zenermerps/docker-borgserver
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add: Ciphers/Cryptoparams to sshd_config

Browse source
This commit is contained in:
nold 2017-10-20 06:45:14 +02:00
parent e9c6b0cd57
commit f06a55875b
3 changed files with 26 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Dockerfile
View file

@ -18,7 +18,7 @@ RUN mkdir /run/sshd
COPY ./data/run.sh /run.sh
COPY ./data/sshd_config /etc/ssh/sshd_config
CMD /bin/bash -x /run.sh
CMD /bin/bash /run.sh
# Default SSH-Port for clients
EXPOSE 22

27
data/run.sh
View file

@ -9,25 +9,34 @@ SSH_KEY_DIR=/sshkeys
echo "########################################################"
for dir in BORG_DATA_DIR SSH_KEY_DIR ; do
dirpath=$(eval echo '$'$dir)
echo "Testing Volume $dir: $dirpath"
echo " * Testing Volume $dir: $dirpath"
if [ ! -d "$dirpath" ] ; then
echo " ERROR: $dirpath is no directory!"
echo "ERROR: $dirpath is no directory!"
exit 1
fi
if [ $(find $SSH_KEY_DIR -type f | wc -l) == 0 ] ; then
if [ $(find "${SSH_KEY_DIR}/clients" -type f | wc -l) == 0 ] ; then
echo "ERROR: No SSH-Pubkey file found in $SSH_KEY_DIR"
exit 1
fi
done
# Copy SSH-Host-Keys to persistent storage
mkdir -p ${SSH_KEY_DIR}/host 2>/dev/null
echo " * Checking / Preparing SSH Host-Keys..."
for keyfile in ssh_host_rsa_key ssh_host_ed25519_key ; do
if [ ! -f "${SSH_KEY_DIR}/host/${keyfile}" ] ; then
cp /etc/ssh/${keyfile} "${SSH_KEY_DIR}/host/${keyfile}"
fi
done
echo "########################################################"
echo "Starting SSH-Key import..."
for keyfile in $(find $SSH_KEY_DIR -type f); do
echo " * Starting SSH-Key import..."
for keyfile in $(find "${SSH_KEY_DIR}/clients" -type f); do
client_name=$(basename $keyfile)
echo "Adding client ${client_name} with repo path ${BORG_DATA_DIR}/${client_name}"
echo " ** Adding client ${client_name} with repo path ${BORG_DATA_DIR}/${client_name}"
mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null
echo -n "command=\"$(eval echo -n \"$BORG_CMD\")\" " >> /home/borg/.ssh/authorized_keys
echo -n "command=\"$(eval echo -n \"${BORG_CMD}\")\" " >> /home/borg/.ssh/authorized_keys
cat $keyfile >> /home/borg/.ssh/authorized_keys
done
@ -35,8 +44,8 @@ chown -R borg: /backup
chown borg: /home/borg/.ssh/authorized_keys
chmod 600 /home/borg/.ssh/authorized_keys
echo "Init done!"
echo " * Init done!"
echo "########################################################"
echo "Starting SSH-Daemon"
echo " * Starting SSH-Daemon"
/usr/sbin/sshd -D -e

10
data/sshd_config
View file

@ -3,9 +3,8 @@ AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /sshkeys/host/ssh_host_rsa_key
HostKey /sshkeys/host/ssh_host_ed25519_key
PermitRootLogin no
StrictModes yes
@ -17,6 +16,11 @@ AuthorizedKeysFile .ssh/authorized_keys
LogLevel INFO
#LogLevel DEBUG
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes