Created Init-Container that pulls pubkeys from git, creates authorized_keys, ssh-host-keys and backup-repo folders
This commit is contained in:
parent
ac797c90f6
commit
1a8e59d773
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,2 +1,3 @@
|
||||||
/backup
|
/backup
|
||||||
/sshkeys
|
/sshkeys
|
||||||
|
.env
|
||||||
|
|
31
Dockerfile
31
Dockerfile
|
@ -1,31 +0,0 @@
|
||||||
############################################################
|
|
||||||
# Dockerfile to build borgbackup server images
|
|
||||||
# Based on Debian
|
|
||||||
############################################################
|
|
||||||
FROM debian:buster-slim
|
|
||||||
|
|
||||||
# Volume for SSH-Keys
|
|
||||||
VOLUME /sshkeys
|
|
||||||
|
|
||||||
# Volume for borg repositories
|
|
||||||
VOLUME /backup
|
|
||||||
|
|
||||||
ENV DEBIAN_FRONTEND noninteractive
|
|
||||||
|
|
||||||
RUN apt-get update && apt-get -y --no-install-recommends install \
|
|
||||||
borgbackup openssh-server && apt-get clean && \
|
|
||||||
useradd -s /bin/bash -m -U borg && \
|
|
||||||
mkdir /home/borg/.ssh && \
|
|
||||||
chmod 700 /home/borg/.ssh && \
|
|
||||||
chown borg:borg /home/borg/.ssh && \
|
|
||||||
mkdir /run/sshd && \
|
|
||||||
rm -f /etc/ssh/ssh_host*key* && \
|
|
||||||
rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/*
|
|
||||||
|
|
||||||
COPY ./data/run.sh /run.sh
|
|
||||||
COPY ./data/sshd_config /etc/ssh/sshd_config
|
|
||||||
|
|
||||||
ENTRYPOINT /run.sh
|
|
||||||
|
|
||||||
# Default SSH-Port for clients
|
|
||||||
EXPOSE 22
|
|
2
build.sh
Normal file
2
build.sh
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
docker build -t borg:git server
|
||||||
|
docker build -t borg:init init
|
95
data/run.sh
95
data/run.sh
|
@ -1,95 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
# Start Script for docker-borgserver
|
|
||||||
|
|
||||||
PUID=${PUID:-1000}
|
|
||||||
PGID=${PGID:-1000}
|
|
||||||
|
|
||||||
usermod -o -u "$PUID" borg &>/dev/null
|
|
||||||
groupmod -o -g "$PGID" borg &>/dev/null
|
|
||||||
|
|
||||||
BORG_DATA_DIR=/backup
|
|
||||||
SSH_KEY_DIR=/sshkeys
|
|
||||||
BORG_CMD='cd ${BORG_DATA_DIR}/${client_name}; borg serve --restrict-to-path ${BORG_DATA_DIR}/${client_name} ${BORG_SERVE_ARGS}'
|
|
||||||
AUTHORIZED_KEYS_PATH=/home/borg/.ssh/authorized_keys
|
|
||||||
|
|
||||||
# Append only mode?
|
|
||||||
BORG_APPEND_ONLY=${BORG_APPEND_ONLY:=no}
|
|
||||||
|
|
||||||
echo "########################################################"
|
|
||||||
echo -n " * Docker BorgServer powered by "
|
|
||||||
borg -V
|
|
||||||
echo "########################################################"
|
|
||||||
echo " * User id: $(id -u borg)"
|
|
||||||
echo " * Group id: $(id -g borg)"
|
|
||||||
echo "########################################################"
|
|
||||||
|
|
||||||
|
|
||||||
# Precheck if BORG_ADMIN is set
|
|
||||||
if [ "${BORG_APPEND_ONLY}" == "yes" ] && [ -z "${BORG_ADMIN}" ] ; then
|
|
||||||
echo "WARNING: BORG_APPEND_ONLY is active, but no BORG_ADMIN was specified!"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Precheck directories & client ssh-keys
|
|
||||||
for dir in BORG_DATA_DIR SSH_KEY_DIR ; do
|
|
||||||
dirpath=$(eval echo '$'${dir})
|
|
||||||
echo " * Testing Volume ${dir}: ${dirpath}"
|
|
||||||
if [ ! -d "${dirpath}" ] ; then
|
|
||||||
echo "ERROR: ${dirpath} is no directory!"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$(find ${SSH_KEY_DIR}/clients ! -regex '.*/\..*' -a -type f | wc -l)" == "0" ] ; then
|
|
||||||
echo "ERROR: No SSH-Pubkey file found in ${SSH_KEY_DIR}"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
# Create SSH-Host-Keys on persistent storage, if not exist
|
|
||||||
mkdir -p ${SSH_KEY_DIR}/host 2>/dev/null
|
|
||||||
echo " * Checking / Preparing SSH Host-Keys..."
