Skip to content

Commit

Permalink
Software title: sandboxed & containerised SSH server
Browse files Browse the repository at this point in the history
  • Loading branch information
@igorpecovnik
igorpecovnik committed Jan 4, 2025
1 parent f7ac80a commit aa4588f
Show file tree
Hide file tree
Showing 5 changed files with 144 additions and 0 deletions.
Binary file added tools/include/images/SSH200.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
15 changes: 15 additions & 0 deletions tools/include/markdown/SSH200-footer.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
=== "Access to SSH server"

- `ssh username@<your.IP> -p 2222`

=== "Directories"

- Install directory: `/armbian/openssh-server`
- Configuration directory: `/armbian/openssh-server/config`
- Shared storage directory: `USER_DEFINED`

=== "View logs"

```sh
docker logs -f openssh-server
```
1 change: 1 addition & 0 deletions tools/include/markdown/SSH200-header.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Sandboxed & containerised SSH server allows ssh access without giving keys to the entire server. Giving ssh access via private key often means giving full access to the server. This container creates a limited and sandboxed environment that others can ssh into. The users only have access to the folders mapped and the processes running inside this container.
34 changes: 34 additions & 0 deletions tools/json/config.system.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -354,7 +354,41 @@
"status": "Stable",
"author": "@igorpecovnik",
"condition": "grep -q '^PrintLastLog no' /etc/ssh/sshd_config"
},
{
"id": "SSH200",
"description": "Sandboxed & containerised SSH server",
"about": "This operation will install SSH server.",
"command": [
"module_openssh-server install"
],
"status": "Stable",
"author": "@igorpecovnik",
"condition": "! module_openssh-server status"
},
{
"id": "SSH201",
"description": "Remove sandboxed SSH server",
"about": "This operation will remove SSH server.",
"command": [
"module_openssh-server remove"
],
"status": "Stable",
"author": "@igorpecovnik",
"condition": "module_openssh-server status"
},
{
"id": "SSH202",
"description": "Purge sandboxed SSH server with data folder",
"about": "This operation will purge SSH server with data folder.",
"command": [
"module_openssh-server purge"
],
"status": "Stable",
"author": "@igorpecovnik",
"condition": "module_openssh-server status"
}

]
},
{
Expand Down
94 changes: 94 additions & 0 deletions tools/modules/system/module_sshserver.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
module_options+=(
["module_openssh-server,author"]="@armbian"
["module_openssh-server,maintainer"]="@igorpecovnik"
["module_openssh-server,feature"]="module_openssh-server"
["module_openssh-server,example"]="install remove purge status help"
["module_openssh-server,desc"]="Install openssh-server container"
["module_openssh-server,status"]="Active"
["module_openssh-server,doc_link"]="https://docs.linuxserver.io/images/docker-openssh-server/#server-mode"
["module_openssh-server,group"]="Network"
["module_openssh-server,port"]="2222"
["module_openssh-server,arch"]="x86-64 arm64"
)
#
# Module openssh-server
#
function module_openssh-server () {
local title="openssh-server"
local condition=$(which "$title" 2>/dev/null)

if pkg_installed docker-ce; then
local container=$(docker container ls -a | mawk '/openssh-server?( |$)/{print $1}')
local image=$(docker image ls -a | mawk '/openssh-server?( |$)/{print $3}')
fi

local commands
IFS=' ' read -r -a commands <<< "${module_options["module_openssh-server,example"]}"

OPENSSHSERVER_BASE="${SOFTWARE_FOLDER}/openssh-server"

case "$1" in
"${commands[0]}")
pkg_installed docker-ce || module_docker install
[[ -d "${OPENSSHSERVER_BASE}" ]] || mkdir -p "${OPENSSHSERVER_BASE}" || { echo "Couldn't create storage directory: ${OPENSSHSERVER_BASE}"; exit 1; }
USER_NAME=$($DIALOG --title "Enter username" --inputbox "\nHit enter for defaults" 9 50 "upload" 3>&1 1>&2 2>&3)
PUBLIC_KEY=$($DIALOG --title "Enter public key" --inputbox "" 9 50 "" 3>&1 1>&2 2>&3)
MOUNT_POINT=$($DIALOG --title "Enter shared folder path" --inputbox "" 9 50 "${OPENSSHSERVER_BASE}/storage" 3>&1 1>&2 2>&3)
docker run -d \
--name=openssh-server \
--net=lsio \
--hostname=openssh-server `#optional` \
-e PUID=1000 \
-e PGID=1000 \
-e TZ="$(cat /etc/timezone)" \
-e PUBLIC_KEY="${PUBLIC_KEY}" \
-e SUDO_ACCESS=false \
-e PASSWORD_ACCESS=false \
-e USER_PASSWORD=password \
-e USER_NAME="${USER_NAME}" \
-p 2222:2222 \
-v "${OPENSSHSERVER_BASE}/config:/config" \
-v "${MOUNT_POINT}:/config/storage" \
--restart unless-stopped \
lscr.io/linuxserver/openssh-server:latest
for i in $(seq 1 20); do
if docker inspect -f '{{ index .Config.Labels "build_version" }}' openssh-server >/dev/null 2>&1 ; then
break
else
sleep 3
fi
if [ $i -eq 20 ] ; then
echo -e "\nTimed out waiting for ${title} to start, consult your container logs for more info (\`docker logs openssh-server\`)"
exit 1
fi
done
;;
"${commands[1]}")
[[ "${container}" ]] && docker container rm -f "$container" >/dev/null
[[ "${image}" ]] && docker image rm "$image" >/dev/null
;;
"${commands[2]}")
${module_options["module_openssh-server,feature"]} ${commands[1]}
[[ -n "${OPENSSHSERVER_BASE}" && "${OPENSSHSERVER_BASE}" != "/" ]] && rm -rf "${OPENSSHSERVER_BASE}"
;;
"${commands[3]}")
if [[ "${container}" && "${image}" ]]; then
return 0
else
return 1
fi
;;
"${commands[4]}")
echo -e "\nUsage: ${module_options["module_openssh-server,feature"]} <command>"
echo -e "Commands: ${module_options["module_openssh-server,example"]}"
echo "Available commands:"
echo -e "\tinstall\t- Install $title."
echo -e "\tstatus\t- Installation status $title."
echo -e "\tremove\t- Remove $title."
echo
;;
*)
${module_options["module_openssh-server,feature"]} ${commands[4]}
;;
esac
}

0 comments on commit aa4588f

Please sign in to comment.