From ea19f8e204b83986172b3f0ac284442b6fff51b6 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sat, 17 Jul 2021 23:23:03 +0300
Subject: [PATCH] SSH daemon WIP.

---
 .gitlab-ci.yml     | 15 +++++++++++++++
 sshd/.dockerignore |  2 ++
 sshd/Dockerfile    | 17 +++++++++++++++++
 sshd/README.md     |  3 +++
 sshd/entrypoint    | 13 +++++++++++++
 5 files changed, 50 insertions(+)
 create mode 100644 sshd/.dockerignore
 create mode 100644 sshd/Dockerfile
 create mode 100644 sshd/README.md
 create mode 100755 sshd/entrypoint

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 98e537e..a847a94 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -105,3 +105,18 @@ push-httpd-bullseye:
   needs:
     - job: build-httpd-bullseye
       artifacts: true
+
+# sshd image:
+
+build-sshd:
+  extends: .build
+  variables:
+    CONTEXT: sshd
+
+push-sshd:
+  extends: .push
+  variables:
+    IMAGE: sshd
+  needs:
+    - job: build-sshd
+      artifacts: true
diff --git a/sshd/.dockerignore b/sshd/.dockerignore
new file mode 100644
index 0000000..91445b9
--- /dev/null
+++ b/sshd/.dockerignore
@@ -0,0 +1,2 @@
+*
+!entrypoint
diff --git a/sshd/Dockerfile b/sshd/Dockerfile
new file mode 100644
index 0000000..3dd2a2a
--- /dev/null
+++ b/sshd/Dockerfile
@@ -0,0 +1,17 @@
+ARG BASEIMAGE=debian:testing-slim
+FROM ${BASEIMAGE}
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+        netcat-openbsd \
+        openssh-server \
+    && \
+    rm -f /etc/ssh/ssh_host_* && \
+    echo > /etc/ssh/sshd_config && \
+    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
+COPY entrypoint /entrypoint
+EXPOSE 22
+ENTRYPOINT ["/entrypoint"]
+HEALTHCHECK --start-period=5m CMD echo | nc localhost 22 | grep -q 'SSH-2.0-OpenSSH'
+ENV SSHD_ARGS="-De -o 'PermitRootLogin no' -o 'PasswordAuthentication no' -o 'ChallengeResponseAuthentication no' -o 'PrintMotd no' -o 'PidFile none' -o 'Subsystem sftp /usr/lib/openssh/sftp-server'"
+ENV EXTRA_SSHD_ARGS=""
+CMD ["/usr/sbin/sshd", "$SSHD_ARGS", "$EXTRAS_SSHD_ARGS"]
diff --git a/sshd/README.md b/sshd/README.md
new file mode 100644
index 0000000..fc4f30f
--- /dev/null
+++ b/sshd/README.md
@@ -0,0 +1,3 @@
+# sshd
+
+> A dockerized SSH daemon.
diff --git a/sshd/entrypoint b/sshd/entrypoint
new file mode 100755
index 0000000..2adaa67
--- /dev/null
+++ b/sshd/entrypoint
@@ -0,0 +1,13 @@
+#!/bin/sh
+set -eux
+
+if [ ! -f /etc/ssh/moduli ]
+then
+    ssh-keygen -G /etc/ssh/moduli.candidates
+    ssh-keygen -T /etc/ssh/moduli -f /etc/ssh/moduli.candidates
+    rm /etc/ssh/moduli.candidates
+fi
+ssh-keygen -A
+mkdir -p /run/sshd
+
+eval 'exec "$@"'
-- 
GitLab