|
|
||||||
for keytype in ed25519 rsa ; do
|
|
||||||
if [ ! -f "${SSH_KEY_DIR}/host/ssh_host_${keytype}_key" ] ; then
|
|
||||||
echo " ** Creating SSH Hostkey [${keytype}]..."
|
|
||||||
ssh-keygen -q -f "${SSH_KEY_DIR}/host/ssh_host_${keytype}_key" -N '' -t ${keytype}
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "########################################################"
|
|
||||||
echo " * Starting SSH-Key import..."
|
|
||||||
|
|
||||||
# Add every key to borg-users authorized_keys
|
|
||||||
rm ${AUTHORIZED_KEYS_PATH} &>/dev/null
|
|
||||||
for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); do
|
|
||||||
client_name=$(basename ${keyfile})
|
|
||||||
mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null
|
|
||||||
echo " ** Adding client ${client_name} with repo path ${BORG_DATA_DIR}/${client_name}"
|
|
||||||
|
|
||||||
# If client is $BORG_ADMIN unset $client_name, so path restriction equals $BORG_DATA_DIR
|
|
||||||
# Otherwise add --append-only, if enabled
|
|
||||||
borg_cmd=${BORG_CMD}
|
|
||||||
if [ "${client_name}" == "${BORG_ADMIN}" ] ; then
|
|
||||||
echo " ** Client '${client_name}' is BORG_ADMIN! **"
|
|
||||||
unset client_name
|
|
||||||
elif [ "${BORG_APPEND_ONLY}" == "yes" ] ; then
|
|
||||||
borg_cmd="${BORG_CMD} --append-only"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo -n "command=\"$(eval echo -n \"${borg_cmd}\")\" " >> ${AUTHORIZED_KEYS_PATH}
|
|
||||||
cat ${keyfile} >> ${AUTHORIZED_KEYS_PATH}
|
|
||||||
done
|
|
||||||
|
|
||||||
echo " * Validating structure of generated ${AUTHORIZED_KEYS_PATH}..."
|
|
||||||
ERROR=$(ssh-keygen -lf ${AUTHORIZED_KEYS_PATH} 2>&1 >/dev/null)
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
echo "ERROR: ${ERROR}"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
chown -R borg:borg ${BORG_DATA_DIR}
|
|
||||||
chown borg:borg ${AUTHORIZED_KEYS_PATH}
|
|
||||||
chmod 600 ${AUTHORIZED_KEYS_PATH}
|
|
||||||
|
|
||||||
echo "########################################################"
|
|
||||||
echo " * Init done! Starting SSH-Daemon..."
|
|
||||||
|
|
||||||
/usr/sbin/sshd -D -e
|
|
|
@ -1,13 +1,31 @@
|
||||||
version: '3'
|
version: '3'
|
||||||
services:
|
services:
|
||||||
borgserver:
|
init:
|
||||||
image: nold360/borgserver
|
image: borg:init
|
||||||
#build: .
