Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

breaking(windows) switch OpenSSH installation to the Windows native one #248

Closed
wants to merge 1 commit into from
Closed

breaking(windows) switch OpenSSH installation to the Windows native one #248

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
38 changes: 12 additions & 26 deletions windows/nanoserver-ltsc2019/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,24 +61,17 @@ ENV ProgramFiles="C:\Program Files"
ENV WindowsPATH="C:\Windows\system32;C:\Windows"
ENV PATH="${WindowsPATH};${ProgramFiles}\PowerShell;${JAVA_HOME}\bin;C:\mingit\cmd"

ARG OPENSSH_VERSION=V8.6.0.0p1-Beta

ARG user=jenkins
ARG JENKINS_AGENT_WORK="C:/Users/${user}/Work"
ENV JENKINS_AGENT_USER ${user}
ENV JENKINS_AGENT_WORK ${JENKINS_AGENT_WORK}
COPY CreateProfile.psm1 C:/
# create user and user directory
RUN Import-Module -Force C:/CreateProfile.psm1 ; `
New-UserWithProfile -UserName $env:JENKINS_AGENT_USER -Description 'Jenkins Agent User' ; `
Remove-Item -Force C:/CreateProfile.psm1

# setup SSH server
RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; `
$url = 'https://github.com/PowerShell/Win32-OpenSSH/releases/download/{0}/OpenSSH-Win64.zip' -f $env:OPENSSH_VERSION ; `
Write-Host "Retrieving $url..." ; `
Invoke-WebRequest -Uri $url -OutFile C:/openssh.zip -UseBasicParsing ; `
Expand-Archive c:/openssh.zip 'C:/Program Files' ; `
Remove-Item C:/openssh.zip ; `
$env:PATH = '{0};{1}' -f $env:PATH,'C:\Program Files\OpenSSH-Win64' ; `
& 'C:/Program Files/OpenSSH-Win64/Install-SSHd.ps1' ; `
if(!(Test-Path 'C:\ProgramData\ssh')) { New-Item -Type Directory -Path 'C:\ProgramData\ssh' | Out-Null } ; `
Copy-Item 'C:\Program Files\OpenSSH-Win64\sshd_config_default' 'C:\ProgramData\ssh\sshd_config' ; `
# setup SSH server - https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=powershell
RUN Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 ; `
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0; `
$content = Get-Content -Path "C:\ProgramData\ssh\sshd_config" ; `
$content | ForEach-Object { $_ -replace '#PermitRootLogin.*','PermitRootLogin no' `
-replace '#PasswordAuthentication.*','PasswordAuthentication no' `
Expand All @@ -93,18 +86,11 @@ RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tl
Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value 'ChallengeResponseAuthentication no' ; `
Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value 'HostKeyAgent \\.\pipe\openssh-ssh-agent' ; `
Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value ('Match User {0}' -f $env:JENKINS_AGENT_USER) ; `
Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value (' AuthorizedKeysFile C:/Users/{0}/.ssh/authorized_keys' -f $env:JENKINS_AGENT_USER) ; `
New-Item -Path HKLM:\SOFTWARE -Name OpenSSH -Force | Out-Null ; `
New-ItemProperty -Path HKLM:\SOFTWARE\OpenSSH -Name DefaultShell -Value 'C:\Program Files\Powershell\pwsh.exe' -PropertyType string -Force | Out-Null
Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value (' AuthorizedKeysFile C:/Users/{0}/.ssh/authorized_keys' -f $env:JENKINS_AGENT_USER) ;

COPY CreateProfile.psm1 C:/

# create user and user directory
RUN Import-Module -Force C:/CreateProfile.psm1 ; `
New-UserWithProfile -UserName $env:JENKINS_AGENT_USER -Description 'Jenkins Agent User' ; `
Remove-Item -Force C:/CreateProfile.psm1

VOLUME "${JENKINS_AGENT_WORK}" "C:/Users/${user}/AppData/Local/Temp"
ARG JENKINS_AGENT_WORK="C:/Users/${JENKINS_AGENT_USER}/Work"
ENV JENKINS_AGENT_WORK ${JENKINS_AGENT_WORK}
VOLUME "${JENKINS_AGENT_WORK}" "C:/Users/${JENKINS_AGENT_USER}/AppData/Local/Temp"
WORKDIR "${JENKINS_AGENT_WORK}"

COPY setup-sshd.ps1 C:/ProgramData/Jenkins/setup-sshd.ps1
Expand Down
64 changes: 27 additions & 37 deletions windows/windowsservercore-ltsc2019/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,6 @@ FROM eclipse-temurin:"${JAVA_VERSION}"-jdk-windowsservercore-1809

SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]

ARG OPENSSH_VERSION=V8.6.0.0p1-Beta

ARG user=jenkins
ARG JENKINS_AGENT_WORK="C:/Users/${user}/Work"
ENV JENKINS_AGENT_USER ${user}
ENV JENKINS_AGENT_WORK ${JENKINS_AGENT_WORK}

USER ContainerAdministrator

# install git
Expand All @@ -58,43 +51,40 @@ RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tl
$NewPath = $CurrentPath + ';C:\mingit\cmd' ; `
Set-ItemProperty -path 'hklm:\system\currentcontrolset\control\session manager\environment' -Name Path -Value $NewPath

