]>
git.proxmox.com Git - mirror_lxc.git/blob - templates/lxc-sshd.in
4 # lxc: linux Container library
7 # Daniel Lezcano <daniel.lezcano@free.fr>
9 # This library is free software; you can redistribute it and/or
10 # modify it under the terms of the GNU Lesser General Public
11 # License as published by the Free Software Foundation; either
12 # version 2.1 of the License, or (at your option) any later version.
14 # This library is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 # Lesser General Public License for more details.
19 # You should have received a copy of the GNU Lesser General Public
20 # License along with this library; if not, write to the Free Software
21 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
28 $rootfs/var/run/sshd \
29 $rootfs/var/empty/sshd \
30 $rootfs/var/lib/empty/sshd \
56 cat <<EOF > $rootfs/etc/passwd
57 root:x:0:0:root:/root:/bin/bash
58 sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
61 cat <<EOF > $rootfs/etc/group
66 ssh-keygen
-t rsa
-f $rootfs/etc
/ssh
/ssh_host_rsa_key
67 ssh-keygen
-t dsa
-f $rootfs/etc
/ssh
/ssh_host_dsa_key
69 # by default setup root password with no password
70 cat <<EOF > $rootfs/etc/ssh/sshd_config
73 HostKey /etc/ssh/ssh_host_rsa_key
74 HostKey /etc/ssh/ssh_host_dsa_key
75 UsePrivilegeSeparation yes
76 KeyRegenerationInterval 3600
84 PubkeyAuthentication yes
86 RhostsRSAAuthentication no
87 HostbasedAuthentication no
88 PermitEmptyPasswords yes
89 ChallengeResponseAuthentication no
92 if [ -n "$auth_key" -a -f "$auth_key" ]; then
94 root_u_path
="$rootfs/$u_path"
96 cp $auth_key "$root_u_path/authorized_keys"
97 chown
-R 0:0 "$rootfs/$u_path"
98 chmod 700 "$rootfs/$u_path"
99 echo "Inserted SSH public key from $auth_key into $rootfs/$u_path"
111 grep -q "^lxc.rootfs" $path/config
2>/dev
/null ||
echo "lxc.rootfs = $rootfs" >> $path/config
112 cat <<EOF >> $path/config
115 lxc.cap.drop = sys_module mac_admin mac_override sys_time
117 # When using LXC with apparmor, uncomment the next line to run unconfined:
118 #lxc.aa_profile = unconfined
120 lxc.mount.entry = /dev dev none ro,bind 0 0
121 lxc.mount.entry = /lib lib none ro,bind 0 0
122 lxc.mount.entry = /bin bin none ro,bind 0 0
123 lxc.mount.entry = /usr usr none ro,bind 0 0
124 lxc.mount.entry = /sbin sbin none ro,bind 0 0
125 lxc.mount.entry = tmpfs var/run/sshd tmpfs mode=0644 0 0
126 lxc.mount.entry = @LXCTEMPLATEDIR@/lxc-sshd sbin/init none bind 0 0
127 lxc.mount.entry = proc $rootfs/proc proc nodev,noexec,nosuid 0 0
130 # if no .ipv4 section in config, then have the container run dhcp
131 grep -q "^lxc.network.ipv4" $path/config ||
touch $rootfs/run-dhcp
133 if [ "$(uname -m)" = "x86_64" ]; then
134 cat <<EOF >> $path/config
135 lxc.mount.entry = /lib64 lib64 none ro,bind 0 0
143 $1 -h|--help -p|--path=<path> [--rootfs=<path>]
148 options
=$
(getopt
-o hp
:n
:S
: -l help,rootfs
:,path
:,name
:,auth-key
: -- "$@")
149 if [ $?
-ne 0 ]; then
153 eval set -- "$options"
158 -h|
--help) usage
$0 && exit 0;;
159 -p|
--path) path
=$2; shift 2;;
160 --rootfs) rootfs
=$2; shift 2;;
161 -n|
--name) name
=$2; shift 2;;
162 -S|
--auth-key) auth_key
=$2; shift 2;;
163 --) shift 1; break ;;
168 if [ "$(id -u)" != "0" ]; then
169 echo "This script should be run as 'root'"
173 if [ $0 == "/sbin/init" ]; then
175 type @LXCINITDIR@
/lxc-init
176 if [ $?
-ne 0 ]; then
177 echo "'lxc-init is not accessible on the system"
182 if [ $?
-ne 0 ]; then
183 echo "'sshd' is not accessible on the system "
188 if [ -f /run-dhcp
]; then
190 if [ $?
-ne 0 ]; then
191 echo "can't find dhclient"
196 cat > /dhclient.conf
<< EOF
197 send host-name "<hostname>";
200 dhclient eth0
-cf /dhclient.conf
203 exec @LXCINITDIR@
/lxc-init
-- /usr
/sbin
/sshd
207 if [ -z "$path" ]; then
208 echo "'path' parameter is required"
213 config
="$path/config"
214 if [ -z "$rootfs" ]; then
215 if grep -q '^lxc.rootfs' $config 2>/dev
/null
; then
216 rootfs
=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
223 if [ $?
-ne 0 ]; then
224 echo "failed to install sshd's rootfs"
228 configure_sshd
$rootfs
229 if [ $?
-ne 0 ]; then
230 echo "failed to configure sshd template"
234 copy_configuration
$path $rootfs $name
235 if [ $?
-ne 0 ]; then
236 echo "failed to write configuration file"