diff --git a/Dockerfile b/Dockerfile index 47ac0d9..12070fe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,13 +1,36 @@ FROM ubuntu:latest -RUN apt update && apt install openssh-server sudo scp -y +ENV DEBIAN_FRONTEND=noninteractive -RUN useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo -u 1000 test +RUN apt update && \ + apt install --no-install-recommends -y \ + nano \ + openssh-server \ + openssh-client \ + rsync \ + sudo && \ + rm -rf /var/lib/apt/lists/* && \ + useradd -m -d /home/user -s /bin/bash -U -G sudo -u 1000 user && \ + echo 'user ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers && \ + mkdir /home/user/.ssh/ -RUN echo 'test:test' | chpasswd +COPY authorized_keys config id_ed25519 id_ed25519.pub known_hosts /home/user/.ssh/ +COPY sshd_config ssh_host_ed25519_key ssh_host_ed25519_key.pub /etc/ssh/ -RUN service ssh start +RUN chown -R user:user /home/user/.ssh && \ + chmod 644 /home/user/.ssh/authorized_keys && \ + chmod 600 /home/user/.ssh/config && \ + chmod 600 /home/user/.ssh/id_ed25519 && \ + chmod 600 /home/user/.ssh/id_ed25519.pub && \ + chmod 600 /home/user/.ssh/known_hosts -EXPOSE 22 +RUN chown root:root /etc/ssh/* && \ + chmod 644 /etc/ssh/sshd_config && \ + chmod 600 /etc/ssh/ssh_host_ed25519_key && \ + chmod 644 /etc/ssh/ssh_host_ed25519_key.pub -CMD ["/usr/sbin/sshd","-D"] \ No newline at end of file +RUN service ssh start + +EXPOSE 22 + +CMD ["/usr/sbin/sshd","-D"] diff --git a/authorized_keys b/authorized_keys new file mode 100644 index 0000000..901437a --- /dev/null +++ b/authorized_keys @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE26RPGDs9sn0Sf99pH87Eq7ipDJ6tI5ojx0NfdhEr2B \ No newline at end of file diff --git a/config b/config new file mode 100644 index 0000000..e626eab --- /dev/null +++ b/config @@ -0,0 +1,36 @@ +Host mail + Hostname sftp-source.mail.svc.cluster.internal + IdentityFile /home/user/.ssh/id_ed25519 + User user + HostKeyAlgorithms=+ssh-ed25519 + +Host cloud + Hostname sftp-source.cloud.svc.cluster.internal + IdentityFile /home/user/.ssh/id_ed25519 + User user + HostKeyAlgorithms=+ssh-ed25519 + +Host code + Hostname sftp-source.code.svc.cluster.internal + IdentityFile /home/user/.ssh/id_ed25519 + User user + HostKeyAlgorithms=+ssh-ed25519 + +Host social + Hostname sftp-source.social.svc.cluster.internal + IdentityFile /home/user/.ssh/id_ed25519 + User user + HostKeyAlgorithms=+ssh-ed25519 + +Host matrix + Hostname sftp-source.matrix.svc.cluster.internal + IdentityFile /home/user/.ssh/id_ed25519 + User user + HostKeyAlgorithms=+ssh-ed25519 + +Host files + Hostname sftp-source.files.svc.cluster.internal + IdentityFile /home/user/.ssh/id_ed25519 + User user + HostKeyAlgorithms=+ssh-ed25519 + \ No newline at end of file diff --git a/id_ed25519 b/id_ed25519 new file mode 100644 index 0000000..64023ac --- /dev/null +++ b/id_ed25519 @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACBNukTxg7PbJ9En/faR/OxKu4qQyerSOaI8dDX3YRK9gQAAAJglASzhJQEs +4QAAAAtzc2gtZWQyNTUxOQAAACBNukTxg7PbJ9En/faR/OxKu4qQyerSOaI8dDX3YRK9gQ +AAAEBaA+9x3FzHUjmoj6Smm0LCY4bC4RVRe0PoPuPUlW4EcU26RPGDs9sn0Sf99pH87Eq7 +ipDJ6tI5ojx0NfdhEr2BAAAAD21pY2hhZWxAbGF0NTQyMAECAwQFBg== +-----END OPENSSH PRIVATE KEY----- diff --git a/id_ed25519.pub b/id_ed25519.pub new file mode 100644 index 0000000..08406d3 --- /dev/null +++ b/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE26RPGDs9sn0Sf99pH87Eq7ipDJ6tI5ojx0NfdhEr2B diff --git a/known_hosts b/known_hosts new file mode 100644 index 0000000..a2bec95 --- /dev/null +++ b/known_hosts @@ -0,0 +1,6 @@ +sftp-source.cloud.svc.cluster.internal ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJeHmPhpE7HyF+v6hmnLJrbu4Z+BLxl6d2k98NbRI30h +sftp-source.code.svc.cluster.internal ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJeHmPhpE7HyF+v6hmnLJrbu4Z+BLxl6d2k98NbRI30h +sftp-source.matrix.svc.cluster.internal ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJeHmPhpE7HyF+v6hmnLJrbu4Z+BLxl6d2k98NbRI30h +sftp-source.social.svc.cluster.internal ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJeHmPhpE7HyF+v6hmnLJrbu4Z+BLxl6d2k98NbRI30h +sftp-source.files.svc.cluster.internal ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJeHmPhpE7HyF+v6hmnLJrbu4Z+BLxl6d2k98NbRI30h +sftp-source.mail.svc.cluster.internal ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJeHmPhpE7HyF+v6hmnLJrbu4Z+BLxl6d2k98NbRI30h \ No newline at end of file diff --git a/ssh_host_ed25519_key b/ssh_host_ed25519_key new file mode 100644 index 0000000..7defc23 --- /dev/null +++ b/ssh_host_ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACCXh5j4aROx8hfr+oZpyya27uGfgS8ZendpPfDW0SN9IQAAAJjZJLWm2SS1 +pgAAAAtzc2gtZWQyNTUxOQAAACCXh5j4aROx8hfr+oZpyya27uGfgS8ZendpPfDW0SN9IQ +AAAEAOyT0w3/3vSEA0s3yA18H7hQM9IAVhn6oIZYpnGaHlf5eHmPhpE7HyF+v6hmnLJrbu +4Z+BLxl6d2k98NbRI30hAAAAD21pY2hhZWxAbGF0NTQyMAECAwQFBg== +-----END OPENSSH PRIVATE KEY----- diff --git a/ssh_host_ed25519_key.pub b/ssh_host_ed25519_key.pub new file mode 100644 index 0000000..38a98a7 --- /dev/null +++ b/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJeHmPhpE7HyF+v6hmnLJrbu4Z+BLxl6d2k98NbRI30h diff --git a/sshd_config b/sshd_config new file mode 100644 index 0000000..1fb5558 --- /dev/null +++ b/sshd_config @@ -0,0 +1,12 @@ +Port 22 +AddressFamily any +ListenAddress 0.0.0.0 +ListenAddress :: +HostKey /etc/ssh/ssh_host_ed25519_key +PubkeyAuthentication yes +AuthorizedKeysFile .ssh/authorized_keys +PasswordAuthentication no +KbdInteractiveAuthentication no +UsePAM yes +PrintMotd no +Subsystem sftp /usr/lib/ssh/sftp-server