diff options
| -rw-r--r-- | docker/Dockerfile.gitolite | 6 | ||||
| -rw-r--r-- | docker/sshd_config | 22 |
2 files changed, 26 insertions, 2 deletions
diff --git a/docker/Dockerfile.gitolite b/docker/Dockerfile.gitolite index f953c57..66367b5 100644 --- a/docker/Dockerfile.gitolite +++ b/docker/Dockerfile.gitolite @@ -22,8 +22,10 @@ VOLUME /var/lib/gitolite # sshd host keys are stored in a volume so that rebuilding/updating the # image doesn't break user trust -RUN ssh-keygen -A -VOLUME /etc/ssh +COPY sshd_config /etc/ssh/ +RUN mkdir -p /hostkeys/etc/ssh/ +RUN ssh-keygen -A -f /hostkeys +VOLUME /hostkeys EXPOSE 22 CMD ["/usr/bin/sshd", "-D"] diff --git a/docker/sshd_config b/docker/sshd_config new file mode 100644 index 0000000..efc0c52 --- /dev/null +++ b/docker/sshd_config @@ -0,0 +1,22 @@ +Port 22 + +HostKey /hostkeys/etc/ssh/ssh_host_rsa_key +HostKey /hostkeys/etc/ssh/ssh_host_ecdsa_key +HostKey /hostkeys/etc/ssh/ssh_host_ed25519_key + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +UsePAM yes +PermitRootLogin no +PasswordAuthentication no +KbdInteractiveAuthentication no +AllowAgentForwarding no +AllowTcpForwarding no +GatewayPorts no +X11Forwarding no +PermitTTY no +PrintLastLog no +PermitUserEnvironment no +PermitTunnel no |