From 51566a95da517c0d9d50e5d2d5dfb3dc0a60bd95 Mon Sep 17 00:00:00 2001 From: nold Date: Fri, 20 Oct 2017 16:29:29 +0200 Subject: [PATCH] Security fix: Delete SSH-Hostkeys in image & regenerate on first run --- Dockerfile | 1 + data/run.sh | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e45666b..df6546c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,6 +14,7 @@ RUN apt-get update && apt-get -y install borgbackup openssh-server RUN useradd -s /bin/bash -m borg RUN mkdir /home/borg/.ssh && chmod 700 /home/borg/.ssh && chown borg: /home/borg/.ssh RUN mkdir /run/sshd +RUN rm -f /etc/ssh/ssh_host*key* COPY ./data/run.sh /run.sh COPY ./data/sshd_config /etc/ssh/sshd_config diff --git a/data/run.sh b/data/run.sh index 3763c20..1d49754 100644 --- a/data/run.sh +++ b/data/run.sh @@ -21,9 +21,17 @@ for dir in BORG_DATA_DIR SSH_KEY_DIR ; do fi done -# Copy SSH-Host-Keys to persistent storage +# (Create &) Copy SSH-Host-Keys to persistent storage mkdir -p ${SSH_KEY_DIR}/host 2>/dev/null echo " * Checking / Preparing SSH Host-Keys..." + +if [ ! -f /etc/ssh/ssh_host_rsa_key ] ; then + echo " ** Creating SSH Hostkeys..." + for keytype in ed25519 rsa ; do + ssh-keygen -q -f "/etc/ssh/ssh_host_${keytype}_key" -N '' -t $keytype + done +fi + for keyfile in ssh_host_rsa_key ssh_host_ed25519_key ; do if [ ! -f "${SSH_KEY_DIR}/host/${keyfile}" ] ; then cp /etc/ssh/${keyfile} "${SSH_KEY_DIR}/host/${keyfile}"