Add: Ciphers/Cryptoparams to sshd_config

This commit is contained in:
nold 2017-10-20 06:45:14 +02:00
parent e9c6b0cd57
commit f06a55875b
3 changed files with 26 additions and 13 deletions

View file

@ -18,7 +18,7 @@ RUN mkdir /run/sshd
COPY ./data/run.sh /run.sh COPY ./data/run.sh /run.sh
COPY ./data/sshd_config /etc/ssh/sshd_config COPY ./data/sshd_config /etc/ssh/sshd_config
CMD /bin/bash -x /run.sh CMD /bin/bash /run.sh
# Default SSH-Port for clients # Default SSH-Port for clients
EXPOSE 22 EXPOSE 22

View file

@ -9,25 +9,34 @@ SSH_KEY_DIR=/sshkeys
echo "########################################################" echo "########################################################"
for dir in BORG_DATA_DIR SSH_KEY_DIR ; do for dir in BORG_DATA_DIR SSH_KEY_DIR ; do
dirpath=$(eval echo '$'$dir) dirpath=$(eval echo '$'$dir)
echo "Testing Volume $dir: $dirpath" echo " * Testing Volume $dir: $dirpath"
if [ ! -d "$dirpath" ] ; then if [ ! -d "$dirpath" ] ; then
echo "ERROR: $dirpath is no directory!" echo "ERROR: $dirpath is no directory!"
exit 1 exit 1
fi fi
if [ $(find $SSH_KEY_DIR -type f | wc -l) == 0 ] ; then if [ $(find "${SSH_KEY_DIR}/clients" -type f | wc -l) == 0 ] ; then
echo "ERROR: No SSH-Pubkey file found in $SSH_KEY_DIR" echo "ERROR: No SSH-Pubkey file found in $SSH_KEY_DIR"
exit 1 exit 1
fi fi
done done
# Copy SSH-Host-Keys to persistent storage
mkdir -p ${SSH_KEY_DIR}/host 2>/dev/null
echo " * Checking / Preparing SSH Host-Keys..."
for keyfile in ssh_host_rsa_key ssh_host_ed25519_key ; do
if [ ! -f "${SSH_KEY_DIR}/host/${keyfile}" ] ; then
cp /etc/ssh/${keyfile} "${SSH_KEY_DIR}/host/${keyfile}"
fi
done
echo "########################################################" echo "########################################################"
echo "Starting SSH-Key import..." echo " * Starting SSH-Key import..."
for keyfile in $(find $SSH_KEY_DIR -type f); do for keyfile in $(find "${SSH_KEY_DIR}/clients" -type f); do
client_name=$(basename $keyfile) client_name=$(basename $keyfile)
echo "Adding client ${client_name} with repo path ${BORG_DATA_DIR}/${client_name}" echo " ** Adding client ${client_name} with repo path ${BORG_DATA_DIR}/${client_name}"
mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null
echo -n "command=\"$(eval echo -n \"$BORG_CMD\")\" " >> /home/borg/.ssh/authorized_keys echo -n "command=\"$(eval echo -n \"${BORG_CMD}\")\" " >> /home/borg/.ssh/authorized_keys
cat $keyfile >> /home/borg/.ssh/authorized_keys cat $keyfile >> /home/borg/.ssh/authorized_keys
done done
@ -35,8 +44,8 @@ chown -R borg: /backup
chown borg: /home/borg/.ssh/authorized_keys chown borg: /home/borg/.ssh/authorized_keys
chmod 600 /home/borg/.ssh/authorized_keys chmod 600 /home/borg/.ssh/authorized_keys
echo "Init done!" echo " * Init done!"
echo "########################################################" echo "########################################################"
echo "Starting SSH-Daemon" echo " * Starting SSH-Daemon"
/usr/sbin/sshd -D -e /usr/sbin/sshd -D -e

View file

@ -3,9 +3,8 @@ AddressFamily any
ListenAddress 0.0.0.0 ListenAddress 0.0.0.0
ListenAddress :: ListenAddress ::
HostKey /etc/ssh/ssh_host_rsa_key HostKey /sshkeys/host/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /sshkeys/host/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_ed25519_key
PermitRootLogin no PermitRootLogin no
StrictModes yes StrictModes yes
@ -17,6 +16,11 @@ AuthorizedKeysFile .ssh/authorized_keys
LogLevel INFO LogLevel INFO
#LogLevel DEBUG #LogLevel DEBUG
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
PasswordAuthentication no PasswordAuthentication no
ChallengeResponseAuthentication no ChallengeResponseAuthentication no
UsePAM yes UsePAM yes