Security fix: Delete SSH-Hostkeys in image & regenerate on first run

This commit is contained in:
nold 2017-10-20 16:29:29 +02:00
parent f69925d136
commit 51566a95da
2 changed files with 10 additions and 1 deletions

View file

@ -14,6 +14,7 @@ RUN apt-get update && apt-get -y install borgbackup openssh-server
RUN useradd -s /bin/bash -m borg RUN useradd -s /bin/bash -m borg
RUN mkdir /home/borg/.ssh && chmod 700 /home/borg/.ssh && chown borg: /home/borg/.ssh RUN mkdir /home/borg/.ssh && chmod 700 /home/borg/.ssh && chown borg: /home/borg/.ssh
RUN mkdir /run/sshd RUN mkdir /run/sshd
RUN rm -f /etc/ssh/ssh_host*key*
COPY ./data/run.sh /run.sh COPY ./data/run.sh /run.sh
COPY ./data/sshd_config /etc/ssh/sshd_config COPY ./data/sshd_config /etc/ssh/sshd_config

View file

@ -21,9 +21,17 @@ for dir in BORG_DATA_DIR SSH_KEY_DIR ; do
fi fi
done done
# Copy SSH-Host-Keys to persistent storage # (Create &) Copy SSH-Host-Keys to persistent storage
mkdir -p ${SSH_KEY_DIR}/host 2>/dev/null mkdir -p ${SSH_KEY_DIR}/host 2>/dev/null
echo " * Checking / Preparing SSH Host-Keys..." echo " * Checking / Preparing SSH Host-Keys..."
if [ ! -f /etc/ssh/ssh_host_rsa_key ] ; then
echo " ** Creating SSH Hostkeys..."
for keytype in ed25519 rsa ; do
ssh-keygen -q -f "/etc/ssh/ssh_host_${keytype}_key" -N '' -t $keytype
done
fi
for keyfile in ssh_host_rsa_key ssh_host_ed25519_key ; do for keyfile in ssh_host_rsa_key ssh_host_ed25519_key ; do
if [ ! -f "${SSH_KEY_DIR}/host/${keyfile}" ] ; then if [ ! -f "${SSH_KEY_DIR}/host/${keyfile}" ] ; then
cp /etc/ssh/${keyfile} "${SSH_KEY_DIR}/host/${keyfile}" cp /etc/ssh/${keyfile} "${SSH_KEY_DIR}/host/${keyfile}"