Add: Ciphers/Cryptoparams to sshd_config

2017-10-20 06:45:14 +02:00 · 2017-10-20 06:45:14 +02:00 · f06a55875b
parent e9c6b0cd57
commit f06a55875b
3 changed files with 26 additions and 13 deletions
--- a/2
+++ b/2
@ -18,7 +18,7 @@ RUN mkdir /run/sshd
 COPY ./data/run.sh /run.sh
 COPY ./data/sshd_config /etc/ssh/sshd_config
-CMD /bin/bash -x /run.sh
+CMD /bin/bash /run.sh
 # Default SSH-Port for clients
 EXPOSE 22
--- a/data/run.sh
+++ b/data/run.sh
@ -9,25 +9,34 @@ SSH_KEY_DIR=/sshkeys
 echo "########################################################"
 for dir in BORG_DATA_DIR SSH_KEY_DIR ; do
 	dirpath=$(eval echo '$'$dir)
-	echo "Testing Volume $dir: $dirpath"
+	echo " * Testing Volume $dir: $dirpath"
 	if [ ! -d "$dirpath" ] ; then
-		echo " ERROR: $dirpath is no directory!"
+		echo "ERROR: $dirpath is no directory!"
 		exit 1
 	fi
-	if [ $(find $SSH_KEY_DIR -type f | wc -l) == 0 ] ; then
+	if [ $(find "${SSH_KEY_DIR}/clients" -type f | wc -l) == 0 ] ; then
 		echo "ERROR: No SSH-Pubkey file found in $SSH_KEY_DIR"
 		exit 1
 	fi
 done
 # Copy SSH-Host-Keys to persistent storage
 mkdir -p ${SSH_KEY_DIR}/host 2>/dev/null
 echo " * Checking / Preparing SSH Host-Keys..."
 for keyfile in ssh_host_rsa_key ssh_host_ed25519_key ; do
 	if [ ! -f "${SSH_KEY_DIR}/host/${keyfile}" ] ; then
 		cp /etc/ssh/${keyfile} "${SSH_KEY_DIR}/host/${keyfile}"
 	fi
 done
 echo "########################################################"
-echo "Starting SSH-Key import..."
+echo " * Starting SSH-Key import..."
-for keyfile in $(find $SSH_KEY_DIR -type f); do
+for keyfile in $(find "${SSH_KEY_DIR}/clients" -type f); do
    client_name=$(basename $keyfile)
-    echo "Adding client ${client_name} with repo path ${BORG_DATA_DIR}/${client_name}"
+    echo "  ** Adding client ${client_name} with repo path ${BORG_DATA_DIR}/${client_name}"
    mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null
-    echo -n "command=\"$(eval echo -n \"$BORG_CMD\")\" " >> /home/borg/.ssh/authorized_keys
+    echo -n "command=\"$(eval echo -n \"${BORG_CMD}\")\" " >> /home/borg/.ssh/authorized_keys
 	cat $keyfile >> /home/borg/.ssh/authorized_keys
 done
@ -35,8 +44,8 @@ chown -R borg: /backup
 chown borg: /home/borg/.ssh/authorized_keys
 chmod 600 /home/borg/.ssh/authorized_keys
-echo "Init done!"
+echo " * Init done!"
 echo "########################################################"
-echo "Starting SSH-Daemon"
+echo " * Starting SSH-Daemon"
 /usr/sbin/sshd -D -e
--- a/data/sshd_config
+++ b/data/sshd_config
@ -3,9 +3,8 @@ AddressFamily any
 ListenAddress 0.0.0.0
 ListenAddress ::
-HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /sshkeys/host/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /sshkeys/host/ssh_host_ed25519_key
 HostKey /etc/ssh/ssh_host_ed25519_key
 PermitRootLogin no
 StrictModes yes
@ -17,6 +16,11 @@ AuthorizedKeysFile	.ssh/authorized_keys
 LogLevel INFO
 #LogLevel DEBUG
 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
 PasswordAuthentication no
 ChallengeResponseAuthentication no
 UsePAM yes