12345678910111213141516171819202122232425262728293031323334353637 |
- FROM docker.io/alpine:3.17.2
- ARG OPENSSH_SERVER_PACKAGE_VERSION=9.1_p1-r2
- ENV SSHD_HOST_KEYS_DIR=/etc/ssh/host_keys
- ENV CLIENT_USER=nonroot
- ENV CLIENT_HOME=/home/$CLIENT_USER
- ARG CHROOT_PATH=/data
- RUN apk add --no-cache \
- openssh-server="$OPENSSH_SERVER_PACKAGE_VERSION" \
- openssh-sftp-server="$OPENSSH_SERVER_PACKAGE_VERSION" \
- && mkdir "$SSHD_HOST_KEYS_DIR" \
- && adduser -S -h "$CLIENT_HOME" "$CLIENT_USER" \
- && sed -i "s/^$CLIENT_USER:!:/$CLIENT_USER:*:/" /etc/shadow \
- && mkdir "$CLIENT_HOME/.ssh" \
- && chmod -c a+rX "$CLIENT_HOME/.ssh" \
- && mkdir "$CHROOT_PATH" \
- && chmod -c a+rX "$CHROOT_PATH"
- VOLUME $SSHD_HOST_KEYS_DIR
- VOLUME $CHROOT_PATH
- COPY sshd_config /etc/ssh/sshd_config
- EXPOSE 2200/tcp
- ENV SSH_CLIENT_PUBLIC_KEYS=
- COPY entrypoint.sh /
- ENTRYPOINT ["/entrypoint.sh"]
- # uid=0 required for ChrootDirectory option
- # https://unix.stackexchange.com/a/224329/155174
- USER 0
- CMD ["/usr/sbin/sshd", "-D", "-e"]
- # https://github.com/opencontainers/image-spec/blob/v1.0.1/annotations.md
- ARG REVISION=
- LABEL org.opencontainers.image.title="single-user openssh server restricted to sftp access" \
- org.opencontainers.image.source="https://github.com/fphammerle/docker-sftpd" \
- org.opencontainers.image.revision="$REVISION"
|