]>
git.proxmox.com Git - mirror_lxc.git/blob - templates/lxc-sshd.in
4 # lxc: linux Container library
7 # Daniel Lezcano <daniel.lezcano@free.fr>
9 # This library is free software; you can redistribute it and/or
10 # modify it under the terms of the GNU Lesser General Public
11 # License as published by the Free Software Foundation; either
12 # version 2.1 of the License, or (at your option) any later version.
14 # This library is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 # Lesser General Public License for more details.
19 # You should have received a copy of the GNU Lesser General Public
20 # License along with this library; if not, write to the Free Software
21 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
28 $rootfs/var/run/sshd \
29 $rootfs/var/empty/sshd \
30 $rootfs/var/lib/empty/sshd \
56 cat <<EOF > $rootfs/etc/passwd
57 root:x:0:0:root:/root:/bin/bash
58 sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
61 cat <<EOF > $rootfs/etc/group
66 ssh-keygen
-t rsa
-f $rootfs/etc
/ssh
/ssh_host_rsa_key
67 ssh-keygen
-t dsa
-f $rootfs/etc
/ssh
/ssh_host_dsa_key
69 # by default setup root password with no password
70 cat <<EOF > $rootfs/etc/ssh/sshd_config
73 HostKey /etc/ssh/ssh_host_rsa_key
74 HostKey /etc/ssh/ssh_host_dsa_key
75 UsePrivilegeSeparation yes
76 KeyRegenerationInterval 3600
84 PubkeyAuthentication yes
86 RhostsRSAAuthentication no
87 HostbasedAuthentication no
88 PermitEmptyPasswords yes
89 ChallengeResponseAuthentication no
92 if [ -n "$auth_key" -a -f "$auth_key" ]; then
94 root_u_path
="$rootfs/$u_path"
96 cp $auth_key "$root_u_path/authorized_keys"
97 chown
-R 0:0 "$rootfs/$u_path"
98 chmod 700 "$rootfs/$u_path"
99 echo "Inserted SSH public key from $auth_key into /home/ubuntu/.ssh/authorized_keys"
111 cat <<EOF >> $path/config
116 # When using LXC with apparmor, uncomment the next line to run unconfined:
117 #lxc.aa_profile = unconfined
119 lxc.mount.entry=/dev dev none ro,bind 0 0
120 lxc.mount.entry=/lib lib none ro,bind 0 0
121 lxc.mount.entry=/bin bin none ro,bind 0 0
122 lxc.mount.entry=/usr usr none ro,bind 0 0
123 lxc.mount.entry=/sbin sbin none ro,bind 0 0
124 lxc.mount.entry=tmpfs var/run/sshd tmpfs mode=0644 0 0
125 lxc.mount.entry=@LXCTEMPLATEDIR@/lxc-sshd sbin/init none bind 0 0
126 lxc.mount.entry=proc $rootfs/proc proc nodev,noexec,nosuid 0 0
129 # if no .ipv4 section in config, then have the container run dhcp
130 grep -q "^lxc.network.ipv4" $path/config ||
touch $rootfs/run-dhcp
132 if [ "$(uname -m)" = "x86_64" ]; then
133 cat <<EOF >> $path/config
134 lxc.mount.entry=/lib64 lib64 none ro,bind 0 0
142 $1 -h|--help -p|--path=<path>
147 options
=$
(getopt
-o hp
:n
:S
: -l help,path
:,name
:,auth-key
: -- "$@")
148 if [ $?
-ne 0 ]; then
152 eval set -- "$options"
157 -h|
--help) usage
$0 && exit 0;;
158 -p|
--path) path
=$2; shift 2;;
159 -n|
--name) name
=$2; shift 2;;
160 -S|
--auth-key) auth_key
=$2; shift 2;;
161 --) shift 1; break ;;
166 if [ "$(id -u)" != "0" ]; then
167 echo "This script should be run as 'root'"
171 if [ $0 == "/sbin/init" ]; then
173 type @LXCINITDIR@
/lxc-init
174 if [ $?
-ne 0 ]; then
175 echo "'lxc-init is not accessible on the system"
180 if [ $?
-ne 0 ]; then
181 echo "'sshd' is not accessible on the system "
186 if [ -f /run-dhcp
]; then
188 if [ $?
-ne 0 ]; then
189 echo "can't find dhclient"
194 cat > /dhclient.conf
<< EOF
195 send host-name "<hostname>";
198 dhclient eth0
-cf /dhclient.conf
201 exec @LXCINITDIR@
/lxc-init
-- /usr
/sbin
/sshd
205 if [ -z "$path" ]; then
206 echo "'path' parameter is required"
213 if [ $?
-ne 0 ]; then
214 echo "failed to install sshd's rootfs"
218 configure_sshd
$rootfs
219 if [ $?
-ne 0 ]; then
220 echo "failed to configure sshd template"
224 copy_configuration
$path $rootfs $name
225 if [ $?
-ne 0 ]; then
226 echo "failed to write configuration file"