Skip to content

Commit

Permalink
Fix chsh (#33)
Browse files Browse the repository at this point in the history
* Add shaddow for chsh

* add missing commands. make testing easier

* touch lastlog

* delete hostkey for testing

* add required deps to final stage
  • Loading branch information
osterman authored Sep 29, 2018
1 parent dc2ac5e commit 926e544
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 4 deletions.
9 changes: 9 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,15 @@ LABEL maintainer="[email protected]"

USER root

## Install dependencies
RUN apk --update add curl drill groff util-linux bash xauth gettext shadow sudo && \
rm -rf /etc/ssh/ssh_host_*_key* && \
rm -f /usr/bin/ssh-agent && \
rm -f /usr/bin/ssh-keyscan && \
touch /var/log/lastlog && \
mkdir -p /var/run/sshd && \
mv /etc/profile.d/color_prompt /etc/profile.d/color_prompt.sh

## Install sudosh
ENV SUDOSH_VERSION=0.1.3
RUN wget https://github.com/cloudposse/sudosh/releases/download/${SUDOSH_VERSION}/sudosh_linux_386 -O /usr/bin/sudosh && \
Expand Down
17 changes: 14 additions & 3 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,23 @@ COPYRIGHT_SOFTWARE_DESCRIPTION := A secure Bastion host implemented as Docker Co

include $(shell curl --silent -O "https://raw.githubusercontent.com/cloudposse/build-harness/master/templates/Makefile.build-harness"; echo Makefile.build-harness)

run:
ssh-keygen -R '[localhost]:1234'
docker run -it -p1234:22 \
reset:
ssh-keygen -R '[localhost]:1234' || true

shell: reset
docker run --name bastion --rm -it -p1234:22 \
-v ~/.ssh/:/root/.ssh/ \
--env-file=../.secrets \
--env-file=../.duo \
-e MFA_PROVIDER=google-authenticator \
-e SLACK_ENABLED=true \
--entrypoint=/bin/bash $(DOCKER_IMAGE_NAME)

run: reset
docker run --name bastion --rm -it -p1234:22 \
-v ~/.ssh/:/root/.ssh/ \
--env-file=../.secrets \
--env-file=../.duo \
-e MFA_PROVIDER=google-authenticator \
-e SLACK_ENABLED=true \
$(DOCKER_IMAGE_NAME)
1 change: 0 additions & 1 deletion rootfs/etc/ssh/sshd_config
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@ PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox
PermitUserEnvironment no
#Compression delayed
ClientAliveInterval 30
Expand Down

0 comments on commit 926e544

Please sign in to comment.