commit af446d2633030c76b30db0c256108a4ca370b1de
parent 35caf76a48cc639a6e9a529776d3ad034149d905
Author: Akuario <jkarlos.b@gmail.com>
Date: Wed, 27 Jul 2016 13:21:18 +0200
Fixed ssh keys bug
Diffstat:
3 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/Dockerfile b/Dockerfile
@@ -19,6 +19,8 @@ WORKDIR /git-server/
# Con -D no creamos password, con -s le cambiamos la shell
RUN mkdir /git-server/keys \
&& adduser -D -s /usr/bin/git-shell git \
+ #&& adduser -D git \
+ && echo git:12345 | chpasswd \
&& mkdir /home/git/.ssh
COPY sshd_config /etc/ssh/sshd_config
diff --git a/sshd_config b/sshd_config
@@ -16,15 +16,15 @@
#ListenAddress ::
# The default requires explicit activation of protocol 1
-Protocol 2
+#Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
-HostKey /etc/ssh/ssh_host_ed25519_key
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
@@ -46,12 +46,13 @@ HostKey /etc/ssh/ssh_host_ed25519_key
#MaxAuthTries 6
#MaxSessions 10
-#RSAAuthentication yes
+RSAAuthentication yes
PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
+#AuthorizedKeysFile /home/git/.ssh/authorized_keys
#AuthorizedPrincipalsFile none
@@ -76,13 +77,13 @@ PasswordAuthentication no
#ChallengeResponseAuthentication yes
# Kerberos options
-#KerberosAuthentication no
+KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
-#GSSAPIAuthentication no
+GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
@@ -128,7 +129,7 @@ Subsystem sftp /usr/lib/ssh/sftp-server
# the following are HPN related configuration options
# tcp receive buffer polling. disable in non autotuning kernels
#TcpRcvBufPoll yes
-
+
# disable hpn performance boosts
#HPNDisabled no
diff --git a/start.sh b/start.sh
@@ -4,9 +4,10 @@ cd /home/git
# Si hay alguna clave pública en la carpeta de keys
if [ "$(ls -A /git-server/keys/)" ]; then
- cat /git-server/keys/*.pub > .ssh/authorized_keys
+ cat /git-server/keys/*.pub >> .ssh/authorized_keys
chown -R git:git .ssh
- chmod -R a=rw+X,o-w .ssh
+ chmod 700 .ssh
+ chmod -R 600 .ssh/*
fi
# Bandera -D para que no se ejecute como demonio