Security fix: Delete SSH-Hostkeys in image & regenerate on first run

2017-10-20 16:29:29 +02:00 · 2017-10-20 16:29:29 +02:00 · 51566a95da
parent f69925d136
commit 51566a95da
2 changed files with 10 additions and 1 deletions
--- a/1
+++ b/1
@ -14,6 +14,7 @@ RUN apt-get update && apt-get -y install borgbackup openssh-server
 RUN useradd -s /bin/bash -m borg
 RUN mkdir /home/borg/.ssh && chmod 700 /home/borg/.ssh && chown borg: /home/borg/.ssh
 RUN mkdir /run/sshd
 RUN rm -f /etc/ssh/ssh_host*key*
 COPY ./data/run.sh /run.sh
 COPY ./data/sshd_config /etc/ssh/sshd_config
--- a/data/run.sh
+++ b/data/run.sh
@ -21,9 +21,17 @@ for dir in BORG_DATA_DIR SSH_KEY_DIR ; do
 	fi
 done
-# Copy SSH-Host-Keys to persistent storage
+# (Create &) Copy SSH-Host-Keys to persistent storage
 mkdir -p ${SSH_KEY_DIR}/host 2>/dev/null
 echo " * Checking / Preparing SSH Host-Keys..."
 if [ ! -f /etc/ssh/ssh_host_rsa_key ] ; then
 	echo "  ** Creating SSH Hostkeys..."
 	for keytype in ed25519 rsa ; do
 		ssh-keygen -q -f "/etc/ssh/ssh_host_${keytype}_key" -N '' -t $keytype
 	done
 fi
 for keyfile in ssh_host_rsa_key ssh_host_ed25519_key ; do
 	if [ ! -f "${SSH_KEY_DIR}/host/${keyfile}" ] ; then
 		cp /etc/ssh/${keyfile} "${SSH_KEY_DIR}/host/${keyfile}"