ -2,19 +2,23 @@
|
|||
|
||||
set -euo pipefail
|
||||
|
||||
# Else, sshd will refuse using authorized_keys
|
||||
chmod 700 /config
|
||||
|
||||
for TYPE in rsa ecdsa ed25519; do
|
||||
[ -e "/config/ssh_host_${TYPE}_key" ] || ssh-keygen -q -N "" -t ${TYPE} -f /config/ssh_host_${TYPE}_key
|
||||
chmod 600 /config/ssh_host_${TYPE}_key
|
||||
chmod 644 /config/ssh_host_${TYPE}_key.pub
|
||||
done
|
||||
|
||||
rm -f /config/authorized_keys
|
||||
OLD_IFS=${IFS}
|
||||
IFS=$'\n'
|
||||
for VAR in $(env | grep -E '^SSH_AUTH_KEY'); do
|
||||
echo "Adding ssh key ${VAR}"
|
||||
echo "${VAR}" | sed -E 's/^SSH_AUTH_KEY[^=]*=//' >> /tmp/authorized_keys
|
||||
echo "${VAR}" | sed -E 's/^SSH_AUTH_KEY[^=]*=//' >> /config/authorized_keys
|
||||
done
|
||||
IFS=${OLD_IFS}
|
||||
chmod 600 /tmp/authorized_keys
|
||||
chmod 600 /config/authorized_keys
|
||||
|
||||
envsubst < /home/ssh/sshd_config.template > /tmp/sshd_config
|
||||
|
|
|
@ -4,7 +4,7 @@ HostKey /config/ssh_host_rsa_key
|
|||
HostKey /config/ssh_host_ecdsa_key
|
||||
HostKey /config/ssh_host_ed25519_key
|
||||
PermitRootLogin no
|
||||
AuthorizedKeysFile /tmp/authorized_keys
|
||||
AuthorizedKeysFile /config/authorized_keys
|
||||
PasswordAuthentication no
|
||||
AllowTcpForwarding no
|
||||
GatewayPorts no
|
||||
|
|
|
@ -31,7 +31,7 @@ repo:
|
|||
|
||||
rsync:
|
||||
# Image to use
|
||||
image: '[[ .docker.repo ]]rsync-ssh:24.1-3'
|
||||
image: '[[ .docker.repo ]]rsync-ssh:24.2-2'
|
||||
|
||||
# Resources to allocate
|
||||
resources:
|
||||
|
|
Loading…
Reference in New Issue