mirror of
https://github.com/atmoz/sftp.git
synced 2024-11-24 12:59:24 -05:00
Public keys and entrypoint arguments
This commit is contained in:
parent
a6c2b1b404
commit
fcaacd2d39
3 changed files with 55 additions and 35 deletions
|
@ -17,4 +17,4 @@ RUN mv sshd_config /etc/ssh/sshd_config && \
|
||||||
|
|
||||||
EXPOSE 22
|
EXPOSE 22
|
||||||
|
|
||||||
CMD ["./run"]
|
ENTRYPOINT ["./run"]
|
||||||
|
|
55
README.md
55
README.md
|
@ -6,11 +6,10 @@ Easy to use SFTP (*SSH File Transfer Protocol*) server.
|
||||||
Usage
|
Usage
|
||||||
-----
|
-----
|
||||||
|
|
||||||
- Define users and passwords in comma separated list with SFTP_USERS
|
- Define users as last arguments to `docker run`, one user per argument
|
||||||
(syntax: `user:pass[:e][:[uid][:gid]][,...]`).
|
(syntax: `user:pass[:e][:[uid][:gid]]`).
|
||||||
- You must set custom UID and/or GID for your users if you want them to make
|
- You must set custom UID for your users if you want them to make changes to
|
||||||
changes to your mounted volumes with permissions matching your host
|
your mounted volumes with permissions matching your host filesystem.
|
||||||
filesystem.
|
|
||||||
- Mount volumes in user's home folder.
|
- Mount volumes in user's home folder.
|
||||||
- The users are chrooted to their home directory, so you must mount the
|
- The users are chrooted to their home directory, so you must mount the
|
||||||
volumes in separate directories inside the user's home directory
|
volumes in separate directories inside the user's home directory
|
||||||
|
@ -23,41 +22,43 @@ Examples
|
||||||
|
|
||||||
```
|
```
|
||||||
docker run \
|
docker run \
|
||||||
-e SFTP_USERS='foo:123' \
|
-v /host/share:/home/foo/share \
|
||||||
-v "/host/share:/home/foo/share" \
|
-p 2222:22 -d atmoz/sftp \
|
||||||
-p 2222:22 -d atmoz/sftp
|
foo:123:1001
|
||||||
```
|
```
|
||||||
|
|
||||||
### Multiple users and volumes
|
### Multiple users and volumes
|
||||||
|
|
||||||
```
|
```
|
||||||
docker run \
|
docker run \
|
||||||
-e SFTP_USERS='foo:123,bar:abc' \
|
-v /host/share:/home/foo/share \
|
||||||
-v "/host/share:/home/foo/share" \
|
-v /host/documents:/home/foo/documents \
|
||||||
-v "/host/documents:/home/foo/documents" \
|
-v /host/http:/home/bar/http \
|
||||||
-v "/host/http:/home/bar/http" \
|
-p 2222:22 -d atmoz/sftp \
|
||||||
-p 2222:22 -d atmoz/sftp
|
foo:123:1001 \
|
||||||
```
|
bar:abc:1002
|
||||||
|
|
||||||
### Custom UID and GID
|
|
||||||
|
|
||||||
```
|
|
||||||
SFTP_USERS='foo:123:1001:100'
|
|
||||||
```
|
|
||||||
|
|
||||||
Only custom GID:
|
|
||||||
|
|
||||||
```
|
|
||||||
SFTP_USERS='foo:123::100'
|
|
||||||
```
|
```
|
||||||
|
|
||||||
### Encrypted password
|
### Encrypted password
|
||||||
|
|
||||||
Add `:e` behind password to mark it as encrypted:
|
Add `:e` behind password to mark it as encrypted. Use single quotes.
|
||||||
|
|
||||||
```
|
```
|
||||||
SFTP_USERS='foo:$1$0G2g0GSt$ewU0t6GXG15.0hWoOX8X9.:e:1001:100'
|
docker run \
|
||||||
|
-v /host/share:/home/foo/share \
|
||||||
|
-p 2222:22 -d atmoz/sftp \
|
||||||
|
'foo:$1$0G2g0GSt$ewU0t6GXG15.0hWoOX8X9.:e:1001'
|
||||||
```
|
```
|
||||||
|
|
||||||
Tip: you can use makepasswd to generate encrypted passwords:
|
Tip: you can use makepasswd to generate encrypted passwords:
|
||||||
`echo -n 123 | makepasswd --crypt-md5 --clearfrom -`
|
`echo -n 123 | makepasswd --crypt-md5 --clearfrom -`
|
||||||
|
|
||||||
|
### Use public key (without password)
|
||||||
|
|
||||||
|
```
|
||||||
|
docker run \
|
||||||
|
-v /host/id_rsa.pub:/public_keys/foo:ro \
|
||||||
|
-v /host/share:/home/foo/share \
|
||||||
|
-p 2222:22 -d atmoz/sftp \
|
||||||
|
foo::1001
|
||||||
|
```
|
||||||
|
|
33
run
33
run
|
@ -1,9 +1,8 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
# Add users (user:pass[:e][:[uid][:gid]][,...])
|
for users in "$@"; do
|
||||||
IFS=',' read -a users <<< "$SFTP_USERS"
|
# user:pass[:e][:[uid][:gid]]
|
||||||
for userData in "${users[@]}"; do
|
IFS=':' read -a data <<< "$users"
|
||||||
IFS=':' read -a data <<< "$userData"
|
|
||||||
user="${data[0]}"
|
user="${data[0]}"
|
||||||
pass="${data[1]}"
|
pass="${data[1]}"
|
||||||
|
|
||||||
|
@ -27,10 +26,30 @@ for userData in "${users[@]}"; do
|
||||||
fi
|
fi
|
||||||
|
|
||||||
useradd $useraddParams "$user"
|
useradd $useraddParams "$user"
|
||||||
echo "$user:$pass" | chpasswd $chpasswdParams
|
|
||||||
chown root:root /home/$user
|
chown root:root /home/$user
|
||||||
chmod 755 /home/$user
|
chmod 755 /home/$user
|
||||||
|
|
||||||
|
if [ -z "$pass" ]; then
|
||||||
|
# just make a very long and random password
|
||||||
|
pass="$(echo `</dev/urandom tr -dc A-Za-z0-9 | head -c256`)"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "$user:$pass" | chpasswd $chpasswdParams
|
||||||
|
|
||||||
|
# if [ -f /home/$user/.ssh/authorized_keys ]; then
|
||||||
|
# chown -R $user:users /home/$user/.ssh
|
||||||
|
# chmod 400 /home/$user/.ssh/authorized_keys
|
||||||
|
# fi
|
||||||
done
|
done
|
||||||
|
|
||||||
# Run SSH
|
cd /public_keys
|
||||||
/usr/sbin/sshd -D
|
for user in *; do
|
||||||
|
if id -u $user >/dev/null 2>&1; then
|
||||||
|
mkdir -p /home/$user/.ssh
|
||||||
|
cp $user /home/$user/.ssh/authorized_keys
|
||||||
|
chown $user:users /home/$user/.ssh/authorized_keys
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
cd /root
|
||||||
|
|
||||||
|
exec /usr/sbin/sshd -D
|
||||||
|
|
Loading…
Reference in a new issue