ssh config location

2025-07-31 09:57:49 +02:00
parent 2b0b477c7d
commit 85f45d8145
3 changed files with 39 additions and 31 deletions
--- a/rootfs/app/entrypoint.sh.d/90_ssh.sh
+++ b/rootfs/app/entrypoint.sh.d/90_ssh.sh
@@ -3,19 +3,48 @@
 echo "# Configuring ssh"

 for keytype in ecdsa rsa ed25519 ; do
-  if [ ! -r "/ssh/ssh_host_${keytype}_key" ] ; then
-    /usr/bin/ssh-keygen -t "${keytype}" -f "/ssh/ssh_host_${keytype}_key" -N ""
+  if [ ! -r "${PATH_SSH_HOST}/ssh_host_${keytype}_key" ] ; then
+    /usr/bin/ssh-keygen -t "${keytype}" -f "${PATH_SSH_HOST}/ssh_host_${keytype}_key" -N ""
  fi
-  chmod 0600 "/ssh/ssh_host_${keytype}_key"
-  chmod 0644 "/ssh/ssh_host_${keytype}_key.pub"
+  chmod 0600 "${PATH_SSH_HOST}/ssh_host_${keytype}_key"
+  chmod 0644 "${PATH_SSH_HOST}/ssh_host_${keytype}_key.pub"
 done

 # set authorized_keys permissions
-if [ -f /ssh/authorized_keys ] ; then
-  chmod 0600 /ssh/authorized_keys
-  chown "${USERNAME}:${GROUPNAME}" /ssh/authorized_keys
+if [ -f "${PATH_SSH_HOST}/authorized_keys" ] ; then
+  chmod 0600 "${PATH_SSH_HOST}/authorized_keys"
+  chown "${USERNAME}:${GROUPNAME}" "${PATH_SSH_HOST}/authorized_keys"
 fi

 if [ -d "${PATH_WEBROOT}/.ssh" ] ; then
  chmod 0700 "${PATH_WEBROOT}/.ssh"
 fi
+
+
+
+cat >/etc/ssh/sshd_config.d/sshd.conf <<EOF
+HostKey ${PATH_SSH_HOST}/ssh_host_rsa_key
+HostKey ${PATH_SSH_HOST}/ssh_host_ecdsa_key
+HostKey ${PATH_SSH_HOST}/ssh_host_ed25519_key
+
+#SyslogFacility AUTH
+LogLevel INFO
+LoginGraceTime 1m
+PermitRootLogin no
+PubkeyAuthentication yes
+MaxAuthTries 3
+PrintMotd no
+
+AuthorizedKeysFile      ${PATH_SSH_HOST}/authorized_keys
+PasswordAuthentication no
+
+AllowAgentForwarding no
+AllowTcpForwarding no
+GatewayPorts no
+X11Forwarding no
+
+Subsystem       sftp    internal-sftp
+
+ChrootDirectory ${PATH_BASE}
+ForceCommand internal-sftp -d ${PATH_WEBROOT}
+EOF