Commit b2c28327 authored by Chris Kretler's avatar Chris Kretler
Browse files

give the user a shell to log in as. permit the use of multiple ssh keys at startup.

parent 02302e80
......@@ -3,18 +3,14 @@ Port 2022
# Key for running sshd
HostKey /etc/ssh/ssh_host_ed25519_key
#PidFile /home/sftpuser/sshd.pid
PasswordAuthentication no
# Limited access
PermitRootLogin no
X11Forwarding no
AllowTcpForwarding no
# Force sftp and chroot jail
Subsystem sftp internal-sftp
# ForceCommand internal-sftp
# Logging
LogLevel VERBOSE
......@@ -2,13 +2,14 @@
# The following commands belong in this script, rather than in
# the dockerfile, in order to run as the sftpuser.
if [ "$(id -u)" -ge 1000 ] ; then
sed -e "/^sftpuser:/c sftpuser:x:$(id -u):$(id -g)::/home/sftpuser:/usr/sbin/nologin" /etc/passwd > /tmp/passwd
#sed -e "/^sftpuser:/c sftpuser:x:$(id -u):$(id -g)::/home/sftpuser:/usr/sbin/nologin" /etc/passwd > /tmp/passwd
sed -e "/^sftpuser:/c sftpuser:x:$(id -u):$(id -g)::/home/sftpuser:/bin/bash" /etc/passwd > /tmp/passwd
cat /tmp/passwd > /etc/passwd
rm /tmp/passwd
fi
# Make the home dir now, so it will be owned by the new sftpuser, as opposed
# to the UID created during the docker build process.
# to the UID used during the docker build process.
mkdir -p /home/sftpuser/.ssh
# If there is a mounted pvc, symlink to it within the user's home dir.
......@@ -19,11 +20,14 @@ fi
# If the user has specified keys either from a docker volume or openshift secret,
# place those in the authorized_keys file at container start-up.
if [ -f /mnt/keys/*.pub ];
keyfiles=(/mnt/keys/*.pub)
if [[ -f ${keyfiles[0]} ]]
then
cat /mnt/keys/*.pub > /home/sftpuser/.ssh/authorized_keys
chown sftpuser /home/sftpuser/.ssh/authorized_keys
chmod 400 /home/sftpuser/.ssh/authorized_keys
else
echo 'WARNING: no ssh keys found. Users will not be able to access the ssh/sftp functionality'
fi
# https://www.ssh.com/ssh/sshd#command-line-options
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment