Skip to content

Commit

Permalink
feat: ✨ add Additional SSHD configuration
Browse files Browse the repository at this point in the history
fix some bugs

Signed-off-by: Moncef AOUDIA <[email protected]>
  • Loading branch information
aoudiamoncef committed Sep 19, 2024
1 parent 0a542ca commit cb049ab
Show file tree
Hide file tree
Showing 7 changed files with 73 additions and 32 deletions.
2 changes: 1 addition & 1 deletion .dockerignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
.github/
LICENCE
readme.md
README.md
3 changes: 2 additions & 1 deletion .github/workflows/cd.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,10 @@ jobs:
- name: Build and push to Docker Hub and GitHub Container Registry
id: build
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
with:
context: .
sbom: true
push: true
tags: |
aoudiamoncef/ubuntu-sshd:latest
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
ghcr.io/${{ github.repository }}/ubuntu-sshd
- name: Build Docker image
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
with:
context: .
push: false
Expand Down
22 changes: 21 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,2 +1,22 @@

.vagrant*
bin
docker/docker
.*.swp
a.out
*.orig
build_src
.flymake*
.idea
.DS_Store
docs/_build
docs/_static
docs/_templates
.gopath/
.dotcloud
*.test
bundles/
.hg/
.git/
vendor/pkg/
pyenv
Vagrantfile
27 changes: 12 additions & 15 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -3,24 +3,21 @@ FROM ubuntu:24.04

# Set environment variables to avoid interactive prompts during installation
ENV DEBIAN_FRONTEND=noninteractive
ENV SSH_USERNAME=ubuntu
ENV PASSWORD=changeme
ENV SSH_USERNAME="ubuntu"
ENV SSHD_CONFIG_ADDITIONAL=""

# Install OpenSSH server and clean up
# Install OpenSSH server, clean up, create directories, set permissions, and configure SSH
RUN apt-get update \
&& apt-get install -y openssh-server iputils-ping telnet iproute2 \
&& apt-get install -y iproute2 iputils-ping openssh-server telnet \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

# Create the privilege separation directory and fix permissions
RUN mkdir -p /run/sshd \
&& chmod 755 /run/sshd

# Check if the user exists before trying to create it
RUN if ! id -u $SSH_USERNAME > /dev/null 2>&1; then useradd -ms /bin/bash $SSH_USERNAME; fi

# Set up SSH configuration
RUN mkdir -p /home/$SSH_USERNAME/.ssh && chown $SSH_USERNAME:$SSH_USERNAME /home/$SSH_USERNAME/.ssh \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
&& mkdir -p /run/sshd \
&& chmod 755 /run/sshd \
&& if ! id -u "$SSH_USERNAME" > /dev/null 2>&1; then useradd -ms /bin/bash "$SSH_USERNAME"; fi \
&& chown -R "$SSH_USERNAME":"$SSH_USERNAME" /home/"$SSH_USERNAME" \
&& chmod 755 /home/"$SSH_USERNAME" \
&& mkdir -p /home/"$SSH_USERNAME"/.ssh \
&& chown "$SSH_USERNAME":"$SSH_USERNAME" /home/"$SSH_USERNAME"/.ssh \
&& echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config \
&& echo "PermitRootLogin no" >> /etc/ssh/sshd_config

Expand Down
27 changes: 17 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,17 +1,11 @@
# SSH-Enabled Ubuntu Docker Image

[![Docker Image CI](https://github.com/aoudiamoncef/ubuntu-sshd/actions/workflows/ci.yml/badge.svg)](https://github.com/aoudiamoncef/ubuntu-sshd/actions/workflows/ci.yml)
[![Docker Image Deployment](https://github.com/aoudiamoncef/ubuntu-sshd/actions/workflows/cd.yml/badge.svg)](https://github.com/aoudiamoncef/ubuntu-sshd/actions/workflows/cd.yml)
[![Docker Pulls](https://img.shields.io/docker/pulls/aoudiamoncef/ubuntu-sshd.svg)](https://hub.docker.com/r/aoudiamoncef/ubuntu-sshd)
[![Maintenance](https://img.shields.io/badge/Maintained-Yes-green.svg)](https://github.com/aoudiamoncef/ubuntu-sshd)

This Docker image provides an Ubuntu 24.04 base with SSH server enabled. It allows you to easily create SSH-accessible containers via SSH keys or with a default username and password.

