Generate persistent (and unique) SSH host keys

2024-11-09 11:40:02 +00:00 · 2016-03-25 17:35:38 +01:00 · 2016-03-25 17:35:38 +01:00 · 48c3d670aa
commit 48c3d670aa
parent f5142c82d6
2 changed files with 22 additions and 5 deletions
--- a/18
+++ b/18
@ -5,14 +5,22 @@ ENV USER share
 ENV PASS changeme
 ENV USER_UID 1000

-RUN apt-get update && \
-    apt-get install -y openssh-server mcrypt && \
-    mkdir /var/run/sshd && chmod 0755 /var/run/sshd
+ENV DI_VERSION 1.0.1
+ENV DI_HASH 91b9970e6a0d23d7aedf3321fb1d161937e7f5e6ff38c51a8a997278cc00fb0a
+
+ADD https://github.com/Yelp/dumb-init/releases/download/v1.0.1/dumb-init_${DI_VERSION}_amd64 /usr/local/bin/dumb-init
+
+RUN apt-get update \
+ && apt-get install -y openssh-server mcrypt \
+ && mkdir /var/run/sshd && chmod 0755 /var/run/sshd \
+ && echo "${DI_HASH}  /usr/local/bin/dumb-init" | sha256sum -c \
+ && chmod +x /usr/local/bin/dumb-init

 ADD start.sh /usr/local/bin/start.sh
 ADD sshd_config /etc/ssh/sshd_config

-VOLUME ["/data"]
+VOLUME ["/data", "/ssh"]
 EXPOSE 22

-ENTRYPOINT ["/bin/bash", "/usr/local/bin/start.sh"]
+ENTRYPOINT ["/usr/local/bin/dumb-init"]
+CMD ["/usr/local/bin/start.sh"]
--- a/start.sh
+++ b/start.sh
@ -1,5 +1,14 @@
 #!/bin/bash

+for type in rsa dsa ecdsa ed25519; do
+  if ! [ -e "/ssh/ssh_host_${type}_key" ]; then
+    echo "/ssh/ssh_host_${type}_key not found, generating..."
+    ssh-keygen -f "/ssh/ssh_host_${type}_key" -N '' -t ${type}
+  fi
+
+  ln -sf "/ssh/ssh_host_${type}_key" "/etc/ssh/ssh_host_${type}_key"
+done
+
 if ( id ${USER} ); then
    echo "INFO: User ${USER} already exists"
 else