Add Dockerfile and backup script for SSH server setup
This commit is contained in:
gyurix
11
Dockerfile
Normal file
11
Dockerfile
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
FROM alpine:latest
|
||||||
|
|
||||||
|
RUN apk add --no-cache \
|
||||||
|
openssh-server-pam \
|
||||||
|
su-exec \
|
||||||
|
borgbackup
|
||||||
|
|
||||||
|
COPY start_backup.sh /start_backup.sh
|
||||||
|
RUN chmod +x /start_backup.sh
|
||||||
|
|
||||||
|
CMD /start_backup.sh
|
||||||
65
start_backup.sh
Normal file
65
start_backup.sh
Normal file
@@ -0,0 +1,65 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
SSH_PORT=${SSH_PORT:-20022}
|
||||||
|
SSH_USER=${SSH_USER:-"backup"}
|
||||||
|
SSH_PASSWORD=${SSH_PASSWORD:-"backup"}
|
||||||
|
HOME="/home/$SSH_USER"
|
||||||
|
SSH_DIR="$HOME/.ssh"
|
||||||
|
SSH_CONFIG_DIR="$HOME/.ssh/server"
|
||||||
|
SSH_HOST_KEYS_DIR="$SSH_CONFIG_DIR/keys"
|
||||||
|
SSH_CONFIG_FILE="$SSH_CONFIG_DIR/sshd_config"
|
||||||
|
SSH_PID_FILE="$SSH_CONFIG_DIR/sshd.pid"
|
||||||
|
|
||||||
|
if ! id -u "$SSH_USER" >/dev/null 2>&1; then
|
||||||
|
echo "Creating user $SSH_USER..."
|
||||||
|
adduser -D -s /bin/sh -h "/home/$SSH_USER" "$SSH_USER"
|
||||||
|
# Ensure the user is properly initialized in shadow database
|
||||||
|
passwd -u "$SSH_USER" 2>/dev/null || true
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create necessary directories
|
||||||
|
mkdir -p "$SSH_CONFIG_DIR" "$SSH_HOST_KEYS_DIR"
|
||||||
|
|
||||||
|
# Generate host keys if they don't exist
|
||||||
|
for key_type in rsa ed25519; do
|
||||||
|
key_file="$SSH_HOST_KEYS_DIR/ssh_host_${key_type}_key"
|
||||||
|
echo "Generating $key_type host key..."
|
||||||
|
ssh-keygen -t "$key_type" -f "$key_file" -N "" -q
|
||||||
|
done
|
||||||
|
|
||||||
|
# Add default ssh password if not set
|
||||||
|
echo "$SSH_USER:$SSH_PASSWORD" | chpasswd
|
||||||
|
|
||||||
|
cat >"$SSH_CONFIG_FILE" <<EOF
|
||||||
|
Port $SSH_PORT
|
||||||
|
ListenAddress 0.0.0.0
|
||||||
|
HostKey $SSH_HOST_KEYS_DIR/ssh_host_rsa_key
|
||||||
|
HostKey $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key
|
||||||
|
PidFile $SSH_PID_FILE
|
||||||
|
UsePam yes
|
||||||
|
AuthorizedKeysFile $SSH_DIR/authorized_keys
|
||||||
|
PasswordAuthentication yes
|
||||||
|
PubkeyAuthentication yes
|
||||||
|
ChallengeResponseAuthentication no
|
||||||
|
PrintMotd no
|
||||||
|
AcceptEnv LANG LC_*
|
||||||
|
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||||
|
EOF
|
||||||
|
|
||||||
|
chown -R $SSH_USER:$SSH_USER "/home/$SSH_USER"
|
||||||
|
# Start SSH daemon
|
||||||
|
echo "Starting SSH server on port $SSH_PORT..."
|
||||||
|
exec su-exec $SSH_USER /usr/sbin/sshd.pam -D -f "$SSH_CONFIG_FILE" -e &
|
||||||
|
|
||||||
|
SSH_CONFIG_FILE=$SSH_CONFIG_FILE
|
||||||
|
LAST=$(md5sum "$SSH_CONFIG_FILE")
|
||||||
|
while true; do
|
||||||
|
sleep 0.1
|
||||||
|
if [ -f "$SSH_CONFIG_FILE" ]; then
|
||||||
|
NEW=$(md5sum "$SSH_CONFIG_FILE")
|
||||||
|
if [ "$NEW" != "$LAST" ]; then
|
||||||
|
pkill -HUP sshd.pam
|
||||||
|
LAST="$NEW"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
Reference in New Issue
Block a user