Commit 9d336497 authored by Michał 'rysiek' Woźniak's avatar Michał 'rysiek' Woźniak
Browse files

handling of known_hosts added

parent adfc4f56
......@@ -13,3 +13,31 @@ It might make good sense to volume-mount the following directories:
- `/etc/cron.weekly/` (can be read-only)
- `/etc/cron.hourly/` (can be read-only)
- `/etc/cron.monthly/` (can be read-only)
## Environment variables
- `SSH_KNOWN_HOSTS` (default: empty)
Known hosts entries to add to `/etc/ssh/ssh_known_hosts` file, in the correct format of `known_hosts` file (described in `sshd` manual).
## `ssh_known_hosts` assembly
If `/etc/ssh/ssh_known_hosts` file does not exist, it will be created. If an `/etc/ssh/ssh_known_hosts.template` exists, it will be used as a template. The file will then be populated with container's own ECDSA public key, and contents of `SSH_KNOWN_HOSTS` environment variable.
## Paths
- `/etc/ssh/ssh_known_hosts.template`
If that file exists, it is used as a template for `/etc/ssh/ssh_known_hosts` within the container.
- `/var/pubkeys`
This is where cron's public key will be placed. Volume-mount it into other containers to be able to use it (you can even use `inotify-watch` to watch it).
- `/etc/cron.d/` (this has to be read-write, for `root`->`cron` user replacements)
- `/etc/cron.daily/` (can be read-only)
- `/etc/cron.weekly/` (can be read-only)
- `/etc/cron.hourly/` (can be read-only)
- `/etc/cron.monthly/` (can be read-only)
Cron configuration directories.
\ No newline at end of file
......@@ -6,8 +6,26 @@ set -e
HOMEDIR="/home/cron"
KEYSDIR="/var/pubkeys"
# add our own keys to /etc/ssh/ssh_known_hosts
if [ ! -e /etc/ssh/ssh_known_hosts ]; then
echo "+-- setting up /etc/ssh/ssh_known_hosts..."
# use the template, if it exists
if [ -e /etc/ssh/ssh_known_hosts.template ]; then
echo " +-- basing on template file: /etc/ssh/ssh_known_hosts.template"
cat /etc/ssh/ssh_known_hosts.template > /etc/ssh/ssh_known_hosts
fi
echo " +-- adding local ECDSA pubkey from: /etc/ssh/ssh_host_ecdsa_key.pub"
echo "* $( cat /etc/ssh/ssh_host_ecdsa_key.pub )" >> /etc/ssh/ssh_known_hosts
# if SSH_KNOWN_HOSTS is nonempty, let's add that to ssh_known_hosts
if [ ! -z ${SSH_KNOWN_HOSTS+x} ]; then
echo " +-- adding known hosts from SSH_KNOWN_HOSTS:"
echo -e "${SSH_KNOWN_HOSTS}"
echo -e "${SSH_KNOWN_HOSTS}" >> "/etc/ssh/ssh_known_hosts"
fi
echo " +-- done."
fi
# we're not running the sshd, so no SSH_KEYS/authprized_keys needed
# host keys are also unneeded
# also, the user should get created in the dockerfile, so no need for doing this here either
# create the .ssh folder if it does not exist
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment