Add: Ciphers/Cryptoparams to sshd_config
This commit is contained in:
parent
e9c6b0cd57
commit
f06a55875b
|
@ -18,7 +18,7 @@ RUN mkdir /run/sshd
|
||||||
COPY ./data/run.sh /run.sh
|
COPY ./data/run.sh /run.sh
|
||||||
COPY ./data/sshd_config /etc/ssh/sshd_config
|
COPY ./data/sshd_config /etc/ssh/sshd_config
|
||||||
|
|
||||||
CMD /bin/bash -x /run.sh
|
CMD /bin/bash /run.sh
|
||||||
|
|
||||||
# Default SSH-Port for clients
|
# Default SSH-Port for clients
|
||||||
EXPOSE 22
|
EXPOSE 22
|
||||||
|
|
25
data/run.sh
25
data/run.sh
|
@ -9,25 +9,34 @@ SSH_KEY_DIR=/sshkeys
|
||||||
echo "########################################################"
|
echo "########################################################"
|
||||||
for dir in BORG_DATA_DIR SSH_KEY_DIR ; do
|
for dir in BORG_DATA_DIR SSH_KEY_DIR ; do
|
||||||
dirpath=$(eval echo '$'$dir)
|
dirpath=$(eval echo '$'$dir)
|
||||||
echo "Testing Volume $dir: $dirpath"
|
echo " * Testing Volume $dir: $dirpath"
|
||||||
if [ ! -d "$dirpath" ] ; then
|
if [ ! -d "$dirpath" ] ; then
|
||||||
echo "ERROR: $dirpath is no directory!"
|
echo "ERROR: $dirpath is no directory!"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ $(find $SSH_KEY_DIR -type f | wc -l) == 0 ] ; then
|
if [ $(find "${SSH_KEY_DIR}/clients" -type f | wc -l) == 0 ] ; then
|
||||||
echo "ERROR: No SSH-Pubkey file found in $SSH_KEY_DIR"
|
echo "ERROR: No SSH-Pubkey file found in $SSH_KEY_DIR"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# Copy SSH-Host-Keys to persistent storage
|
||||||
|
mkdir -p ${SSH_KEY_DIR}/host 2>/dev/null
|
||||||
|
echo " * Checking / Preparing SSH Host-Keys..."
|
||||||
|
for keyfile in ssh_host_rsa_key ssh_host_ed25519_key ; do
|
||||||
|
if [ ! -f "${SSH_KEY_DIR}/host/${keyfile}" ] ; then
|
||||||
|
cp /etc/ssh/${keyfile} "${SSH_KEY_DIR}/host/${keyfile}"
|
||||||
|
fi
|
||||||
|
done
|
||||||
echo "########################################################"
|
echo "########################################################"
|
||||||
|
|
||||||
echo "Starting SSH-Key import..."
|
echo " * Starting SSH-Key import..."
|
||||||
for keyfile in $(find $SSH_KEY_DIR -type f); do
|
for keyfile in $(find "${SSH_KEY_DIR}/clients" -type f); do
|
||||||
client_name=$(basename $keyfile)
|
client_name=$(basename $keyfile)
|
||||||
echo "Adding client ${client_name} with repo path ${BORG_DATA_DIR}/${client_name}"
|
echo " ** Adding client ${client_name} with repo path ${BORG_DATA_DIR}/${client_name}"
|
||||||
mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null
|
mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null
|
||||||
echo -n "command=\"$(eval echo -n \"$BORG_CMD\")\" " >> /home/borg/.ssh/authorized_keys
|
echo -n "command=\"$(eval echo -n \"${BORG_CMD}\")\" " >> /home/borg/.ssh/authorized_keys
|
||||||
cat $keyfile >> /home/borg/.ssh/authorized_keys
|
cat $keyfile >> /home/borg/.ssh/authorized_keys
|
||||||
done
|
done
|
||||||
|
|
||||||
|
@ -35,8 +44,8 @@ chown -R borg: /backup
|
||||||
chown borg: /home/borg/.ssh/authorized_keys
|
chown borg: /home/borg/.ssh/authorized_keys
|
||||||
chmod 600 /home/borg/.ssh/authorized_keys
|
chmod 600 /home/borg/.ssh/authorized_keys
|
||||||
|
|
||||||
echo "Init done!"
|
echo " * Init done!"
|
||||||
echo "########################################################"
|
echo "########################################################"
|
||||||
echo "Starting SSH-Daemon"
|
echo " * Starting SSH-Daemon"
|
||||||
|
|
||||||
/usr/sbin/sshd -D -e
|
/usr/sbin/sshd -D -e
|
||||||
|
|
|
@ -3,9 +3,8 @@ AddressFamily any
|
||||||
ListenAddress 0.0.0.0
|
ListenAddress 0.0.0.0
|
||||||
ListenAddress ::
|
ListenAddress ::
|
||||||
|
|
||||||
HostKey /etc/ssh/ssh_host_rsa_key
|
HostKey /sshkeys/host/ssh_host_rsa_key
|
||||||
HostKey /etc/ssh/ssh_host_ecdsa_key
|
HostKey /sshkeys/host/ssh_host_ed25519_key
|
||||||
HostKey /etc/ssh/ssh_host_ed25519_key
|
|
||||||
|
|
||||||
PermitRootLogin no
|
PermitRootLogin no
|
||||||
StrictModes yes
|
StrictModes yes
|
||||||
|
@ -17,6 +16,11 @@ AuthorizedKeysFile .ssh/authorized_keys
|
||||||
LogLevel INFO
|
LogLevel INFO
|
||||||
#LogLevel DEBUG
|
#LogLevel DEBUG
|
||||||
|
|
||||||
|
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
|
||||||
|
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
|
||||||
|
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
|
||||||
|
|
||||||
|
|
||||||
PasswordAuthentication no
|
PasswordAuthentication no
|
||||||
ChallengeResponseAuthentication no
|
ChallengeResponseAuthentication no
|
||||||
UsePAM yes
|
UsePAM yes
|
||||||
|
|
Loading…
Reference in a new issue