From ae2f6c90ef77a0caf7c997e66326d7a139e0a2e7 Mon Sep 17 00:00:00 2001 From: nold Date: Mon, 12 Nov 2018 15:04:21 +0100 Subject: [PATCH] * New base-image: debian:buster-slim * Smaller Image Footprint (169MB -> 116MB) * Remove support for the hmac-ripemd160 MAC (OpenSSH 7.9p1) --- Dockerfile | 17 ++++++++++------- data/sshd_config | 3 +-- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index fa9f9a2..30f7021 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ # Dockerfile to build borgbackup server images # Based on Debian ############################################################ -FROM debian:latest +FROM debian:buster-slim # Volume for SSH-Keys VOLUME /sshkeys @@ -12,12 +12,15 @@ VOLUME /backup ENV DEBIAN_FRONTEND noninteractive -RUN apt-get update && apt-get -y --no-install-recommends install borgbackup openssh-server && apt-get clean -RUN useradd -s /bin/bash -m borg ; \ - mkdir /home/borg/.ssh && chmod 700 /home/borg/.ssh && chown borg: /home/borg/.ssh ; \ - mkdir /run/sshd -RUN rm -f /etc/ssh/ssh_host*key* ; \ - rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/* +RUN apt-get update && apt-get -y --no-install-recommends install \ + borgbackup openssh-server && apt-get clean && \ + useradd -s /bin/bash -m borg && \ + mkdir /home/borg/.ssh && \ + chmod 700 /home/borg/.ssh && \ + chown borg: /home/borg/.ssh && \ + mkdir /run/sshd && \ + rm -f /etc/ssh/ssh_host*key* && \ + rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/* COPY ./data/run.sh /run.sh COPY ./data/sshd_config /etc/ssh/sshd_config diff --git a/data/sshd_config b/data/sshd_config index 1ebbda7..cb24039 100644 --- a/data/sshd_config +++ b/data/sshd_config @@ -17,7 +17,7 @@ LogLevel INFO #LogLevel DEBUG Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr -MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160 +MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 @@ -29,6 +29,5 @@ AllowTcpForwarding no X11Forwarding no PermitTTY no PrintMotd no -UsePrivilegeSeparation sandbox PermitTunnel no Subsystem sftp /bin/false