Dockerfile 1.2 KB

12345678910111213141516171819202122232425262728293031323334353637
  1. FROM docker.io/alpine:3.17.0
  2. ARG OPENSSH_SERVER_PACKAGE_VERSION=9.1_p1-r1
  3. ENV SSHD_HOST_KEYS_DIR=/etc/ssh/host_keys
  4. ENV CLIENT_USER=nonroot
  5. ENV CLIENT_HOME=/home/$CLIENT_USER
  6. ARG CHROOT_PATH=/data
  7. RUN apk add --no-cache \
  8. openssh-server="$OPENSSH_SERVER_PACKAGE_VERSION" \
  9. openssh-sftp-server="$OPENSSH_SERVER_PACKAGE_VERSION" \
  10. && mkdir "$SSHD_HOST_KEYS_DIR" \
  11. && adduser -S -h "$CLIENT_HOME" "$CLIENT_USER" \
  12. && sed -i "s/^$CLIENT_USER:!:/$CLIENT_USER:*:/" /etc/shadow \
  13. && mkdir "$CLIENT_HOME/.ssh" \
  14. && chmod -c a+rX "$CLIENT_HOME/.ssh" \
  15. && mkdir "$CHROOT_PATH" \
  16. && chmod -c a+rX "$CHROOT_PATH"
  17. VOLUME $SSHD_HOST_KEYS_DIR
  18. VOLUME $CHROOT_PATH
  19. COPY sshd_config /etc/ssh/sshd_config
  20. EXPOSE 2200/tcp
  21. ENV SSH_CLIENT_PUBLIC_KEYS=
  22. COPY entrypoint.sh /
  23. ENTRYPOINT ["/entrypoint.sh"]
  24. # uid=0 required for ChrootDirectory option
  25. # https://unix.stackexchange.com/a/224329/155174
  26. USER 0
  27. CMD ["/usr/sbin/sshd", "-D", "-e"]
  28. # https://github.com/opencontainers/image-spec/blob/v1.0.1/annotations.md
  29. ARG REVISION=
  30. LABEL org.opencontainers.image.title="single-user openssh server restricted to sftp access" \
  31. org.opencontainers.image.source="https://github.com/fphammerle/docker-sftpd" \
  32. org.opencontainers.image.revision="$REVISION"