ssh config location

rootfs/app/entrypoint.sh

@@ -6,6 +6,7 @@ PATH_STATS=${PATH_BASE}/stats
 PATH_STATSDB=${PATH_BASE}/stats.db
 PATH_LOGS=${PATH_BASE}/logs
 PATH_AUTH=${PATH_BASE}/auth
+PATH_SSH_HOST=${PATH_BASE}/ssh.host
 
 WEBDAV_PORT=${WEBDAV_PORT:-8080}
 STATS_PORT=${STATS_PORT:-8081}
@@ -25,11 +26,13 @@ FPM_MAX_SPARE_SERVERS=${FPM_MAX_SPARE_SERVERS:-3}
 
 export USERNAME
 export GROUPNAME
+export PATH_BASE
 export PATH_WEBROOT
 export PATH_STATS
 export PATH_STATSDB
 export PATH_LOGS
 export PATH_AUTH
+export PATH_SSH_HOST
 export WEBDAV_PORT
 export STATS_PORT
 export POSTSIZE

rootfs/app/entrypoint.sh.d/90_ssh.sh

@@ -3,19 +3,48 @@
 echo "# Configuring ssh"
 
 for keytype in ecdsa rsa ed25519 ; do
-  if [ ! -r "/ssh/ssh_host_${keytype}_key" ] ; then
+  if [ ! -r "${PATH_SSH_HOST}/ssh_host_${keytype}_key" ] ; then
-    /usr/bin/ssh-keygen -t "${keytype}" -f "/ssh/ssh_host_${keytype}_key" -N ""
+    /usr/bin/ssh-keygen -t "${keytype}" -f "${PATH_SSH_HOST}/ssh_host_${keytype}_key" -N ""
   fi
-  chmod 0600 "/ssh/ssh_host_${keytype}_key"
+  chmod 0600 "${PATH_SSH_HOST}/ssh_host_${keytype}_key"
-  chmod 0644 "/ssh/ssh_host_${keytype}_key.pub"
+  chmod 0644 "${PATH_SSH_HOST}/ssh_host_${keytype}_key.pub"
 done
 
 # set authorized_keys permissions
-if [ -f /ssh/authorized_keys ] ; then
+if [ -f "${PATH_SSH_HOST}/authorized_keys" ] ; then
-  chmod 0600 /ssh/authorized_keys
+  chmod 0600 "${PATH_SSH_HOST}/authorized_keys"
-  chown "${USERNAME}:${GROUPNAME}" /ssh/authorized_keys
+  chown "${USERNAME}:${GROUPNAME}" "${PATH_SSH_HOST}/authorized_keys"
 fi
 
 if [ -d "${PATH_WEBROOT}/.ssh" ] ; then
   chmod 0700 "${PATH_WEBROOT}/.ssh"
 fi
+
+
+
+cat >/etc/ssh/sshd_config.d/sshd.conf <<EOF
+HostKey ${PATH_SSH_HOST}/ssh_host_rsa_key
+HostKey ${PATH_SSH_HOST}/ssh_host_ecdsa_key
+HostKey ${PATH_SSH_HOST}/ssh_host_ed25519_key
+
+#SyslogFacility AUTH
+LogLevel INFO
+LoginGraceTime 1m
+PermitRootLogin no
+PubkeyAuthentication yes
+MaxAuthTries 3
+PrintMotd no
+
+AuthorizedKeysFile      ${PATH_SSH_HOST}/authorized_keys
+PasswordAuthentication no
+
+AllowAgentForwarding no
+AllowTcpForwarding no
+GatewayPorts no
+X11Forwarding no
+
+Subsystem       sftp    internal-sftp
+
+ChrootDirectory ${PATH_BASE}
+ForceCommand internal-sftp -d ${PATH_WEBROOT}
+EOF

rootfs/etc/ssh/sshd_config.d/sshd.conf

@@ -1,24 +0,0 @@
-HostKey /ssh/ssh_host_rsa_key
-HostKey /ssh/ssh_host_ecdsa_key
-HostKey /ssh/ssh_host_ed25519_key
-
-#SyslogFacility AUTH
-LogLevel INFO
-LoginGraceTime 1m
-PermitRootLogin no
-PubkeyAuthentication yes
-MaxAuthTries 3
-PrintMotd no
-
-AuthorizedKeysFile      /ssh/authorized_keys
-PasswordAuthentication no
-
-AllowAgentForwarding no
-AllowTcpForwarding no
-GatewayPorts no
-X11Forwarding no
-
-Subsystem       sftp    internal-sftp
-
-ChrootDirectory /data
-ForceCommand internal-sftp -d /data/www