diff --git a/Dockerfile b/Dockerfile index ba15663..29af16e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -74,6 +74,15 @@ LABEL maintainer="erik@cloudposse.com" USER root +## Install dependencies +RUN apk --update add curl drill groff util-linux bash xauth gettext shadow sudo && \ + rm -rf /etc/ssh/ssh_host_*_key* && \ + rm -f /usr/bin/ssh-agent && \ + rm -f /usr/bin/ssh-keyscan && \ + touch /var/log/lastlog && \ + mkdir -p /var/run/sshd && \ + mv /etc/profile.d/color_prompt /etc/profile.d/color_prompt.sh + ## Install sudosh ENV SUDOSH_VERSION=0.1.3 RUN wget https://github.com/cloudposse/sudosh/releases/download/${SUDOSH_VERSION}/sudosh_linux_386 -O /usr/bin/sudosh && \ diff --git a/Makefile b/Makefile index 3cf318a..d8d1f4d 100644 --- a/Makefile +++ b/Makefile @@ -6,12 +6,23 @@ COPYRIGHT_SOFTWARE_DESCRIPTION := A secure Bastion host implemented as Docker Co include $(shell curl --silent -O "https://raw.githubusercontent.com/cloudposse/build-harness/master/templates/Makefile.build-harness"; echo Makefile.build-harness) -run: - ssh-keygen -R '[localhost]:1234' - docker run -it -p1234:22 \ +reset: + ssh-keygen -R '[localhost]:1234' || true + +shell: reset + docker run --name bastion --rm -it -p1234:22 \ -v ~/.ssh/:/root/.ssh/ \ --env-file=../.secrets \ --env-file=../.duo \ -e MFA_PROVIDER=google-authenticator \ -e SLACK_ENABLED=true \ --entrypoint=/bin/bash $(DOCKER_IMAGE_NAME) + +run: reset + docker run --name bastion --rm -it -p1234:22 \ + -v ~/.ssh/:/root/.ssh/ \ + --env-file=../.secrets \ + --env-file=../.duo \ + -e MFA_PROVIDER=google-authenticator \ + -e SLACK_ENABLED=true \ + $(DOCKER_IMAGE_NAME) diff --git a/rootfs/etc/ssh/sshd_config b/rootfs/etc/ssh/sshd_config index 99984d2..1914a08 100644 --- a/rootfs/etc/ssh/sshd_config +++ b/rootfs/etc/ssh/sshd_config @@ -56,7 +56,6 @@ PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no -UsePrivilegeSeparation sandbox PermitUserEnvironment no #Compression delayed ClientAliveInterval 30