diff options
Diffstat (limited to 'docker')
-rw-r--r-- | docker/Dockerfile | 4 | ||||
-rwxr-xr-x | docker/create-user.sh | 17 | ||||
-rw-r--r-- | docker/sshd_config | 115 |
3 files changed, 136 insertions, 0 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 0000000..af3e88b --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,4 @@ +FROM danielguerra/alpine-sshd:latest +COPY ./create-user.sh /opt/create-user.sh +COPY ./sshd_config /etc/ssh/sshd_config +RUN ["/opt/create-user.sh"]
\ No newline at end of file diff --git a/docker/create-user.sh b/docker/create-user.sh new file mode 100755 index 0000000..fc4ca8d --- /dev/null +++ b/docker/create-user.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +mkdir -p /home/cdstest/dev /home/cdstest/bin /home/cdstest/lib /home/cdstest/etc +cd /home/cdstest/dev +mknod -m 666 null c 1 3 +mknod -m 666 tty c 5 0 +mknod -m 666 zero c 1 5 +mknod -m 666 random c 1 8 +cp /bin/ash /bin/ls /bin/date /home/cdstest/bin/. +cp /lib/ld-musl-x86_64.so.1 /home/cdstest/lib/. +adduser cdstest <<EOF +testcds +testcds +EOF +chown root:root /home/cdstest +chmod 0755 /home/cdstest +cp /etc/passwd /etc/group /home/cdstest/etc/.
\ No newline at end of file diff --git a/docker/sshd_config b/docker/sshd_config new file mode 100644 index 0000000..1e51369 --- /dev/null +++ b/docker/sshd_config @@ -0,0 +1,115 @@ +# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/usr/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin prohibit-password +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM no + +#AllowAgentForwarding yes +# Feel free to re-enable these if your use case requires them. +AllowTcpForwarding no +GatewayPorts no +X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + +# Example of overriding settings on a per-user basis +Match User cdstest + ChrootDirectory /home/cdstest + |