## Usage

### Cloning the Repository

To get started, clone the GitHub [repository](https://github.com/aoudiamoncef/ubuntu-sshd) containing the Dockerfile and scripts:
To get started, clone the GitHub [repository](https://github.com/aoudiamoncef/ubuntu-sshd) containing the Dockerfile and
scripts:

```bash
git clone https://github.com/aoudiamoncef/ubuntu-sshd
Expand All @@ -31,14 +25,26 @@ docker build -t my-ubuntu-sshd:latest .
To run a container based on the image, use the following command:

```bash
docker run -d -p host-port:22 -e SSH_USERNAME=myuser -e PASSWORD=mysecretpassword -e AUTHORIZED_KEYS="$(cat path/to/authorized_keys_file)" my-ubuntu-sshd:latest
docker run -d \
-p host-port:22 \
-e SSH_USERNAME=myuser \
-e SSH_PASSWORD=mysecretpassword \
-e AUTHORIZED_KEYS="$(cat path/to/authorized_keys_file)" \
-e SSHD_CONFIG_ADDITIONAL="your_additional_config" \
-e SSHD_CONFIG_FILE="/path/to/your/sshd_config_file" \
my-ubuntu-sshd:latest
```

- `-d` runs the container in detached mode.
- `-p host-port:22` maps a host port to port 22 in the container. Replace `host-port` with your desired port.
- `-e SSH_USERNAME=myuser` sets the SSH username in the container. Replace `myuser` with your desired username.
- `-e PASSWORD=mysecretpassword` sets the SSH user's password in the container. Replace `mysecretpassword` with your desired password.
- `-e SSH_PASSWORD=mysecretpassword` sets the SSH user's password in the container. **This environment variable is
required**. Replace `mysecretpassword` with your desired password.
- `-e AUTHORIZED_KEYS="$(cat path/to/authorized_keys_file)"` sets authorized SSH keys in the container. Replace `path/to/authorized_keys_file` with the path to your authorized_keys file.
- `-e SSHD_CONFIG_ADDITIONAL="your_additional_config"` allows you to pass additional SSHD configuration. Replace
`your_additional_config` with your desired configuration.
- `-e SSHD_CONFIG_FILE="/path/to/your/sshd_config_file"` allows you to specify a file containing additional SSHD
configuration. Replace `/path/to/your/sshd_config_file` with the path to your configuration file.
- `my-ubuntu-sshd:latest` should be replaced with your Docker image's name and tag.

### SSH Access
Expand All @@ -55,6 +61,7 @@ ssh -p host-port myuser@localhost
### Note

- If the `AUTHORIZED_KEYS` environment variable is empty when starting the container, it will still launch the SSH server, but no authorized keys will be configured. You have to mount your own authorized keys file or manually configure the keys in the container.
- If `AUTHORIZED_KEYS` is provided, password authentication will be disabled for enhanced security.

## License

Expand Down
22 changes: 19 additions & 3 deletions configure-ssh-user.sh
Original file line number Diff line number Diff line change
@@ -1,15 +1,16 @@
#!/bin/bash

# Set default values for SSH_USERNAME and PASSWORD if not provided
# Set default values for SSH_USERNAME and SSH_PASSWORD if not provided
: ${SSH_USERNAME:=ubuntu}
: ${PASSWORD:=changeme}
: ${SSH_PASSWORD:?"Error: SSH_PASSWORD environment variable is not set."}
: ${SSHD_CONFIG_ADDITIONAL:=""}

# Create the user with the provided username and set the password
if id "$SSH_USERNAME" &>/dev/null; then
echo "User $SSH_USERNAME already exists"
else
useradd -ms /bin/bash "$SSH_USERNAME"
echo "$SSH_USERNAME:$PASSWORD" | chpasswd
echo "$SSH_USERNAME:$SSH_PASSWORD" | chpasswd
echo "User $SSH_USERNAME created with the provided password"
fi

Expand All @@ -21,7 +22,22 @@ if [ -n "$AUTHORIZED_KEYS" ]; then
chmod 700 /home/$SSH_USERNAME/.ssh
chmod 600 /home/$SSH_USERNAME/.ssh/authorized_keys
echo "Authorized keys set for user $SSH_USERNAME"
# Disable password authentication if authorized keys are provided
sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
fi

# Apply additional SSHD configuration if provided
if [ -n "$SSHD_CONFIG_ADDITIONAL" ]; then
echo "$SSHD_CONFIG_ADDITIONAL" >> /etc/ssh/sshd_config
echo "Additional SSHD configuration applied"
fi

# Apply additional SSHD configuration from a file if provided
if [ -n "$SSHD_CONFIG_FILE" ] && [ -f "$SSHD_CONFIG_FILE" ]; then
cat "$SSHD_CONFIG_FILE" >> /etc/ssh/sshd_config
echo "Additional SSHD configuration from file applied"
fi

# Start the SSH server
echo "Starting SSH server..."
exec /usr/sbin/sshd -D

0 comments on commit cb049ab

Please sign in to comment.