mqsoh · June 28, 2019 20:12
diff --git a/Dockerfile b/Dockerfile
 FROM debian:stretch

 # Remove the host keys because it's not safe to package those. The entrypoint
 # will establish a convention for providing them in the environment and
 # generating new ones automatically.
 RUN apt update && \
    apt install --assume-yes ssh && \
    rm /etc/ssh/ssh_host_* && \
    rm -rf /var/lib/apt/lists/*

 ADD ./entrypoint /bin/entrypoint

 ENTRYPOINT [ "entrypoint" ]
diff --git a/entrypoint b/entrypoint
 #!/bin/bash

 # If this is a server, then we need the HOST_KEYS and AUTHORIZED_KEYS
 # environment variables set. If it's a client, we need the ID_RSA variable set.
 #
 # I'm checking if the environment variable is set with this +x thing:
 # https://stackoverflow.com/a/13864829/8710

 if [[ -z ${HOST_KEYS+x} && -z ${AUTHORIZED_KEYS+x} && -z ${ID_RSA+x} ]]; then
    echo
    echo "This is a Docker image with both client and server modes."
    echo
    echo "If you want a server set, in your environment: HOST_KEYS and AUTHORIZED_KEYS"
    echo
    echo "If you want a client, set: ID_RSA"
    echo
    echo "Here's some pregenerated values for you."
    echo
    echo "ID_RSA=$(ssh-keygen -P '' -f /tmp/id_rsa 1>/dev/null 2>&1; cat /tmp/id_rsa | gzip | base64 -w 0)"
    echo
    echo "HOST_KEYS=$(dpkg-reconfigure openssh-server >/dev/null 2>&1; tar --create /etc/ssh/ssh_host_* 2>/dev/null | gzip | base64 -w 0)"
    echo
    echo "AUTHORIZED_KEYS=$(cat /tmp/id_rsa.pub | gzip | base64 -w 0)"
    echo
    exit 1
 fi

 if [[ ! -z ${HOST_KEYS+x} ]]; then
    echo "Extracting HOST_KEYS."
    echo $HOST_KEYS | base64 -d | gunzip | tar --directory / --extract
 fi

 if [[ ! -z ${AUTHORIZED_KEYS+x} ]]; then
    echo "Extracting AUTHORIZED_KEYS."
    mkdir -p /root/.ssh
    echo $AUTHORIZED_KEYS | base64 -d | gunzip > /root/.ssh/authorized_keys
 fi

 if [[ ! -z ${ID_RSA+x} ]]; then
    echo "Extracting ID_RSA."
    mkdir -p /root/.ssh
    echo $ID_RSA | base64 -d | gunzip > /root/.ssh/id_rsa
    chmod 400 /root/.ssh/id_rsa
 fi

 if [[ $# -eq 0 ]]; then
    echo "Starting SSH server."
    service ssh start
    tail -f /dev/null
 else
    # Run whatever is asked for!
    echo "Running a user command."
    "$@"
 fi
	FROM debian:stretch

	# Remove the host keys because it's not safe to package those. The entrypoint
	# will establish a convention for providing them in the environment and
	# generating new ones automatically.
	RUN apt update && \
	apt install --assume-yes ssh && \
	rm /etc/ssh/ssh_host_* && \
	rm -rf /var/lib/apt/lists/*

	ADD ./entrypoint /bin/entrypoint

	ENTRYPOINT [ "entrypoint" ]
	#!/bin/bash

	# If this is a server, then we need the HOST_KEYS and AUTHORIZED_KEYS
	# environment variables set. If it's a client, we need the ID_RSA variable set.
	#
	# I'm checking if the environment variable is set with this +x thing:
	# https://stackoverflow.com/a/13864829/8710

	if [[ -z ${HOST_KEYS+x} && -z ${AUTHORIZED_KEYS+x} && -z ${ID_RSA+x} ]]; then
	echo
	echo "This is a Docker image with both client and server modes."
	echo
	echo "If you want a server set, in your environment: HOST_KEYS and AUTHORIZED_KEYS"
	echo
	echo "If you want a client, set: ID_RSA"
	echo
	echo "Here's some pregenerated values for you."
	echo
	echo "ID_RSA=$(ssh-keygen -P '' -f /tmp/id_rsa 1>/dev/null 2>&1; cat /tmp/id_rsa \| gzip \| base64 -w 0)"
	echo
	echo "HOST_KEYS=$(dpkg-reconfigure openssh-server >/dev/null 2>&1; tar --create /etc/ssh/ssh_host_* 2>/dev/null \| gzip \| base64 -w 0)"
	echo
	echo "AUTHORIZED_KEYS=$(cat /tmp/id_rsa.pub \| gzip \| base64 -w 0)"
	echo
	exit 1
	fi

	if [[ ! -z ${HOST_KEYS+x} ]]; then
	echo "Extracting HOST_KEYS."
	echo $HOST_KEYS \| base64 -d \| gunzip \| tar --directory / --extract
	fi

	if [[ ! -z ${AUTHORIZED_KEYS+x} ]]; then
	echo "Extracting AUTHORIZED_KEYS."
	mkdir -p /root/.ssh
	echo $AUTHORIZED_KEYS \| base64 -d \| gunzip > /root/.ssh/authorized_keys
	fi

	if [[ ! -z ${ID_RSA+x} ]]; then
	echo "Extracting ID_RSA."
	mkdir -p /root/.ssh
	echo $ID_RSA \| base64 -d \| gunzip > /root/.ssh/id_rsa
	chmod 400 /root/.ssh/id_rsa
	fi

	if [[ $# -eq 0 ]]; then
	echo "Starting SSH server."
	service ssh start
	tail -f /dev/null
	else
	# Run whatever is asked for!
	echo "Running a user command."
	"$@"
	fi