2019-08-09 23:38:50 +00:00
|
|
|
ARG REPO=library
|
2019-11-12 17:59:21 +00:00
|
|
|
FROM multiarch/qemu-user-static:4.1.0-1 as qemu-user-static
|
|
|
|
|
FROM ${REPO}/alpine:3.9
|
2019-08-09 23:38:50 +00:00
|
|
|
|
2019-11-12 17:59:21 +00:00
|
|
|
COPY --from=qemu-user-static /usr/bin/qemu-* /usr/bin/
|
2019-08-08 21:35:17 +00:00
|
|
|
|
|
|
|
|
# Install SSH and set up basic config
|
2020-01-11 00:11:40 +00:00
|
|
|
RUN apk add --no-cache openssh-server~=7.9 augeas~=1.11
|
2019-08-08 21:35:17 +00:00
|
|
|
|
|
|
|
|
# Create sshd configs
|
|
|
|
|
RUN mkdir /var/run/sshd
|
|
|
|
|
# Allow providing authorized_keys to ~/mole/.ssh/authorized_keys or to /etc/authorized_keys/<user>
|
|
|
|
|
RUN augtool 'set /files/etc/ssh/sshd_config/AuthorizedKeysFile ".ssh/authorized_keys /etc/authorized_keys/%u"'
|
|
|
|
|
# Prevent running commands or getting an X11 session
|
|
|
|
|
RUN augtool 'set /files/etc/ssh/sshd_config/ForceCommand echo no-commands-allowed'
|
|
|
|
|
RUN augtool 'set /files/etc/ssh/sshd_config/X11Forwarding no'
|
|
|
|
|
# Prevent logging in as root user or with a password
|
|
|
|
|
RUN augtool 'set /files/etc/ssh/sshd_config/PermitRootLogin no'
|
|
|
|
|
RUN augtool 'set /files/etc/ssh/sshd_config/PasswordAuthentication no'
|
|
|
|
|
# Use a non-reserved port so we can run as a non-root user
|
|
|
|
|
RUN augtool 'set /files/etc/ssh/sshd_config/Port 2222'
|
|
|
|
|
# Ensure we can forward TCP
|
|
|
|
|
RUN augtool 'set /files/etc/ssh/sshd_config/AllowTcpForwarding yes'
|
|
|
|
|
|
|
|
|
|
EXPOSE 2222
|
|
|
|
|
|
|
|
|
|
# Create mole user
|
|
|
|
|
RUN adduser --system --home /mole mole
|
|
|
|
|
USER mole
|
|
|
|
|
RUN mkdir -p /mole/.ssh
|
|
|
|
|
|
|
|
|
|
CMD ["/usr/sbin/sshd", "-D"]
|
