Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Persistent SSH host keys #4

Open
leopignataro opened this issue Feb 7, 2020 · 2 comments
Open

Persistent SSH host keys #4

leopignataro opened this issue Feb 7, 2020 · 2 comments

Comments

@leopignataro
Copy link

leopignataro commented Feb 7, 2020
edited

Hey, there!

First of all, congratulations on the excellent work. This image fits my needs almost perfectly!

I said almost because there is one issue: the SSH host keys are regenerated every time the container is recreated. This is a problem on my stack because then I have to manually add the new public key to the client servers's known_hosts file (which ultimately results in downtime for my users).

To solve this, I created an image from your image with a slight variation: it checks a certain directory for existing SSH host keys and, if present, use those keys instead of generating new keys. It also copies the keys it generates on the first run over to this directory. This allows me to add a volume on the docker-compose file and map it to this directory, so that the SSH host keys are generated on the first run and then backed up to persistent storage. When the container is recreated, the previous keys are used instead of generating new keys, thus achieving "persistent SSH host keys".

Would you consider adding this to your image? If so, and if you are interested in how I implemented it, here follows.

I basically changed this part of the original docker-entrypoint.sh:

# Generate host SSH keys
if [ ! -e /etc/ssh/ssh_host_rsa_key.pub ]; then
  ssh-keygen -A
fi

To this:

if [ -e /ssh_host_keys/ssh_host_rsa_key.pub ]; then
  # Copy persistent host keys
  echo "Using existing SSH host keys"
  cp /ssh_host_keys/* /etc/ssh/
elif [ ! -e /etc/ssh/ssh_host_rsa_key.pub ]; then
  # Generate host SSH keys
  echo "Generating SSH host keys"
  ssh-keygen -A
  if [ -d /ssh_host_keys ]; then
    # Store generated keys on persistent volume
    echo "Persisting SSH host keys"
    cp -u /etc/ssh/ssh_host_* /ssh_host_keys/
  fi
fi

My docker-compose.yml file looks like this:

...
volumes:
  transfer:
  rsync_ssh_host_keys:
...
services:
  rsync_server:
    image: custom-rsync:latest
    volumes:
      - transfer:/data
      - rsync_ssh_host_keys:/ssh_host_keys
    environment:
      SSH_AUTH_KEY_1: "ssh-rsa ..."
    ports:
      - "2222:22"
    command: server

I am by no means a bash script expert, so feel free to point out any shortcomings :)
@leopignataro
Copy link
Author

marking authors @avoinea and @valentinab25

@tatycs
Copy link

tatycs commented Feb 7, 2020

Really nice @leopignataro ! This is exactly what I was looking for. Thanks!

qhrizz pushed a commit to qhrizz/docker.rsync that referenced this issue Jun 8, 2021
Added proposed changes from Issue eea#4 - Persistent SSH Keys
69a7d15
@MorganLindqvist MorganLindqvist mentioned this issue May 24, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@leopignataro @tatycs