|
env_file: .env
|
||||||
volumes:
|
volumes:
|
||||||
- ./backup:/backup
|
- borg-home:/home/borg/.ssh:rw
|
||||||
- ./sshkeys:/sshkeys
|
- host-keys:/sshkeys:rw
|
||||||
|
|
||||||
|
# FIXME: i want to get rid of that..
|
||||||
|
- backup:/backup:rw
|
||||||
|
restart: "no"
|
||||||
|
|
||||||
|
borgserver:
|
||||||
|
#image: nold360/borgserver
|
||||||
|
image: borg:git
|
||||||
|
user: 1000:1000
|
||||||
|
volumes:
|
||||||
|
# generated authorized_keys by init
|
||||||
|
- borg-home:/home/borg/.ssh:ro
|
||||||
|
|
||||||
|
# only contains host-keys now
|
||||||
|
- host-keys:/sshkeys:ro
|
||||||
|
|
||||||
|
# Backup repository for borg
|
||||||
|
- backup:/backup:rw
|
||||||
ports:
|
ports:
|
||||||
- "2222:22"
|
- "2222:2222"
|
||||||
environment:
|
environment:
|
||||||
BORG_SERVE_ARGS: ""
|
BORG_SERVE_ARGS: ""
|
||||||
|
|
||||||
|
@ -17,4 +35,12 @@ services:
|
||||||
|
|
||||||
# Hostname of Admin's SSH-Key
|
# Hostname of Admin's SSH-Key
|
||||||
BORG_ADMIN: ""
|
BORG_ADMIN: ""
|
||||||
|
depends_on:
|
||||||
|
- init
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
|
||||||
|
# Shared volume to exchange authorized_keys between init & server
|
||||||
|
volumes:
|
||||||
|
borg-home:
|
||||||
|
host-keys:
|
||||||
|
backup:
|
||||||
|
|
2
env.example
Normal file
2
env.example
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
KEY_GIT_URL=https://github.com/yourName/your-ssh-pub-keys.git
|
||||||
|
KEY_GIT_BRANCH=master
|
13
init/Dockerfile
Normal file
13
init/Dockerfile
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
# Borgserver Init-Container, simply replace entrypoiny and install git
|
||||||
|
#FROM nold360/borgserver:latest
|
||||||
|
FROM borg:git
|
||||||
|
|
||||||
|
USER root
|
||||||
|
RUN export DEBIAN_FRONTEND=noninteractive && \
|
||||||
|
apt-get update && \
|
||||||
|
apt-get -y --no-install-recommends install \
|
||||||
|
git ca-certificates && \
|
||||||
|
apt-get clean && \
|
||||||
|
rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/*
|
||||||
|
|
||||||
|
COPY ./entrypoint.sh /entrypoint.sh
|
107
init/entrypoint.sh
Executable file
107
init/entrypoint.sh
Executable file
|
@ -0,0 +1,107 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Init-Start Script for docker-borgserver
|
||||||
|
# Will pull ssh-keys from git specified via KEY_GIT_URL and KEY_GIT_BRANCH [default: master]
|
||||||
|
# and merge them into a single [openssh] authorized_keys file.
|
||||||
|
PUID=${PUID:-1000}
|
||||||
|
PGID=${PGID:-1000}
|
||||||
|
|
||||||
|
usermod -o -u "$PUID" borg &>/dev/null
|
||||||
|
groupmod -o -g "$PGID" borg &>/dev/null
|
||||||
|
|
||||||
|
# FIXME: Is this changeable? guess it should be.. should move it to some kind of
|
||||||
|
# build-env file
|
||||||
|
BORG_DATA_DIR=${BORG_DATA_DIR:-/backup}
|
||||||
|
|
||||||
|
BORG_CMD='cd ${BORG_DATA_DIR}/${client_name}; borg serve --restrict-to-path ${BORG_DATA_DIR}/${client_name} ${BORG_SERVE_ARGS}'
|
||||||
|
KEY_GIT_BRANCH=${KEY_GIT_BRANCH:-master}
|
||||||
|
|
||||||
|
# This is the path where the final authorized_keys will be written:
|
||||||
|
AUTHORIZED_KEYS_PATH=${AUTHORIZED_KEYS_PATH:-/home/borg/.ssh/authorized_keys}
|
||||||
|
|
||||||
|
# This will only contain host-keys now
|
||||||
|
SSH_KEY_DIR=${SSH_KEY_DIR:-/sshkeys}
|
||||||
|
|
||||||
|
# This is no volume anymore, only temporary during init
|
||||||
|
GIT_KEY_DIR=/tmp/gitkeys
|
||||||
|
echo "########################################################"
|
||||||
|
echo " * Docker BorgServer | Git Init-Container *"
|
||||||
|
echo " * $(id)"
