* New base-image: debian:buster-slim
* Smaller Image Footprint (169MB -> 116MB) * Remove support for the hmac-ripemd160 MAC (OpenSSH 7.9p1)
This commit is contained in:
parent
5e5031e828
commit
ae2f6c90ef
15
Dockerfile
15
Dockerfile
|
@ -2,7 +2,7 @@
|
|||
# Dockerfile to build borgbackup server images
|
||||
# Based on Debian
|
||||
############################################################
|
||||
FROM debian:latest
|
||||
FROM debian:buster-slim
|
||||
|
||||
# Volume for SSH-Keys
|
||||
VOLUME /sshkeys
|
||||
|
@ -12,11 +12,14 @@ VOLUME /backup
|
|||
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
|
||||
RUN apt-get update && apt-get -y --no-install-recommends install borgbackup openssh-server && apt-get clean
|
||||
RUN useradd -s /bin/bash -m borg ; \
|
||||
mkdir /home/borg/.ssh && chmod 700 /home/borg/.ssh && chown borg: /home/borg/.ssh ; \
|
||||
mkdir /run/sshd
|
||||
RUN rm -f /etc/ssh/ssh_host*key* ; \
|
||||
RUN apt-get update && apt-get -y --no-install-recommends install \
|
||||
borgbackup openssh-server && apt-get clean && \
|
||||
useradd -s /bin/bash -m borg && \
|
||||
mkdir /home/borg/.ssh && \
|
||||
chmod 700 /home/borg/.ssh && \
|
||||
chown borg: /home/borg/.ssh && \
|
||||
mkdir /run/sshd && \
|
||||
rm -f /etc/ssh/ssh_host*key* && \
|
||||
rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/*
|
||||
|
||||
COPY ./data/run.sh /run.sh
|
||||
|
|
|
@ -17,7 +17,7 @@ LogLevel INFO
|
|||
#LogLevel DEBUG
|
||||
|
||||
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
|
||||
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
|
||||
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
|
||||
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
|
||||
|
||||
|
||||
|
@ -29,6 +29,5 @@ AllowTcpForwarding no
|
|||
X11Forwarding no
|
||||
PermitTTY no
|
||||
PrintMotd no
|
||||
UsePrivilegeSeparation sandbox
|
||||
PermitTunnel no
|
||||
Subsystem sftp /bin/false
|
||||
|
|
Loading…
Reference in a new issue