From 6ef2a1c876cec8f41126a945e25a0af303f75366 Mon Sep 17 00:00:00 2001 From: michael Date: Thu, 14 Dec 2023 14:35:02 +1300 Subject: [PATCH] init --- Dockerfile | 37 +++++++++++++++++++++++++++++++++++++ authorized_keys | 1 + build.sh | 5 +++++ id_ed25519 | 7 +++++++ id_ed25519.pub | 1 + ssh_host_ed25519_key | 7 +++++++ ssh_host_ed25519_key.pub | 1 + ssh_host_rsa_key | 27 +++++++++++++++++++++++++++ ssh_host_rsa_key.pub | 1 + sshd_config | 21 +++++++++++++++++++++ 10 files changed, 108 insertions(+) create mode 100644 Dockerfile create mode 100644 authorized_keys create mode 100755 build.sh create mode 100644 id_ed25519 create mode 100644 id_ed25519.pub create mode 100644 ssh_host_ed25519_key create mode 100644 ssh_host_ed25519_key.pub create mode 100644 ssh_host_rsa_key create mode 100644 ssh_host_rsa_key.pub create mode 100644 sshd_config diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..d760ec2 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,37 @@ +FROM ubuntu:latest + +ENV DEBIAN_FRONTEND=noninteractive + +# Install packages +RUN apt update && \ + apt install --no-install-recommends -y \ + nano \ + openssh-server \ + openssh-client \ + rsync \ + sudo && \ + rm -rf /var/lib/apt/lists/* + +# User setup +RUN useradd -m -d /home/user -s /bin/bash -U -u 1000 user && \ + mkdir /home/user/.ssh && \ + chown -R user:user /home/user/.ssh && \ + mkdir /sftp && \ + chown root:root /sftp && \ + chmod 755 /sftp +RUN echo 'user:password' | chpasswd + +COPY authorized_keys /home/user/.ssh/ +COPY sshd_config ssh_host_* /etc/ssh/ + +RUN chown user:user /home/user/.ssh/authorized_keys && \ + chmod 644 /home/user/.ssh/authorized_keys && \ + chown root:root /etc/ssh/* && \ + chmod 644 /etc/ssh/sshd_config && \ + chmod 600 /etc/ssh/ssh_host_ed25519_key && \ + chmod 644 /etc/ssh/ssh_host_ed25519_key.pub && \ + mkdir /run/sshd + +EXPOSE 22 + +CMD ["/usr/sbin/sshd","-D","-e"] diff --git a/authorized_keys b/authorized_keys new file mode 100644 index 0000000..901437a --- /dev/null +++ b/authorized_keys @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE26RPGDs9sn0Sf99pH87Eq7ipDJ6tI5ojx0NfdhEr2B \ No newline at end of file diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..bbec90a --- /dev/null +++ b/build.sh @@ -0,0 +1,5 @@ +#!/bin/bash +docker build -t code.balsillie.net/containers/sftp:latest -t quay.io/balsillie/sftp:latest . +docker push code.balsillie.net/containers/sftp:latest +docker push quay.io/balsillie/sftp:latest + diff --git a/id_ed25519 b/id_ed25519 new file mode 100644 index 0000000..64023ac --- /dev/null +++ b/id_ed25519 @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACBNukTxg7PbJ9En/faR/OxKu4qQyerSOaI8dDX3YRK9gQAAAJglASzhJQEs +4QAAAAtzc2gtZWQyNTUxOQAAACBNukTxg7PbJ9En/faR/OxKu4qQyerSOaI8dDX3YRK9gQ +AAAEBaA+9x3FzHUjmoj6Smm0LCY4bC4RVRe0PoPuPUlW4EcU26RPGDs9sn0Sf99pH87Eq7 +ipDJ6tI5ojx0NfdhEr2BAAAAD21pY2hhZWxAbGF0NTQyMAECAwQFBg== +-----END OPENSSH PRIVATE KEY----- diff --git a/id_ed25519.pub b/id_ed25519.pub new file mode 100644 index 0000000..08406d3 --- /dev/null +++ b/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE26RPGDs9sn0Sf99pH87Eq7ipDJ6tI5ojx0NfdhEr2B diff --git a/ssh_host_ed25519_key b/ssh_host_ed25519_key new file mode 100644 index 0000000..7defc23 --- /dev/null +++ b/ssh_host_ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACCXh5j4aROx8hfr+oZpyya27uGfgS8ZendpPfDW0SN9IQAAAJjZJLWm2SS1 +pgAAAAtzc2gtZWQyNTUxOQAAACCXh5j4aROx8hfr+oZpyya27uGfgS8ZendpPfDW0SN9IQ +AAAEAOyT0w3/3vSEA0s3yA18H7hQM9IAVhn6oIZYpnGaHlf5eHmPhpE7HyF+v6hmnLJrbu +4Z+BLxl6d2k98NbRI30hAAAAD21pY2hhZWxAbGF0NTQyMAECAwQFBg== +-----END OPENSSH PRIVATE KEY----- diff --git a/ssh_host_ed25519_key.pub b/ssh_host_ed25519_key.pub new file mode 100644 index 0000000..38a98a7 --- /dev/null +++ b/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJeHmPhpE7HyF+v6hmnLJrbu4Z+BLxl6d2k98NbRI30h diff --git a/ssh_host_rsa_key b/ssh_host_rsa_key new file mode 100644 index 0000000..f1cd9de --- /dev/null +++ b/ssh_host_rsa_key @@ -0,0 +1,27 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn +NhAAAAAwEAAQAAAQEA0R/rRxwTSQPTNuaEVulojiT6g63B4CtCwiyc/tPOJQoVwzzvKxF/ +2B2+eaLlY8Km2K+gF8fYf5BfWaSs2Dh53En6QEiJEYTBTcbFjOqagiU50aK/Wu0/omFn5f +5N2jP5dndaLqCXRZAImooS6IjlDa8MMAD0xDC5PPlBveeXQiaxMPpx9o5HK61BGK7aGkzM +gE9pwZ8eIf8VEOTOhPgWveImEnPx3Eb9lZOtxsV5kUQgfYyTihLf9lzpe4gTDrn5Y7k5TU +bsB9mnyTxhvK9fLrGwa+bzyrIkUY1VUAS3RkzzWi6oXETCjNaUiavCZ1plLi4/15snZRpH +x/lMs0L0QQAAA8gMaShSDGkoUgAAAAdzc2gtcnNhAAABAQDRH+tHHBNJA9M25oRW6WiOJP +qDrcHgK0LCLJz+084lChXDPO8rEX/YHb55ouVjwqbYr6AXx9h/kF9ZpKzYOHncSfpASIkR +hMFNxsWM6pqCJTnRor9a7T+iYWfl/k3aM/l2d1ouoJdFkAiaihLoiOUNrwwwAPTEMLk8+U +G955dCJrEw+nH2jkcrrUEYrtoaTMyAT2nBnx4h/xUQ5M6E+Ba94iYSc/HcRv2Vk63GxXmR +RCB9jJOKEt/2XOl7iBMOufljuTlNRuwH2afJPGG8r18usbBr5vPKsiRRjVVQBLdGTPNaLq +hcRMKM1pSJq8JnWmUuLj/XmydlGkfH+UyzQvRBAAAAAwEAAQAAAQAyrlBkCaUP2S43PCr+ +8C6vYj1XK8VUaU+SxOKgbF7lgZnwGMSitKk9zEmU63o50NsEIR4EnWF12tyM2lisRxWbYk +9UhG+5j+mUCpPmWJXs7A4k5NMIu34kQYR/S//8nYN75yVzLuayTFuVblhyQ/j09cMXoCex +o1hFM2gwGKAC/vJ3XrgJbRSfFMhsisV0kYiZ9tQR8075j/iSBfMH8OSic8ysIJubIuwkMG +fgfGvVoNGvK8WrtcW568AyP2IKJtS/mg34d0wdTDE36eqdZufUFEPV/iQjtW+RCAFKv8PS +HFPb3RahGIzgNtwlYNtaK7upSrfv8dBbY8KPA8VsdrHFAAAAgE6KJJGmiMYm6vIITaKWC/ +IzQ1wKY1pzEaZcMnGrv7uwHNmaJyqET4C25YWXZsTeT4nf4n8p3O1wQwRSnT9biplheHxK +QRwA9cE8VO6Id1+XwFONM59D0Ly/gvXq3mvZZQEF2xnGIlEyE/if14qya3BvRL16uh1J3G +TSAgVEjxDzAAAAgQD8c8eNIaCENCpMR33JBEh92WvlTnT0YzSlX1+g0YcfnEjIviH0yGvO +jCNo0avrqhvebqDiEMe0HBged0/Obq6kvMMjtTtC4dOZmC3GyBnDq/xse1pHUMtOId2X0C +ZjeV7W4mdMIu3CJ4PLoBPmM6Z4oEf7CbpkGUb5Zozm0GoMpQAAAIEA1BBDugozhiic5wG6 +bOSyENrnLPbcFo8Jpj/TphCSreB8qxSPf+Z8vTutjrQdZbg+Nbxz+n9JVblvveywqm9H7q ++gv/ZKusjEcT5pqwxZqRUQJhSpmobshqTXALZDHOBB477Cfyk7Hh8TqyR7DrIPNjGLbGI2 +hcMSys/gJKb+qm0AAAAPbWljaGFlbEBsYXQ1NDIwAQIDBA== +-----END OPENSSH PRIVATE KEY----- diff --git a/ssh_host_rsa_key.pub b/ssh_host_rsa_key.pub new file mode 100644 index 0000000..d399001 --- /dev/null +++ b/ssh_host_rsa_key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRH+tHHBNJA9M25oRW6WiOJPqDrcHgK0LCLJz+084lChXDPO8rEX/YHb55ouVjwqbYr6AXx9h/kF9ZpKzYOHncSfpASIkRhMFNxsWM6pqCJTnRor9a7T+iYWfl/k3aM/l2d1ouoJdFkAiaihLoiOUNrwwwAPTEMLk8+UG955dCJrEw+nH2jkcrrUEYrtoaTMyAT2nBnx4h/xUQ5M6E+Ba94iYSc/HcRv2Vk63GxXmRRCB9jJOKEt/2XOl7iBMOufljuTlNRuwH2afJPGG8r18usbBr5vPKsiRRjVVQBLdGTPNaLqhcRMKM1pSJq8JnWmUuLj/XmydlGkfH+UyzQvRB michael@lat5420 diff --git a/sshd_config b/sshd_config new file mode 100644 index 0000000..d91974e --- /dev/null +++ b/sshd_config @@ -0,0 +1,21 @@ +Port 22 +AddressFamily any +ListenAddress 0.0.0.0 +ListenAddress :: +HostKey /etc/ssh/ssh_host_ed25519_key +HostKey /etc/ssh/ssh_host_rsa_key +PubkeyAuthentication yes +AuthorizedKeysFile .ssh/authorized_keys +PasswordAuthentication yes +KbdInteractiveAuthentication no +UsePAM yes +PrintMotd no +Subsystem sftp internal-sftp + +Match Group user + ChrootDirectory /sftp + PermitTunnel no + AllowAgentForwarding no + AllowTCPForwarding no + X11Forwarding no + ForceCommand internal-sftp