SSH daemon WIP.

ea19f8e2 · nimrod · ca3e38c9 · ea19f8e2 · ea19f8e2 · ea19f8e2
Commit ea19f8e2 authored 3 years ago by nimrod
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -105,3 +105,18 @@ push-httpd-bullseye:
  needs:
    - job: build-httpd-bullseye
      artifacts: true
+
+# sshd image:
+
+build-sshd:
+  extends: .build
+  variables:
+    CONTEXT: sshd
+
+push-sshd:
+  extends: .push
+  variables:
+    IMAGE: sshd
+  needs:
+    - job: build-sshd
+      artifacts: true
--- a/sshd/.dockerignore
+++ b/sshd/.dockerignore
+*
+!entrypoint
--- a/sshd/Dockerfile
+++ b/sshd/Dockerfile
+ARG BASEIMAGE=debian:testing-slim
+FROM ${BASEIMAGE}
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+        netcat-openbsd \
+        openssh-server \
+    && \
+    rm -f /etc/ssh/ssh_host_* && \
+    echo > /etc/ssh/sshd_config && \
+    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
+COPY entrypoint /entrypoint
+EXPOSE 22
+ENTRYPOINT ["/entrypoint"]
+HEALTHCHECK --start-period=5m CMD echo | nc localhost 22 | grep -q 'SSH-2.0-OpenSSH'
+ENV SSHD_ARGS="-De -o 'PermitRootLogin no' -o 'PasswordAuthentication no' -o 'ChallengeResponseAuthentication no' -o 'PrintMotd no' -o 'PidFile none' -o 'Subsystem sftp /usr/lib/openssh/sftp-server'"
+ENV EXTRA_SSHD_ARGS=""
+CMD ["/usr/sbin/sshd", "$SSHD_ARGS", "$EXTRAS_SSHD_ARGS"]
--- a/sshd/README.md
+++ b/sshd/README.md
+# sshd
+
+> A dockerized SSH daemon.
--- a/sshd/entrypoint
+++ b/sshd/entrypoint
+#!/bin/sh
+set -eux
+
+if [ ! -f /etc/ssh/moduli ]
+then
+    ssh-keygen -G /etc/ssh/moduli.candidates
+    ssh-keygen -T /etc/ssh/moduli -f /etc/ssh/moduli.candidates
+    rm /etc/ssh/moduli.candidates
+fi
+ssh-keygen -A
+mkdir -p /run/sshd
+
+eval 'exec "$@"'