Skip to content

Commit 0ada74e

Browse files
zeripathsilverwindlafriks
authored
Only offer hostcertificates if they exist (#15849)
A common bug report is the otherwise harmless sshd logging: ``` Could not load host certificate "/data/ssh/ssh_host_ed25519_cert": No such file or directory ``` This PR simply checks if these files exist before creation of sshd_config and if they do not exist, doesn't add a reference to them. Fix #14110 amongst others. Signed-off-by: Andrew Thornton <[email protected]> Co-authored-by: silverwind <[email protected]> Co-authored-by: Lauris BH <[email protected]>
1 parent 52f8dcd commit 0ada74e

File tree

2 files changed

+24
-4
lines changed

2 files changed

+24
-4
lines changed

docker/root/etc/s6/openssh/setup

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,9 +24,29 @@ if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then
2424
ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null
2525
fi
2626

27+
if [ -e /data/ssh/ssh_host_ed25519_cert ]; then
28+
SSH_ED25519_CERT=${SSH_ED25519_CERT:-"/data/ssh/ssh_host_ed25519_cert"}
29+
fi
30+
31+
if [ -e /data/ssh/ssh_host_rsa_cert ]; then
32+
SSH_RSA_CERT=${SSH_RSA_CERT:-"/data/ssh/ssh_host_rsa_cert"}
33+
fi
34+
35+
if [ -e /data/ssh/ssh_host_ecdsa_cert ]; then
36+
SSH_ECDSA_CERT=${SSH_ECDSA_CERT:-"/data/ssh/ssh_host_ecdsa_cert"}
37+
fi
38+
39+
if [ -e /data/ssh/ssh_host_dsa_cert ]; then
40+
SSH_DSA_CERT=${SSH_DSA_CERT:-"/data/ssh/ssh_host_dsa_cert"}
41+
fi
42+
2743
if [ -d /etc/ssh ]; then
2844
SSH_PORT=${SSH_PORT:-"22"} \
2945
SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \
46+
SSH_ED25519_CERT="${SSH_ED25519_CERT:+"HostCertificate "}${SSH_ED25519_CERT}" \
47+
SSH_RSA_CERT="${SSH_RSA_CERT:+"HostCertificate "}${SSH_RSA_CERT}" \
48+
SSH_ECDSA_CERT="${SSH_ECDSA_CERT:+"HostCertificate "}${SSH_ECDSA_CERT}" \
49+
SSH_DSA_CERT="${SSH_DSA_CERT:+"HostCertificate "}${SSH_DSA_CERT}" \
3050
envsubst < /etc/templates/sshd_config > /etc/ssh/sshd_config
3151

3252
chmod 0644 /etc/ssh/sshd_config

docker/root/etc/templates/sshd_config

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,13 +8,13 @@ ListenAddress ::
88
LogLevel INFO
99

1010
HostKey /data/ssh/ssh_host_ed25519_key
11-
HostCertificate /data/ssh/ssh_host_ed25519_cert
11+
${SSH_ED25519_CERT}
1212
HostKey /data/ssh/ssh_host_rsa_key
13-
HostCertificate /data/ssh/ssh_host_rsa_cert
13+
${SSH_RSA_CERT}
1414
HostKey /data/ssh/ssh_host_ecdsa_key
15-
HostCertificate /data/ssh/ssh_host_ecdsa_cert
15+
${SSH_ECDSA_CERT}
1616
HostKey /data/ssh/ssh_host_dsa_key
17-
HostCertificate /data/ssh/ssh_host_dsa_cert
17+
${SSH_DSA_CERT}
1818

1919
AuthorizedKeysFile .ssh/authorized_keys
2020
AuthorizedPrincipalsFile .ssh/authorized_principals

0 commit comments

Comments
 (0)