|
||||||
|
|
||||||
|
if [ ! -z "${KEY_GIT_URL}" ] ; then
|
||||||
|
# FIXME: Should the container die here, in case of error?
|
||||||
|
# To workaround the limitations of docker-compose we could just loop here like.. forever
|
||||||
|
|
||||||
|
# INFO: simle git clone would be enouth, but you can also use a volume for SSH_KEY_DIR if you like
|
||||||
|
echo " * Cloning '${KEY_GIT_URL}' into '${GIT_KEY_DIR}/clients'"
|
||||||
|
if [ ! -d "${GIT_KEY_DIR}/clients/.git" ] ; then
|
||||||
|
git clone -b ${KEY_GIT_BRANCH} --depth=1 "${KEY_GIT_URL}" "${GIT_KEY_DIR}/clients"
|
||||||
|
else
|
||||||
|
git -C "${GIT_KEY_DIR}/clients" pull
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo " ! FATAL ERROR: KEY_GIT_URL is not set! Can't continue."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$(find ${GIT_KEY_DIR}/clients ! -regex '.*/\..*' -a -type f | wc -l)" == "0" ] ; then
|
||||||
|
echo " ! FATAL ERROR: No SSH-Pubkey file found in ${GIT_KEY_DIR}. Can't continue."
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create SSH-Host-Keys on persistent storage, if not exist
|
||||||
|
# This also means that `${SSH_KEY_DIR}` has to be a shared volume
|
||||||
|
echo " * Checking / Preparing SSH Host-Keys..."
|
||||||
|
for keytype in ed25519 rsa ; do
|
||||||
|
if [ ! -f "${SSH_KEY_DIR}/ssh_host_${keytype}_key" ] ; then
|
||||||
|
echo " ** Creating SSH Hostkey [${keytype}]..."
|
||||||
|
ssh-keygen -q -f "${SSH_KEY_DIR}/ssh_host_${keytype}_key" -N '' -t ${keytype}
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "########################################################"
|
||||||
|
echo " * Starting SSH-Key import..."
|
||||||
|
|
||||||
|
# Add every key to borg-users authorized_keys
|
||||||
|
# FIXME: mkdir of filestructure must still be done by server-container
|
||||||
|
# since we shouldn't have access to the backup-data volume in init
|
||||||
|
rm -f ${AUTHORIZED_KEYS_PATH} &>/dev/null
|
||||||
|
for keyfile in $(find "${GIT_KEY_DIR}" ! -regex '.*/\..*' -a -type f); do
|
||||||
|
client_name=$(basename ${keyfile})
|
||||||
|
|
||||||
|
# check if file is a valid openssh public key
|
||||||
|
if ! ssh-keygen -lf $keyfile &>/dev/null ; then
|
||||||
|
echo " ! WARNING: '$keyfile' is not a valid [open]ssh-public-key. Will continue anyway."
