-
-
Save ramcq/a6440f19ee8e1b8d56be3542193f8a23 to your computer and use it in GitHub Desktop.
sshd+tmux+weechat in docker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
LOCALE=en_GB.UTF-8 | |
SSH_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA151ak/oQeooHn7TGqzELD+X84eoakFznQEFdz5YlqP8n2PC7KxK07oQ5N9ZDOE3nxqKSLvdG5UkzKSGVBDh7E6TnulHDK4Qu8+M2J/+IqHx1WQrMVrM47avHjpfTQuL8ON44pOPn2weQsvZPPK7DEM4FUlmjIWdvBwN3axNZhY0= robot101@theta" | |
TZ=Europe/London |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3' | |
volumes: | |
ssh: | |
weechat: | |
services: | |
weechat: | |
build: . | |
container_name: weechat | |
hostname: weechat | |
restart: on-failure | |
environment: | |
- LOCALE=${LOCALE} | |
- SSH_KEY=${SSH_KEY} | |
- TZ=${TZ} | |
cap_add: | |
- AUDIT_WRITE | |
ports: | |
- '2222:22' | |
- '60000-60010:60000-60010/udp' | |
volumes: | |
- 'ssh:/etc/ssh' | |
- 'weechat:/home/weechat/.weechat' | |
networks: | |
nginx-proxy: | |
networks: | |
nginx-proxy: | |
external: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM debian:bookworm | |
RUN set -ex; \ | |
export DEBIAN_FRONTEND=noninteractive; \ | |
apt-get update; \ | |
apt-get upgrade -y; \ | |
touch /etc/locale.gen; \ | |
apt-get install --no-install-recommends -y \ | |
locales \ | |
mosh \ | |
openssh-server \ | |
tmux \ | |
weechat-curses \ | |
weechat-matrix \ | |
weechat-plugins \ | |
weechat-python \ | |
weechat-scripts; \ | |
\ | |
apt-get clean; \ | |
rm -rf /var/lib/apt/lists | |
ADD run.sh /run.sh | |
RUN set -ex; \ | |
\ | |
rm -f /etc/ssh/ssh_host*; \ | |
mv /etc/ssh /etc/ssh~; \ | |
\ | |
adduser \ | |
--disabled-password \ | |
--gecos "WeeChat User" \ | |
weechat; \ | |
\ | |
chmod +x /run.sh | |
VOLUME ["/etc/ssh", "/home/weechat/.weechat"] | |
EXPOSE 22 60000-60010/udp | |
CMD ["/run.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# loosely inspired by https://github.com/krlmlr/debian-ssh/ | |
set -e | |
if [ -z "${SSH_KEY}" ]; then | |
echo "=> Please pass your public key in the SSH_KEY environment variable" | |
exit 1 | |
fi | |
if [ -n "${LOCALE}" ]; then | |
CHARSET="${LOCALE#*.}" | |
echo "${LOCALE} ${CHARSET}" >/etc/locale.gen | |
locale-gen | |
fi | |
WEEHOME=/home/weechat | |
mkdir -p ${WEEHOME}/.ssh | |
chmod 700 ${WEEHOME}/.ssh | |
echo "${SSH_KEY}" > ${WEEHOME}/.ssh/authorized_keys | |
chmod 600 ${WEEHOME}/.ssh/authorized_keys | |
chown weechat:weechat ${WEEHOME}/.ssh ${WEEHOME}/.ssh/authorized_keys ${WEEHOME}/.weechat | |
su -c "tmux new -d -s weechat weechat" weechat | |
cp -a /etc/ssh~/* /etc/ssh | |
DEBIAN_FRONTEND=noninteractive dpkg-reconfigure openssh-server | |
mkdir -p /run/sshd | |
exec /usr/sbin/sshd -De |
weechat | debug1: Server will not fork when running in debugging mode.
Looks rather suspicious, have you tried running sshd without -d
?
@andrunko OMG thank you. 🤦 🤦 🤦
-d Debug mode. The server sends verbose debug output to standard error, and does
not put itself in the background. The server also will not fork and will only process
one connection. This option is only intended for debugging for the server.
Multiple -d options increase the debugging level. Maximum is 3.
I saw -d in https://bugzilla.redhat.com/show_bug.cgi?id=1923728 when figuring out the need for CAP_AUDIT, and thought "sure debugging why not"... haha.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
So, this doesn't quite work properly and I'd love any suggestions as to why...! The sshd dies during shutdown of the process.
Up and running:
Log in OK:
Looks good:
Log out, and blam:
And then the container exits. Event 12 looks like https://github.com/openssh/openssh-portable/blob/master/audit.h#L45
SSH_CONNECTION_ABANDON
which is only called in one place,cleanup_exit
https://github.com/openssh/openssh-portable/blob/21dd5a9a3fb35e8299a1fbcf8d506f1f6b752b85/sshd.c#L2450, and I can tell from strace that the child is exiting with status 255 suggesting this is what is happening. I just can't figure out why.syslogin_perform_logout: logout() returned an error
?