diff --git a/Dockerfile b/Dockerfile index 68eec84..e0c7aee 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,6 +11,8 @@ ARG GID=4096 ENV HOST_KEYS_PATH_PREFIX="/usr" ENV HOST_KEYS_PATH="${HOST_KEYS_PATH_PREFIX}/etc/ssh" +ENV BASTION_USER=${USER} +ENV BASTION_GROUP=${GROUP} COPY bastion /usr/sbin/bastion COPY setup-keys.sh /usr/sbin/setup-keys.sh diff --git a/bastion b/bastion index 16ee189..fb09403 100644 --- a/bastion +++ b/bastion @@ -1,13 +1,13 @@ #!/usr/bin/env sh -HOST_KEYS_PATH_PREFIX="${HOST_KEYS_PATH_PREFIX:='/'}" -HOST_KEYS_PATH="${HOST_KEYS_PATH:='/etc/ssh'}" - -SETUP_KEYS_PATH="${SETUP_KEYS_PATH:='/etc/bastion/ssh-keys'}" +SETUP_KEYS_PATH="${SETUP_KEYS_PATH:=/etc/bastion/ssh-keys}" if [ -f "$SETUP_KEYS_PATH" ] || [ -L "$SETUP_KEYS_PATH" ]; then ./setup-keys.sh fi +HOST_KEYS_PATH_PREFIX="${HOST_KEYS_PATH_PREFIX:=/}" +HOST_KEYS_PATH="${HOST_KEYS_PATH:=/etc/ssh}" + if [ "$PUBKEY_AUTHENTICATION" == "false" ]; then CONFIG_PUBKEY_AUTHENTICATION="-o PubkeyAuthentication=no" else diff --git a/setup-keys.sh b/setup-keys.sh index f0df7f7..aef75df 100644 --- a/setup-keys.sh +++ b/setup-keys.sh @@ -1,16 +1,20 @@ #!/bin/sh -while IFS= read -r line -do - IFS=';' read -r username publickey < "/home/${username}/.ssh/authorized_keys" + mkdir -p "/home/${username}/.ssh" + echo "${publickey}" > "/home/${username}/.ssh/authorized_keys" - chown -R "${username}":"${GROUP}" "/home/${username}/.ssh" - chmod 700 "/home/${username}/.ssh" - chmod 600 "/home/${username}/.ssh/authorized_keys" -done <"${SETUP_KEYS_PATH}" + chown -R "${username}":"${BASTION_GROUP}" "/home/${username}/.ssh" + chmod 700 "/home/${username}/.ssh" + chmod 600 "/home/${username}/.ssh/authorized_keys" + ) done <"${SETUP_KEYS_PATH}" +)