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If client is $BORG_ADMIN unset $client_name, so path restriction equals $BORG_DATA_DIR
|
||||||
|
# Otherwise add --append-only, if enabled
|
||||||
|
borg_cmd=${BORG_CMD}
|
||||||
|
if [ "${client_name}" == "${BORG_ADMIN}" ] ; then
|
||||||
|
echo " ** Client '${client_name}' is BORG_ADMIN! **"
|
||||||
|
unset client_name
|
||||||
|
elif [ "${BORG_APPEND_ONLY}" == "yes" ] ; then
|
||||||
|
borg_cmd="${BORG_CMD} --append-only"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo -n "command=\"$(eval echo -n \"${borg_cmd}\")\" " >> ${AUTHORIZED_KEYS_PATH}
|
||||||
|
cat ${keyfile} >> ${AUTHORIZED_KEYS_PATH}
|
||||||
|
done
|
||||||
|
|
||||||
|
# This will also fail if there wasn't a single valid pubkey found
|
||||||
|
echo " * Validating structure of generated ${AUTHORIZED_KEYS_PATH}..."
|
||||||
|
if ! ssh-keygen -lf ${AUTHORIZED_KEYS_PATH} >/dev/null ; then
|
||||||
|
echo " ! FATAL ERROR: ${AUTHORIZED_KEYS_PATH} is no valid authorized_keys file. Can't continue."
|
||||||
|
exit 3
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo " * Correcting Permissions..."
|
||||||
|
chown borg:borg ${AUTHORIZED_KEYS_PATH}
|
||||||
|
chown -R borg:borg ${SSH_KEY_DIR}/*
|
||||||
|
chown borg:borg ${BORG_DATA_DIR}
|
||||||
|
chmod 600 ${AUTHORIZED_KEYS_PATH}
|
||||||
|
|
||||||
|
echo "########################################################"
|
||||||
|
echo " * Init done! Ready to fire up your borgserver!"
|
||||||
|
|
||||||
|
exit 0
|
36
server/Dockerfile
Normal file
36
server/Dockerfile
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
############################################################
|
||||||
|
# Dockerfile to build borgbackup server images
|
||||||
|
# Based on Debian
|
||||||
|
############################################################
|
||||||
|
FROM debian:buster-slim
|
||||||
|
|
||||||
|
# Volume for SSH-Host-Keys
|
||||||
|
VOLUME /sshkeys
|
||||||
|
|
||||||
|
# Volume for borg repositories
|
||||||
|
VOLUME /backup
|
||||||
|
|
||||||
|
# Volume for authorized_keys exchange from init
|
||||||
|
VOLUME /home/borg
|
||||||
|
|
||||||
|
RUN export DEBIAN_FRONTEND=noninteractive && \
|
||||||
|
apt-get update && \
|
||||||
|
apt-get -y --no-install-recommends install \
|
||||||
|
borgbackup openssh-server iputils-ping && \
|
||||||
|
apt-get clean && \
|
||||||
|
useradd -s /bin/bash -m -U borg && \
|
||||||
|
mkdir /home/borg/.ssh && \
|
||||||
|
chmod 700 /home/borg/.ssh && \
|
||||||
|
touch /home/borg/.ssh/authorized_keys && \
|
||||||
|
chown -R borg:borg /home/borg /backup && \
|
||||||
|
mkdir /run/sshd && \
|
||||||
|
rm -f /etc/ssh/ssh_host*key* && \
|
||||||
|
rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/*
|
||||||
|
|
||||||
|
COPY ./entrypoint.sh /entrypoint.sh
|
||||||
|
COPY ./sshd_config /etc/ssh/sshd_config
|
||||||
|
|
||||||
|
USER borg
|
||||||
|
EXPOSE 2222
|
||||||
|
|
||||||
|
ENTRYPOINT /entrypoint.sh
|
64
server/entrypoint.sh
Executable file
64
server/entrypoint.sh
Executable file
|
@ -0,0 +1,64 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Start Script for docker-borgserver
|
||||||
|
|
||||||
|
PUID=${PUID:-1000}
|
||||||
|
PGID=${PGID:-1000}
|
||||||
|
|
||||||
|
usermod -o -u "$PUID" borg &>/dev/null
|
||||||
|
groupmod -o -g "$PGID" borg &>/dev/null
|
||||||
|
|
||||||
|
BORG_DATA_DIR=${BORG_DATA_DIR:-/backup}
|
||||||
|
SSH_KEY_DIR=${SSH_KEY_DIR:-/sshkeys}
|
||||||
|
BORG_CMD='cd ${BORG_DATA_DIR}/${client_name}; borg serve --restrict-to-path ${BORG_DATA_DIR}/${client_name} ${BORG_SERVE_ARGS}'
