dockamole/server/Dockerfile

33 lines
1.2 KiB
Docker
Raw Permalink Normal View History

2019-08-09 23:38:50 +00:00
ARG REPO=library
2019-11-12 17:59:21 +00:00
FROM multiarch/qemu-user-static:4.1.0-1 as qemu-user-static
FROM ${REPO}/alpine:3.9
2019-08-09 23:38:50 +00:00
2019-11-12 17:59:21 +00:00
COPY --from=qemu-user-static /usr/bin/qemu-* /usr/bin/
2019-08-08 21:35:17 +00:00
# Install SSH and set up basic config
2020-01-11 00:11:40 +00:00
RUN apk add --no-cache openssh-server~=7.9 augeas~=1.11
2019-08-08 21:35:17 +00:00
# Create sshd configs
RUN mkdir /var/run/sshd
# Allow providing authorized_keys to ~/mole/.ssh/authorized_keys or to /etc/authorized_keys/<user>
RUN augtool 'set /files/etc/ssh/sshd_config/AuthorizedKeysFile ".ssh/authorized_keys /etc/authorized_keys/%u"'
# Prevent running commands or getting an X11 session
RUN augtool 'set /files/etc/ssh/sshd_config/ForceCommand echo no-commands-allowed'
RUN augtool 'set /files/etc/ssh/sshd_config/X11Forwarding no'
# Prevent logging in as root user or with a password
RUN augtool 'set /files/etc/ssh/sshd_config/PermitRootLogin no'
RUN augtool 'set /files/etc/ssh/sshd_config/PasswordAuthentication no'
# Use a non-reserved port so we can run as a non-root user
RUN augtool 'set /files/etc/ssh/sshd_config/Port 2222'
# Ensure we can forward TCP
RUN augtool 'set /files/etc/ssh/sshd_config/AllowTcpForwarding yes'
EXPOSE 2222
# Create mole user
RUN adduser --system --home /mole mole
USER mole
RUN mkdir -p /mole/.ssh
CMD ["/usr/sbin/sshd", "-D"]