mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-04-28 03:42:09 +00:00
1dbe3fb8bc
Need to set correct permissions for ssh directories and files Fixes: #11005 Signed-Off-By: Ryan Savino <ryan.savino@amd.com>
42 lines
1.4 KiB
Docker
42 lines
1.4 KiB
Docker
# Copyright (c) 2023 Intel Corporatiion
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
# We know that using latest is error prone, we're taking the risk here.
|
|
# hadolint ignore=DL3007
|
|
FROM alpine:latest
|
|
|
|
# We don't need a specific version of those packages
|
|
# hadolint ignore=DL3018
|
|
RUN apk add --no-cache curl openssh-server
|
|
|
|
# Download and install `cpuid`, which will be used to detect
|
|
# whether we're the container is running on a TEE guest
|
|
# hadolint ignore=DL3059
|
|
RUN /bin/sh -c \
|
|
'ARCH=$(uname -m) && \
|
|
[[ "${ARCH}" == "x86_64" ]] && \
|
|
curl -LO https://github.com/klauspost/cpuid/releases/download/v2.2.7/cpuid-Linux_x86_64_2.2.7.tar.gz && \
|
|
tar -xvzf cpuid-Linux_x86_64_2.2.7.tar.gz -C /usr/bin && \
|
|
rm -rf cpuid-Linux_x86_64_2.2.7.tar.gz && \
|
|
rm -f /usr/bin/LICENSE' || true
|
|
|
|
# This is done just to avoid the following error starting sshd
|
|
# `sshd: no hostkeys available -- exiting.`
|
|
# hadolint ignore=DL3059
|
|
RUN ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -P ""
|
|
|
|
# A password needs to be set for login to work. An empty password is
|
|
# unproblematic as password-based login to root is not allowed.
|
|
# hadolint ignore=DL3059
|
|
RUN passwd -d root
|
|
|
|
# Generated with `ssh-keygen -t ed25519 -f unencrypted -P "" -C ""`
|
|
COPY ssh/unencrypted.pub /root/.ssh/authorized_keys
|
|
|
|
# Set correct permissions for SSH folders and files
|
|
RUN chmod 700 /root/.ssh
|
|
RUN chmod 600 /root/.ssh/authorized_keys
|
|
|
|
ENTRYPOINT ["/usr/sbin/sshd", "-D"]
|