0
0
Fork 0
mirror of https://github.com/atmoz/sftp.git synced 2024-11-24 12:59:24 -05:00

Public keys and entrypoint arguments

This commit is contained in:
Adrian 2014-10-21 03:21:53 +02:00
parent a6c2b1b404
commit fcaacd2d39
3 changed files with 55 additions and 35 deletions

View file

@ -17,4 +17,4 @@ RUN mv sshd_config /etc/ssh/sshd_config && \
EXPOSE 22 EXPOSE 22
CMD ["./run"] ENTRYPOINT ["./run"]

View file

@ -6,11 +6,10 @@ Easy to use SFTP (*SSH File Transfer Protocol*) server.
Usage Usage
----- -----
- Define users and passwords in comma separated list with SFTP_USERS - Define users as last arguments to `docker run`, one user per argument
(syntax: `user:pass[:e][:[uid][:gid]][,...]`). (syntax: `user:pass[:e][:[uid][:gid]]`).
- You must set custom UID and/or GID for your users if you want them to make - You must set custom UID for your users if you want them to make changes to
changes to your mounted volumes with permissions matching your host your mounted volumes with permissions matching your host filesystem.
filesystem.
- Mount volumes in user's home folder. - Mount volumes in user's home folder.
- The users are chrooted to their home directory, so you must mount the - The users are chrooted to their home directory, so you must mount the
volumes in separate directories inside the user's home directory volumes in separate directories inside the user's home directory
@ -23,41 +22,43 @@ Examples
``` ```
docker run \ docker run \
-e SFTP_USERS='foo:123' \ -v /host/share:/home/foo/share \
-v "/host/share:/home/foo/share" \ -p 2222:22 -d atmoz/sftp \
-p 2222:22 -d atmoz/sftp foo:123:1001
``` ```
### Multiple users and volumes ### Multiple users and volumes
``` ```
docker run \ docker run \
-e SFTP_USERS='foo:123,bar:abc' \ -v /host/share:/home/foo/share \
-v "/host/share:/home/foo/share" \ -v /host/documents:/home/foo/documents \
-v "/host/documents:/home/foo/documents" \ -v /host/http:/home/bar/http \
-v "/host/http:/home/bar/http" \ -p 2222:22 -d atmoz/sftp \
-p 2222:22 -d atmoz/sftp foo:123:1001 \
``` bar:abc:1002
### Custom UID and GID
```
SFTP_USERS='foo:123:1001:100'
```
Only custom GID:
```
SFTP_USERS='foo:123::100'
``` ```
### Encrypted password ### Encrypted password
Add `:e` behind password to mark it as encrypted: Add `:e` behind password to mark it as encrypted. Use single quotes.
``` ```
SFTP_USERS='foo:$1$0G2g0GSt$ewU0t6GXG15.0hWoOX8X9.:e:1001:100' docker run \
-v /host/share:/home/foo/share \
-p 2222:22 -d atmoz/sftp \
'foo:$1$0G2g0GSt$ewU0t6GXG15.0hWoOX8X9.:e:1001'
``` ```
Tip: you can use makepasswd to generate encrypted passwords: Tip: you can use makepasswd to generate encrypted passwords:
`echo -n 123 | makepasswd --crypt-md5 --clearfrom -` `echo -n 123 | makepasswd --crypt-md5 --clearfrom -`
### Use public key (without password)
```
docker run \
-v /host/id_rsa.pub:/public_keys/foo:ro \
-v /host/share:/home/foo/share \
-p 2222:22 -d atmoz/sftp \
foo::1001
```

33
run
View file

@ -1,9 +1,8 @@
#!/bin/bash #!/bin/bash
# Add users (user:pass[:e][:[uid][:gid]][,...]) for users in "$@"; do
IFS=',' read -a users <<< "$SFTP_USERS" # user:pass[:e][:[uid][:gid]]
for userData in "${users[@]}"; do IFS=':' read -a data <<< "$users"
IFS=':' read -a data <<< "$userData"
user="${data[0]}" user="${data[0]}"
pass="${data[1]}" pass="${data[1]}"
@ -27,10 +26,30 @@ for userData in "${users[@]}"; do
fi fi
useradd $useraddParams "$user" useradd $useraddParams "$user"
echo "$user:$pass" | chpasswd $chpasswdParams
chown root:root /home/$user chown root:root /home/$user
chmod 755 /home/$user chmod 755 /home/$user
if [ -z "$pass" ]; then
# just make a very long and random password
pass="$(echo `</dev/urandom tr -dc A-Za-z0-9 | head -c256`)"
fi
echo "$user:$pass" | chpasswd $chpasswdParams
# if [ -f /home/$user/.ssh/authorized_keys ]; then
# chown -R $user:users /home/$user/.ssh
# chmod 400 /home/$user/.ssh/authorized_keys
# fi
done done
# Run SSH cd /public_keys
/usr/sbin/sshd -D for user in *; do
if id -u $user >/dev/null 2>&1; then
mkdir -p /home/$user/.ssh
cp $user /home/$user/.ssh/authorized_keys
chown $user:users /home/$user/.ssh/authorized_keys
fi
done
cd /root
exec /usr/sbin/sshd -D