r3pek
/
docker-sftp-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30 Commits
1 Branch
0 Tags
52 KiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
docker-sftp-server/Dockerfile

35 lines
1.3 KiB
Raw Permalink Normal View History Unescape

Initial commit
6 years ago
# Original code from https://github.com/gituser173/docker-scp-server
# This image is designed to collaborate with the Docker Hub image httpd:2.4
Update debian version
1 year ago
FROM debian:stable
Initial commit
6 years ago
Don't use DATADIR We need to make sure the path to homedir is all root-owned as per sshd_config man page (ChrootDirectory option). So just ditch all that and force the /home/data path but chown/chmod everything bellow it to the UID/GID requested.
1 year ago
ENV AUTHORIZED_KEYS_FILE=/authorized_keys USERID=33 GROUPID=33
Split install and configuration
1 year ago
RUN apt update \
&& apt install -y openssh-server
RUN rm -f /etc/ssh/ssh_host_* \
Second edition.
6 years ago
&& groupadd --non-unique --gid $GROUPID data \
Work around the chroot dir having to be root owned
1 year ago
&& useradd --non-unique --uid $USERID --gid $GROUPID --no-create-home --home-dir /home data \
Don't use DATADIR We need to make sure the path to homedir is all root-owned as per sshd_config man page (ChrootDirectory option). So just ditch all that and force the /home/data path but chown/chmod everything bellow it to the UID/GID requested.
1 year ago
&& mkdir -p /home/data \
Force ownership of /home/data
1 year ago
&& chown root:root /home/data \
Move HostKeys to they're own path
1 year ago
&& mkdir -p /etc/ssh/host_keys/ \
sshd_config tunning
1 year ago
&& echo "AuthorizedKeysFile $AUTHORIZED_KEYS_FILE" >> /etc/ssh/sshd_config \
Move HostKeys to they're own path
1 year ago
&& echo "HostKey /etc/ssh/host_keys/ssh_host_ecdsa_key" >> /etc/ssh/sshd_config \
&& echo "HostKey /etc/ssh/host_keys/ssh_host_ed25519_key" >> /etc/ssh/sshd_config \
sshd_config tunning
1 year ago
&& echo "X11Forwarding no" >> /etc/ssh/sshd_config \
&& echo "AllowTcpForwarding no" >> /etc/ssh/sshd_config \
&& echo "ChrootDirectory %h" >> /etc/ssh/sshd_config \
another typo
1 year ago
&& echo "ForceCommand internal-sftp" >> /etc/ssh/sshd_config \
Initial commit
6 years ago
&& touch $AUTHORIZED_KEYS_FILE \
Some more fixups for the previous commit
1 year ago
&& chown data:data $AUTHORIZED_KEYS_FILE \
Initial commit
6 years ago
&& chmod 0600 $AUTHORIZED_KEYS_FILE \
&& mkdir /var/run/sshd && chmod 0755 /var/run/sshd \
update access.conf
1 year ago
&& echo "+:@data:ALL" >> /etc/security/access.conf
Initial commit
6 years ago
ADD entrypoint.sh /
EXPOSE 22
Move HostKeys to they're own path
1 year ago
VOLUME /etc/ssh/host_keys
Don't use DATADIR We need to make sure the path to homedir is all root-owned as per sshd_config man page (ChrootDirectory option). So just ditch all that and force the /home/data path but chown/chmod everything bellow it to the UID/GID requested.
1 year ago
VOLUME /home/data
Initial commit
6 years ago
CMD ["/entrypoint.sh"]