|
||||||
|
AUTHORIZED_KEYS_PATH=/home/borg/.ssh/authorized_keys
|
||||||
|
|
||||||
|
# Append only mode?
|
||||||
|
BORG_APPEND_ONLY=${BORG_APPEND_ONLY:=no}
|
||||||
|
|
||||||
|
echo "########################################################"
|
||||||
|
echo " * Docker BorgServer powered by $(borg -V)"
|
||||||
|
echo "########################################################"
|
||||||
|
echo " * $(id)"
|
||||||
|
echo "########################################################"
|
||||||
|
|
||||||
|
echo -n "Waiting for init-container to finish..."
|
||||||
|
sleep 5
|
||||||
|
while ping -c2 init >/dev/null 2>/dev/null ; do
|
||||||
|
echo .
|
||||||
|
sleep 3
|
||||||
|
done
|
||||||
|
echo " done"
|
||||||
|
|
||||||
|
# Precheck if BORG_ADMIN is set
|
||||||
|
if [ "${BORG_APPEND_ONLY}" == "yes" ] && [ -z "${BORG_ADMIN}" ] ; then
|
||||||
|
echo "WARNING: BORG_APPEND_ONLY is active, but no BORG_ADMIN was specified!"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Precheck directories & client ssh-keys
|
||||||
|
for dir in BORG_DATA_DIR SSH_KEY_DIR ; do
|
||||||
|
dirpath=$(eval echo '$'${dir})
|
||||||
|
echo " * Testing Volume ${dir}: ${dirpath}"
|
||||||
|
if [ ! -d "${dirpath}" ] ; then
|
||||||
|
echo " ! ERROR: ${dirpath} is no directory!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
for keytype in ed25519 rsa ; do
|
||||||
|
if [ ! -f "${SSH_KEY_DIR}/ssh_host_${keytype}_key" ] ; then
|
||||||
|
echo " ! WARNING: SSH-Host-Key $keytype doesn't exist!"
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "########################################################"
|
||||||
|
echo " * Checking authorized_keys file..."
|
||||||
|
# Check if authorzied_keys is valid
|
||||||
|
if ! ssh-keygen -lf ${AUTHORIZED_KEYS_PATH} >/dev/null; then
|
||||||
|
echo " ! ERROR: '${AUTHORIZED_KEYS_PATH}' is not a valid authorized_keys-file."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "########################################################"
|
||||||
|
echo " * Init done! Starting SSH-Daemon..."
|
||||||
|
/usr/sbin/sshd -D -e
|
|
@ -1,17 +1,19 @@
|
||||||
Port 22
|
Port 2222
|
||||||
AddressFamily any
|
AddressFamily any
|
||||||
ListenAddress 0.0.0.0
|
ListenAddress 0.0.0.0
|
||||||
ListenAddress ::
|
ListenAddress ::
|
||||||
|
|
||||||
HostKey /sshkeys/host/ssh_host_rsa_key
|
HostKey /sshkeys/ssh_host_rsa_key
|
||||||
HostKey /sshkeys/host/ssh_host_ed25519_key
|
HostKey /sshkeys/ssh_host_ed25519_key
|
||||||
|
|
||||||
|
PidFile /tmp/sshd.pid
|
||||||
|
|
||||||
PermitRootLogin no
|
PermitRootLogin no
|
||||||
StrictModes yes
|
StrictModes yes
|
||||||
MaxSessions 20
|
MaxSessions 20
|
||||||
|
|
||||||
PubkeyAuthentication yes
|
PubkeyAuthentication yes
|
||||||
AuthorizedKeysFile .ssh/authorized_keys
|
AuthorizedKeysFile /home/borg/.ssh/authorized_keys
|
||||||
|
|
||||||
LogLevel INFO
|
LogLevel INFO
|
||||||
|
|
Loading…
Reference in a new issue