2020-09-13 02:04:46 +03:00
#!/usr/bin/env bash
#-------------------------------------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
#-------------------------------------------------------------------------------------------------------------
2020-09-21 20:16:31 +03:00
#
# Docs: https://github.com/microsoft/vscode-dev-containers/blob/master/script-library/docs/sshd.md
#
2020-09-13 02:04:46 +03:00
# Syntax: ./sshd-debian.sh [SSH Port (don't use 22)] [non-root user] [start sshd now flag] [new password for user]
2020-09-21 20:16:31 +03:00
#
2020-09-13 02:04:46 +03:00
# Note: You can change your user's password with "sudo passwd $(whoami)" (or just "passwd" if running as root).
SSHD_PORT = ${ 1 :- "2222" }
2020-09-20 06:39:07 +03:00
USERNAME = ${ 2 :- "automatic" }
2020-09-13 02:04:46 +03:00
START_SSHD = ${ 3 :- "false" }
NEW_PASSWORD = ${ 4 :- "skip" }
set -e
if [ " $( id -u) " -ne 0 ] ; then
2020-09-18 20:40:56 +03:00
echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
2020-09-13 02:04:46 +03:00
exit 1
fi
2020-09-20 06:39:07 +03:00
# Determine the appropriate non-root user
if [ " ${ USERNAME } " = "auto" ] || [ " ${ USERNAME } " = "automatic" ] ; then
USERNAME = ""
POSSIBLE_USERS = ( "vscode" , "node" , "codespace" , " $( awk -v val = 1000 -F ":" '$3==val{print $1}' /etc/passwd) " )
for CURRENT_USER in ${ POSSIBLE_USERS [@] } ; do
if id -u ${ CURRENT_USER } > /dev/null 2>& 1; then
USERNAME = ${ CURRENT_USER }
break
fi
done
if [ " ${ USERNAME } " = "" ] ; then
USERNAME = root
fi
elif [ " ${ USERNAME } " = "none" ] || ! id -u ${ USERNAME } > /dev/null 2>& 1; then
2020-09-13 02:04:46 +03:00
USERNAME = root
fi
# Function to run apt-get if needed
apt-get-update-if-needed( )
{
if [ ! -d "/var/lib/apt/lists" ] || [ " $( ls /var/lib/apt/lists/ | wc -l) " = "0" ] ; then
echo "Running apt-get update..."
apt-get update
else
echo "Skipping apt-get update."
fi
}
# Ensure apt is in non-interactive to avoid prompts
export DEBIAN_FRONTEND = noninteractive
# Install openssh-server openssh-client
if ! dpkg -s openssh-server openssh-client > /dev/null 2>& 1; then
apt-get-update-if-needed
apt-get -y install --no-install-recommends openssh-server openssh-client
fi
# Generate password if new password set to the word "random"
if [ " ${ NEW_PASSWORD } " = "random" ] ; then
NEW_PASSWORD = " $( openssl rand -hex 16) "
EMIT_PASSWORD = "true"
fi
# If new password not set to skip, set it for the specified user
if [ " ${ NEW_PASSWORD } " != "skip" ] ; then
echo " ${ USERNAME } : ${ NEW_PASSWORD } " | chpasswd
if [ " ${ NEW_PASSWORD } " != "root" ] ; then
usermod -aG ssh ${ USERNAME }
fi
fi
# Setup sshd
mkdir -p /var/run/sshd
sed -i 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' /etc/pam.d/sshd
sed -i 's/#*PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
sed -i -E " s/#*\s*Port\s+.+/Port ${ SSHD_PORT } /g " /etc/ssh/sshd_config
# Write out a script that can be referenced as an ENTRYPOINT to auto-start sshd
tee /usr/local/share/ssh-init.sh > /dev/null \
<< EOF
#!/usr/bin/env bash
set -e
if [ "\$(id -u)" -ne 0 ] ; then
sudo /etc/init.d/ssh restart
else
/etc/init.d/ssh restart
fi
set +e
exec "\$@"
EOF
chmod +x /usr/local/share/ssh-init.sh
chown ${ USERNAME } :ssh /usr/local/share/ssh-init.sh
# If we should start sshd now, do so
if [ " ${ START_SSHD } " = "true" ] ; then
/usr/local/share/ssh-init.sh
fi
# Write out result
echo -e " Done!\n\n- Port: ${ SSHD_PORT } \n- User: ${ USERNAME } "
if [ " ${ EMIT_PASSWORD } " = "true" ] ; then
echo " - Password: ${ NEW_PASSWORD } "
fi
echo -e " \nForward port ${ SSHD_PORT } to your local machine and run:\n\n ssh -p ${ SSHD_PORT } -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${ USERNAME } @localhost\n "