lyq-docker
/
docker-images


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108
							#!/bin/bash

# Check if username is set
if [ -z "$SSH_USERNAME" ]; then
  echo "INFO: Username not set. Using default"
  SSH_USERNAME="sftpuser"
fi

# Check if uid/guid is set
if [ -z "$SSH_USERID" ]; then
  echo "INFO: UID/GUID not set. Using default"
  SSH_USERID=1337
fi

# Check if data directory is set
if [ -z "$SSH_DATADIR_NAME" ]; then
  echo "INFO: Data dir not set. Using default"
  SSH_DATADIR_NAME="data"
fi

# Check if generate hostkeys is set
if [ -z "$SSH_GENERATE_HOSTKEYS" ]; then
  echo "INFO: Generate hostkeys not set. Using default"
  SSH_GENERATE_HOSTKEYS="true"
fi

# Create group
echo "INFO: Adding group ${SSH_USERNAME}"
addgroup -g $SSH_USERID $SSH_USERNAME

# Create user
echo "INFO: Adding user ${SSH_USERNAME}"
adduser -D -u $SSH_USERID -G $SSH_USERNAME $SSH_USERNAME

# Set password if provided
if [ -z "$SSH_PASSWORD" ]; then
  echo "INFO: Password not provided for user ${SSH_USERNAME}"
  passwd -u $SSH_USERNAME
else
  echo "INFO: Setting password for user ${SSH_USERNAME}"
  echo $SSH_USERNAME:$SSH_PASSWORD | chpasswd > /dev/null
  sed -i "s/PasswordAuthentication\s[^ ]*/PasswordAuthentication yes/g" /etc/ssh/sshd_config
fi

# Set Port to listen on
if [ ! -z "$SSH_PORT" ]; then
  echo "INFO: Setting Port to ${SSH_PORT}"
  sed -i "s/Port\s[^ ]*/Port ${SSH_PORT}/g" /etc/ssh/sshd_config
fi

# Change ownership and permissions of users home root dir
echo "INFO: Change ownership and permissions of home directory"
chown root:root /home/$SSH_USERNAME
chmod 755 /home/$SSH_USERNAME

# Create data dir and set read/write permission for user
echo "INFO: Create and set permissions on data dir"
mkdir -p /home/$SSH_USERNAME/$SSH_DATADIR_NAME
chown $SSH_USERNAME /home/$SSH_USERNAME/$SSH_DATADIR_NAME
chmod 777 /home/$SSH_USERNAME/$SSH_DATADIR_NAME

# Add SSH keys to authorized_keys with valid permissions
if [ -d /home/$SSH_USERNAME/.ssh/keys ]; then
  echo "INFO: Set ownership and permission of .ssh directory"
  chown -R root:root /home/$SSH_USERNAME/.ssh
  chmod 755 /home/$SSH_USERNAME/.ssh

  echo "INFO: Add SSH keys to authorized_keys with valid permissions"
  cat /home/$SSH_USERNAME/.ssh/keys/* >> /home/$SSH_USERNAME/.ssh/authorized_keys
  chown $SSH_USERNAME:root /home/$SSH_USERNAME/.ssh/authorized_keys
  chmod 644 /home/$SSH_USERNAME/.ssh/authorized_keys
fi

# Generate host keys by default
if [ "${SSH_GENERATE_HOSTKEYS,,}" == "true" ]; then
  echo "INFO: Generating host keys"

  mkdir -p /etc/ssh/host_keys/

  ssh-keygen -f /etc/ssh/host_keys/ssh_host_rsa_key -q -N '' -t rsa
  ln -s /etc/ssh/host_keys/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key

  ssh-keygen -f /etc/ssh/host_keys/ssh_host_dsa_key -q -N '' -t dsa
  ln -s /etc/ssh/host_keys/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key

  ssh-keygen -f /etc/ssh/host_keys/ssh_host_ecdsa_key -q -N '' -t ecdsa
  ln -s /etc/ssh/host_keys/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key

  ssh-keygen -f /etc/ssh/host_keys/ssh_host_ed25519_key -q -N '' -t ed25519
  ln -s /etc/ssh/host_keys/ssh_host_ed25519_key /etc/ssh/ssh_host_ed25519_key
fi

echo "INFO: Setting permissions on host keys"
chmod 600 /etc/ssh/host_keys/*

# Check for loglevel and replace line in sshd_config
if [ -n "$LOGLEVEL" ]; then
  echo "INFO: Setting LogLevel to ${LOGLEVEL}"
  sed -i "s/LogLevel\s[^ ]*/LogLevel ${LOGLEVEL}/g" /etc/ssh/sshd_config
fi

# Run sshd in debug mode
if [ -z "$DEBUG" ]; then
        exec /usr/sbin/sshd -D -e
else
        echo "WARN: Debug mode enabled!"
        exec /usr/sbin/sshd -D -e -d
fi