diff --git a/cmd/control/console_init.go b/cmd/control/console_init.go index c138046d..7829956c 100644 --- a/cmd/control/console_init.go +++ b/cmd/control/console_init.go @@ -7,9 +7,10 @@ import ( "os" "os/exec" "path" - "regexp" + "strconv" "strings" "syscall" + "text/template" "github.com/rancher/os/cmd/cloudinitexecute" "github.com/rancher/os/config" @@ -318,37 +319,26 @@ func writeRespawn(user string, sshd, recovery bool) error { } func modifySshdConfig(cfg *config.CloudConfig) error { - sshdConfig, err := ioutil.ReadFile("/etc/ssh/sshd_config") + os.Remove("/etc/ssh/sshd_config") + sshdTpl, err := template.ParseFiles("/etc/ssh/sshd_config.tpl") if err != nil { return err } - sshdConfigString := string(sshdConfig) - - modifiedLines := []string{ - "UseDNS no", - "PermitRootLogin no", - "ServerKeyBits 2048", - "AllowGroups docker", + f, err := os.OpenFile("/etc/ssh/sshd_config", os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + return err } + defer f.Close() + config := map[string]string{} if cfg.Rancher.SSH.Port > 0 && cfg.Rancher.SSH.Port < 65355 { - modifiedLines = append(modifiedLines, fmt.Sprintf("Port %d", cfg.Rancher.SSH.Port)) + config["Port"] = strconv.Itoa(cfg.Rancher.SSH.Port) } if cfg.Rancher.SSH.ListenAddress != "" { - modifiedLines = append(modifiedLines, fmt.Sprintf("ListenAddress %s", cfg.Rancher.SSH.ListenAddress)) + config["ListenAddress"] = cfg.Rancher.SSH.ListenAddress } - for _, item := range modifiedLines { - match, err := regexp.Match("^"+item, sshdConfig) - if err != nil { - return err - } - if !match { - sshdConfigString += fmt.Sprintf("%s\n", item) - } - } - - return ioutil.WriteFile("/etc/ssh/sshd_config", []byte(sshdConfigString), 0644) + return sshdTpl.Execute(f, config) } func setupSSH(cfg *config.CloudConfig) error { diff --git a/images/02-console/Dockerfile b/images/02-console/Dockerfile index a933b8cc..76b42829 100644 --- a/images/02-console/Dockerfile +++ b/images/02-console/Dockerfile @@ -1,10 +1,13 @@ FROM rancher/os-base COPY build/lsb-release /etc/ +COPY build/sshd_config.append.tpl /etc/ssh/ +COPY prompt.sh /etc/profile.d/ RUN sed -i 's/rancher:!/rancher:*/g' /etc/shadow && \ sed -i 's/docker:!/docker:*/g' /etc/shadow && \ - sed -i 's/#ClientAliveInterval 0/ClientAliveInterval 180/g' /etc/ssh/sshd_config && \ echo '## allow password less for rancher user' >> /etc/sudoers && \ echo 'rancher ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ echo '## allow password less for docker user' >> /etc/sudoers && \ - echo 'docker ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers -COPY prompt.sh /etc/profile.d/ + echo 'docker ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ + cat /etc/ssh/sshd_config > /etc/ssh/sshd_config.tpl && \ + cat /etc/ssh/sshd_config.append.tpl >> /etc/ssh/sshd_config.tpl && \ + rm -f /etc/ssh/sshd_config.append.tpl /etc/ssh/sshd_config diff --git a/images/02-console/prebuild.sh b/images/02-console/prebuild.sh index b4f92e3b..d0fef867 100755 --- a/images/02-console/prebuild.sh +++ b/images/02-console/prebuild.sh @@ -13,3 +13,19 @@ DISTRIB_ID=${DISTRIB_ID} DISTRIB_RELEASE=${VERSION} DISTRIB_DESCRIPTION="${DISTRIB_ID} ${VERSION}" EOF + +cat > ./build/sshd_config.append.tpl << EOF +{{- if .Port}} +Port {{.Port}} +{{- end}} + +{{- if .ListenAddress}} +ListenAddress {{.ListenAddress}} +{{- end}} + +ClientAliveInterval 180 + +UseDNS no +PermitRootLogin no +AllowGroups docker +EOF