diff --git a/ssh/Dockerfile b/ssh/Dockerfile new file mode 100644 index 00000000000..19b46c99fd4 --- /dev/null +++ b/ssh/Dockerfile @@ -0,0 +1,15 @@ +FROM %%BASE_IMAGE%% + +# Add version +ENV VERSION %%VERSION%% +ENV LANG C.UTF-8 + +# Setup base +RUN apk add --no-cache jq openssh vim + +# Copy data +COPY run.sh / + +RUN chmod a+x /run.sh + +CMD [ "/run.sh" ] diff --git a/ssh/README.md b/ssh/README.md new file mode 100644 index 00000000000..ecf7fba41e5 --- /dev/null +++ b/ssh/README.md @@ -0,0 +1,9 @@ +# SSH server +Provide a openssh server. You can access to: +- /config: HomeAssistant config +- /addons: Custom addon folder +- /ssl: Store ssh key files for HassIO + +## Options + +- `authorized_keys`: A array that ever element is a authorized key diff --git a/ssh/config.json b/ssh/config.json new file mode 100644 index 00000000000..241134a1b59 --- /dev/null +++ b/ssh/config.json @@ -0,0 +1,18 @@ +{ + "name": "SSH server", + "version": "0.1", + "slug": "ssh", + "description": "OpenSSH is the premier connectivity tool for remote login with the SSH protocol.", + "startup": "before", + "boot": "auto", + "ports": { + "22/tcp": 22, + }, + "map": ["config", "ssl", "addons"], + "options": { + "authorized_keys": [null], + }, + "schema": { + "authorized_keys": ["str"], + } +} diff --git a/ssh/run.sh b/ssh/run.sh new file mode 100644 index 00000000000..80ae62b7f76 --- /dev/null +++ b/ssh/run.sh @@ -0,0 +1,29 @@ +#!/bin/bash +set -e + +CONFIG_PATH=/data/options.json +KEYS_PATH=/data/host_keys + +AUTHORIZED_KEYS=$(jq --raw-output ".authorized_keys[]" $CONFIG_PATH) + +# Init defaults config +sed -i s/#PermitRootLogin.*/PermitRootLogin\ yes/ /etc/ssh/sshd_config + +# Generate authorized_keys file +mkdir -p ~/.ssh +for line in $AUTHORIZED_KEYS; do + echo "$line" >> ~/.ssh/authorized_keys +done +chmod 600 ~/.ssh/authorized_keys + +# Generate host keys +if [ ! -d "$KEYS_PATH" ]; then + mkdir -p "$KEYS_PATH" + ssh-keygen -A + cp -fp /etc/ssh/ssh_host* "$KEYS_PATH/" +else + cp -fp "$KEYS_PATH/*" /etc/ssh/ +fi + +# start server +exec sshd -D -f /etc/sshd_config < /dev/null