* New base-image: debian:buster-slim

* Smaller Image Footprint (169MB -> 116MB)
* Remove support for the hmac-ripemd160 MAC (OpenSSH 7.9p1)

Dockerfile

@@ -2,7 +2,7 @@
 # Dockerfile to build borgbackup server images
 # Based on Debian
 ############################################################
-FROM debian:latest
+FROM debian:buster-slim
 
 # Volume for SSH-Keys
 VOLUME /sshkeys
@@ -12,11 +12,14 @@ VOLUME /backup
 
 ENV DEBIAN_FRONTEND noninteractive
 
-RUN apt-get update && apt-get -y --no-install-recommends install borgbackup openssh-server && apt-get clean
+RUN apt-get update && apt-get -y --no-install-recommends install \
-RUN useradd -s /bin/bash -m borg ; \
+		borgbackup openssh-server && apt-get clean && \
-	mkdir /home/borg/.ssh && chmod 700 /home/borg/.ssh && chown borg: /home/borg/.ssh ; \
+		useradd -s /bin/bash -m borg && \
-	mkdir /run/sshd
+		mkdir /home/borg/.ssh && \
-RUN rm -f /etc/ssh/ssh_host*key* ; \
+		chmod 700 /home/borg/.ssh && \
+		chown borg: /home/borg/.ssh && \
+		mkdir /run/sshd && \
+		rm -f /etc/ssh/ssh_host*key* && \
 		rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/*
 
 COPY ./data/run.sh /run.sh

data/sshd_config

@@ -17,7 +17,7 @@ LogLevel INFO
 #LogLevel DEBUG
 
 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
-MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
 
 
@@ -29,6 +29,5 @@ AllowTcpForwarding no
 X11Forwarding no
 PermitTTY no
 PrintMotd no
-UsePrivilegeSeparation sandbox
 PermitTunnel no
 Subsystem	sftp	/bin/false