lxc-sshd.in revision eee3ba81c88e64b8a732694fc4843a39d5bde491
#
# lxc: linux Container library
# Authors:
# Daniel Lezcano <daniel.lezcano@free.fr>
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
{
rootfs=$1
tree="\
$rootfs/proc \
$rootfs/bin \
$rootfs/sbin \
$rootfs/usr \
$rootfs/tmp \
$rootfs/home \
$rootfs/root \
$rootfs/lib \
$rootfs/lib64"
if [ $? -ne 0 ]; then
return 1
fi
return 0
}
{
rootfs=$1
cat <<EOF > $rootfs/etc/passwd
root:x:0:0:root:/root:/bin/bash
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
EOF
cat <<EOF > $rootfs/etc/group
root:x:0:root
sshd:x:74:
EOF
# by default setup root password with no password
cat <<EOF > $rootfs/etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords yes
ChallengeResponseAuthentication no
EOF
u_path="/root/.ssh"
cp $auth_key "$root_u_path/authorized_keys"
fi
return 0
}
{
path=$1
rootfs=$2
name=$3
cat <<EOF >> $path/config
lxc.utsname = $name
lxc.pts = 1024
lxc.cap.drop = sys_module mac_admin mac_override sys_time
# When using LXC with apparmor, uncomment the next line to run unconfined:
#lxc.aa_profile = unconfined
lxc.mount.entry = /dev dev none ro,bind 0 0
lxc.mount.entry = /lib lib none ro,bind 0 0
lxc.mount.entry = /bin bin none ro,bind 0 0
lxc.mount.entry = /usr usr none ro,bind 0 0
lxc.mount.entry = /sbin sbin none ro,bind 0 0
lxc.mount.entry = tmpfs var/run/sshd tmpfs mode=0644 0 0
lxc.mount.entry = @LXCTEMPLATEDIR@/lxc-sshd sbin/init none bind 0 0
lxc.mount.entry = proc $rootfs/proc proc nodev,noexec,nosuid 0 0
EOF
# if no .ipv4 section in config, then have the container run dhcp
cat <<EOF >> $path/config
lxc.mount.entry = /lib64 lib64 none ro,bind 0 0
EOF
fi
}
usage()
{
cat <<EOF
$1 -h|--help -p|--path=<path>
EOF
return 0
}
if [ $? -ne 0 ]; then
exit 1
fi
eval set -- "$options"
while true
do
case "$1" in
--) shift 1; break ;;
*) break ;;
esac
done
echo "This script should be run as 'root'"
exit 1
fi
if [ $? -ne 0 ]; then
echo "'lxc-init is not accessible on the system"
exit 1
fi
type sshd
if [ $? -ne 0 ]; then
echo "'sshd' is not accessible on the system "
exit 1
fi
# run dhcp?
type dhclient
if [ $? -ne 0 ]; then
echo "can't find dhclient"
exit 1
fi
rm -f /dhclient.conf
cat > /dhclient.conf << EOF
send host-name "<hostname>";
EOF
fi
exit 1
fi
if [ -z "$path" ]; then
echo "'path' parameter is required"
exit 1
fi
# detect rootfs
else
fi
if [ $? -ne 0 ]; then
echo "failed to install sshd's rootfs"
exit 1
fi
if [ $? -ne 0 ]; then
echo "failed to configure sshd template"
exit 1
fi
if [ $? -ne 0 ]; then
echo "failed to write configuration file"
exit 1
fi