lxc/templates/lxc-sshd.in

	lxc-sshd.in revision c01d62f21b21ba6c2b8b78ab3c2b37cc8f8fd265
883N/A#!/bin/bash
883N/A
883N/A#
883N/A# lxc: linux Container library
883N/A
883N/A# Authors:
883N/A# Daniel Lezcano <daniel.lezcano@free.fr>
883N/A
883N/A# This library is free software; you can redistribute it and/or
883N/A# modify it under the terms of the GNU Lesser General Public
883N/A# License as published by the Free Software Foundation; either
883N/A# version 2.1 of the License, or (at your option) any later version.
883N/A
883N/A# This library is distributed in the hope that it will be useful,
883N/A# but WITHOUT ANY WARRANTY; without even the implied warranty of
883N/A# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
883N/A# Lesser General Public License for more details.
883N/A
883N/A# You should have received a copy of the GNU Lesser General Public
883N/A# License along with this library; if not, write to the Free Software
883N/A# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
883N/A
883N/Ainstall_sshd()
883N/A{
883N/A    rootfs=$1
883N/A
883N/A    tree="\
883N/A$rootfs/var/run \
883N/A$rootfs/var/empty/sshd \
883N/A$rootfs/var/lib/empty/sshd \
883N/A$rootfs/etc/ssh \
883N/A$rootfs/dev/shm \
883N/A$rootfs/proc \
883N/A$rootfs/bin \
883N/A$rootfs/sbin \
883N/A$rootfs/usr \
883N/A$rootfs/tmp \
883N/A$rootfs/home \
883N/A$rootfs/root \
883N/A$rootfs/lib \
883N/A$rootfs/lib64"
883N/A
883N/A    mkdir -p $tree
883N/A    if [ $? -ne 0 ]; then
883N/A    return 1
883N/A    fi
883N/A
883N/A    return 0
883N/A}
883N/A
883N/Aconfigure_sshd()
883N/A{
883N/A    rootfs=$1
883N/A
883N/A    cat <<EOF > $rootfs/etc/passwd
883N/Aroot:x:0:0:root:/root:/bin/bash
883N/Asshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
883N/AEOF
883N/A
883N/A    cat <<EOF > $rootfs/etc/group
887N/Aroot:x:0:root
887N/Asshd:x:74:
887N/AEOF
913N/A
913N/Assh-keygen -t rsa -f $rootfs/etc/ssh/ssh_host_rsa_key
913N/Assh-keygen -t dsa -f $rootfs/etc/ssh/ssh_host_dsa_key
913N/A
883N/A    # by default setup root password with no password
883N/A    cat <<EOF > $rootfs/etc/ssh/sshd_config
883N/APort 22
883N/AProtocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords yes
ChallengeResponseAuthentication no
EOF
    return 0
}

copy_configuration()
{
    path=$1
    rootfs=$2
    name=$3

cat <<EOF >> $path/config
lxc.utsname = $name
lxc.pts = 1024
lxc.rootfs = $rootfs
lxc.mount.entry=/dev $rootfs/dev none ro,bind 0 0
lxc.mount.entry=/lib $rootfs/lib none ro,bind 0 0
lxc.mount.entry=/bin $rootfs/bin none ro,bind 0 0
lxc.mount.entry=/usr /$rootfs/usr none ro,bind 0 0
lxc.mount.entry=/sbin $rootfs/sbin none ro,bind 0 0
lxc.mount.entry=tmpfs $rootfs/var/run tmpfs defaults 0 0
lxc.mount.entry=@BINDIR@/lxc-sshd $rootfs/sbin/init none bind 0 0
EOF

if [ "$(uname -m)" = "x86_64" ]; then
    cat <<EOF >> $path/config
lxc.mount.entry=/lib64 $rootfs/lib64 none ro,bind 0 0
EOF
fi
}

usage()
{
    cat <<EOF
$1 -h|--help -p|--path=<path>
EOF
    return 0
}

options=$(getopt -o hp:n: -l help,path:,name: -- "$@")
if [ $? -ne 0 ]; then
        usage $(basename $0)
    exit 1
fi
eval set -- "$options"

while true
do
    case "$1" in
        -h|--help)      usage $0 && exit 0;;
        -p|--path)      path=$2; shift 2;;
    -n|--name)      name=$2; shift 2;;
        --)             shift 1; break ;;
        *)              break ;;
    esac
done

if [ "$(id -u)" != "0" ]; then
    echo "This script should be run as 'root'"
    exit 1
fi

if [ $0 == "/sbin/init" ]; then

    type @LIBEXECDIR@/lxc-init
    if [ $? -ne 0 ]; then
    echo "'lxc-init is not accessible on the system"
    exit 1
    fi

    type sshd
    if [ $? -ne 0 ]; then
    echo "'sshd' is not accessible on the system "
    exit 1
    fi

    exec @LIBEXECDIR@/lxc-init -- /usr/sbin/sshd
    exit 1
fi

if [ -z "$path" ]; then
    echo "'path' parameter is required"
    exit 1
fi

rootfs=$path/rootfs

install_sshd $rootfs
if [ $? -ne 0 ]; then
    echo "failed to install sshd's rootfs"
    exit 1
fi

configure_sshd $rootfs
if [ $? -ne 0 ]; then
    echo "failed to configure sshd template"
    exit 1
fi

copy_configuration $path $rootfs $name
if [ $? -ne 0 ]; then
    echo "failed to write configuration file"
    exit 1
fi