# setup SSH server
RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; `
$url = 'https://github.com/PowerShell/Win32-OpenSSH/releases/download/{0}/OpenSSH-Win64.zip' -f $env:OPENSSH_VERSION ; `
Write-Host "Retrieving $url..." ; `
Invoke-WebRequest -Uri $url -OutFile C:/openssh.zip -UseBasicParsing ; `
Expand-Archive c:/openssh.zip 'C:/Program Files' ; `
Remove-Item C:/openssh.zip ; `
$env:PATH = '{0};{1}' -f $env:PATH,'C:\Program Files\OpenSSH-Win64' ; `
& 'C:/Program Files/OpenSSH-Win64/Install-SSHd.ps1' ; `
if(!(Test-Path 'C:\ProgramData\ssh')) { New-Item -Type Directory -Path 'C:\ProgramData\ssh' | Out-Null } ; `
Copy-Item 'C:\Program Files\OpenSSH-Win64\sshd_config_default' 'C:\ProgramData\ssh\sshd_config' ; `
$content = Get-Content -Path "C:\ProgramData\ssh\sshd_config" ; `
$content | ForEach-Object { $_ -replace '#PermitRootLogin.*','PermitRootLogin no' `
-replace '#PasswordAuthentication.*','PasswordAuthentication no' `
-replace '#PermitEmptyPasswords.*','PermitEmptyPasswords no' `
-replace '#PubkeyAuthentication.*','PubkeyAuthentication yes' `
-replace '#SyslogFacility.*','SyslogFacility LOCAL0' `
-replace '#LogLevel.*','LogLevel INFO' `
-replace 'Match Group administrators','' `
-replace '(\s*)AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys','' `
} | `
Set-Content -Path "C:\ProgramData\ssh\sshd_config" ; `
Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value 'ChallengeResponseAuthentication no' ; `
Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value 'HostKeyAgent \\.\pipe\openssh-ssh-agent' ; `
Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value ('Match User {0}' -f $env:JENKINS_AGENT_USER) ; `
Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value (' AuthorizedKeysFile C:/Users/{0}/.ssh/authorized_keys' -f $env:JENKINS_AGENT_USER) ; `
New-Item -Path HKLM:\SOFTWARE -Name OpenSSH -Force | Out-Null ; `
New-ItemProperty -Path HKLM:\SOFTWARE\OpenSSH -Name DefaultShell -Value 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -PropertyType string -Force | Out-Null
ENV ProgramFiles="C:\Program Files"
ENV WindowsPATH="C:\Windows\system32;C:\Windows"
ENV PATH="${WindowsPATH};${ProgramFiles}\PowerShell;${JAVA_HOME}\bin;C:\mingit\cmd"

ARG user=jenkins
ENV JENKINS_AGENT_USER ${user}
COPY CreateProfile.psm1 C:/

# create user and user directory
RUN Import-Module -Force C:/CreateProfile.psm1 ; `
New-UserWithProfile -UserName $env:JENKINS_AGENT_USER -Description 'Jenkins Agent User' ; `
Remove-Item -Force C:/CreateProfile.psm1

VOLUME "${JENKINS_AGENT_WORK}" "C:/Users/${user}/AppData/Local/Temp"
# setup SSH server - https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=powershell
RUN Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 ; `
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0; `
$content = Get-Content -Path "C:\ProgramData\ssh\sshd_config" ; `
$content | ForEach-Object { $_ -replace '#PermitRootLogin.*','PermitRootLogin no' `
-replace '#PasswordAuthentication.*','PasswordAuthentication no' `
-replace '#PermitEmptyPasswords.*','PermitEmptyPasswords no' `
-replace '#PubkeyAuthentication.*','PubkeyAuthentication yes' `
-replace '#SyslogFacility.*','SyslogFacility LOCAL0' `
-replace '#LogLevel.*','LogLevel INFO' `
-replace 'Match Group administrators','' `
-replace '(\s*)AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys','' `
} | `
Set-Content -Path "C:\ProgramData\ssh\sshd_config" ; `
Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value 'ChallengeResponseAuthentication no' ; `
Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value 'HostKeyAgent \\.\pipe\openssh-ssh-agent' ; `
Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value ('Match User {0}' -f $env:JENKINS_AGENT_USER) ; `
Add-Content -Path "C:\ProgramData\ssh\sshd_config" -Value (' AuthorizedKeysFile C:/Users/{0}/.ssh/authorized_keys' -f $env:JENKINS_AGENT_USER) ;

ARG JENKINS_AGENT_WORK="C:/Users/${JENKINS_AGENT_USER}/Work"
ENV JENKINS_AGENT_WORK ${JENKINS_AGENT_WORK}
VOLUME "${JENKINS_AGENT_WORK}" "C:/Users/${JENKINS_AGENT_USER}/AppData/Local/Temp"
WORKDIR "${JENKINS_AGENT_WORK}"

COPY setup-sshd.ps1 C:/ProgramData/Jenkins/setup-sshd.ps1
Expand Down