jpralves · October 26, 2019 17:56 · jpralves · Oct 26, 2019
diff --git a/Dockerfile b/Dockerfile
 FROM centos:7 AS BUILD

 ARG COMPILEFOLDER=/tmp/build
 ARG INSTALLBASESSHD=/opt/.ssh
 ARG INSTALLBASESSSL=/opt/.ssl

 RUN yum -y -q install gcc make perl glibc-static wget

 RUN mkdir -p "$COMPILEFOLDER/root"


 # Build zlib:
 RUN wget -qO- https://netcologne.dl.sourceforge.net/project/libpng/zlib/1.2.11/zlib-1.2.11.tar.gz | tar zxf - -C ${COMPILEFOLDER} && \
    cd ${COMPILEFOLDER}/zlib-* && \
    ./configure --prefix="$COMPILEFOLDER/root" --static && \
    make -j8 && \
    make install

 # Build openssl:
 RUN wget -qO- https://ftp.openssl.org/source/openssl-1.1.1d.tar.gz | tar zxf - -C ${COMPILEFOLDER} && \
    cd ${COMPILEFOLDER}/openssl-* && \
    ./config --prefix="$INSTALLBASESSSL" no-shared -static zlib --with-zlib-include=$COMPILEFOLDER/root/include --with-zlib-lib=$COMPILEFOLDER/root/lib && \
    make -j8 && \
    make install_sw

 # Build openssh:
 RUN wget -qO- https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz | tar zxf - -C ${COMPILEFOLDER} && \
    cd ${COMPILEFOLDER}/openssh-* && \
    cp -p "$COMPILEFOLDER/root"/lib/*.a . && \
    [ -f sshd_config.orig ] || cp -p sshd_config sshd_config.orig  && \
    sed \
        -e 's/^#\(PubkeyAuthentication\) .*/\1 yes/' \
        -e '/^# *Kerberos/d' \
        -e '/^# *GSSAPI/d' \
        -e 's/^#\([A-Za-z]*Authentication\) .*/\1 no/' \
        sshd_config.orig \
    >sshd_config && \
    ./configure --prefix="$INSTALLBASESSHD" --with-privsep-user=nobody --with-privsep-path="$INSTALLBASESSHD/var/empty" --with-ssl-dir="$INSTALLBASESSSL" --with-zlib="$COMPILEFOLDER/root" LIBS="-lpthread" --with-ldflags=-static && \
    make -j8 && \
    make install

 ## Remove manual pages:
 RUN rm -rf "$INSTALLBASESSSL/share"

 # No need to clean-up...
 #    rm -rf "$COMPILEFOLDER" && \
 #    yum -y -q remove gcc make perl glibc-static wget && \
 #    yum clean all && rm -rf /var/cache/yum

 ############### MAIN CONTAINER #######

 FROM centos:7

 COPY --from=BUILD /opt /opt

 ## Replace with your own key:
 ENV PUBKEY="ssh-rsa mypubkey [email protected]"

 RUN mkdir -p /root/.ssh/ && \
    echo "$PUBKEY" >>/root/.ssh/authorized_keys && \
    chmod -R 700 /root/.ssh

 CMD /opt/.ssh/sbin/sshd -D -d -e
	FROM centos:7 AS BUILD

	ARG COMPILEFOLDER=/tmp/build
	ARG INSTALLBASESSHD=/opt/.ssh
	ARG INSTALLBASESSSL=/opt/.ssl

	RUN yum -y -q install gcc make perl glibc-static wget

	RUN mkdir -p "$COMPILEFOLDER/root"


	# Build zlib:
	RUN wget -qO- https://netcologne.dl.sourceforge.net/project/libpng/zlib/1.2.11/zlib-1.2.11.tar.gz \| tar zxf - -C ${COMPILEFOLDER} && \
	cd ${COMPILEFOLDER}/zlib-* && \
	./configure --prefix="$COMPILEFOLDER/root" --static && \
	make -j8 && \
	make install

	# Build openssl:
	RUN wget -qO- https://ftp.openssl.org/source/openssl-1.1.1d.tar.gz \| tar zxf - -C ${COMPILEFOLDER} && \
	cd ${COMPILEFOLDER}/openssl-* && \
	./config --prefix="$INSTALLBASESSSL" no-shared -static zlib --with-zlib-include=$COMPILEFOLDER/root/include --with-zlib-lib=$COMPILEFOLDER/root/lib && \
	make -j8 && \
	make install_sw

	# Build openssh:
	RUN wget -qO- https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz \| tar zxf - -C ${COMPILEFOLDER} && \
	cd ${COMPILEFOLDER}/openssh-* && \
	cp -p "$COMPILEFOLDER/root"/lib/*.a . && \
	[ -f sshd_config.orig ] \|\| cp -p sshd_config sshd_config.orig && \
	sed \
	-e 's/^#\(PubkeyAuthentication\) .*/\1 yes/' \
	-e '/^# *Kerberos/d' \
	-e '/^# *GSSAPI/d' \
	-e 's/^#\([A-Za-z]Authentication\) ./\1 no/' \
	sshd_config.orig \
	>sshd_config && \
	./configure --prefix="$INSTALLBASESSHD" --with-privsep-user=nobody --with-privsep-path="$INSTALLBASESSHD/var/empty" --with-ssl-dir="$INSTALLBASESSSL" --with-zlib="$COMPILEFOLDER/root" LIBS="-lpthread" --with-ldflags=-static && \
	make -j8 && \
	make install

	## Remove manual pages:
	RUN rm -rf "$INSTALLBASESSSL/share"

	# No need to clean-up...
	# rm -rf "$COMPILEFOLDER" && \
	# yum -y -q remove gcc make perl glibc-static wget && \
	# yum clean all && rm -rf /var/cache/yum

	############### MAIN CONTAINER #######

	FROM centos:7

	COPY --from=BUILD /opt /opt

	## Replace with your own key:
	ENV PUBKEY="ssh-rsa mypubkey [email protected]"

	RUN mkdir -p /root/.ssh/ && \
	echo "$PUBKEY" >>/root/.ssh/authorized_keys && \
	chmod -R 700 /root/.ssh

	CMD /opt/.ssh/sbin/sshd -D -d -e