mirror of
git://git.yoctoproject.org/meta-virtualization.git
synced 2025-07-19 12:50:22 +02:00
c59f888d61
Add command line parameter to create Busybox containers with OpenSSH support. As a prerequisite, OpenSSH needs to be installed on the host system. Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
247 lines
6.6 KiB
Diff
247 lines
6.6 KiB
Diff
From ed52814c776963efdcc9dcda1ec26fc09930ef93 Mon Sep 17 00:00:00 2001
|
|
From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
|
|
Date: Wed, 22 Apr 2015 14:53:32 +0000
|
|
Subject: [PATCH] lxc-busybox: add OpenSSH support
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Add an additional template parameter for SSH support in the container. Currently
|
|
this can be implemented using the Dropbear or OpenSSH utility. The respective
|
|
tool needs to be available on the host Linux.
|
|
|
|
If the parameter is omitted, the template will look for the Dropbear utility on
|
|
the host and install it if it is available (legacy behavior).
|
|
|
|
Adding OpenSSH support has been done following the model in the lxc-sshd
|
|
template.
|
|
|
|
Upstream-status: Accepted
|
|
[https://github.com/lxc/lxc/commit/ed52814c776963efdcc9dcda1ec26fc09930ef93]
|
|
|
|
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
|
|
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
|
|
---
|
|
templates/lxc-busybox.in | 169 ++++++++++++++++++++++++++++++++++++++---------
|
|
1 file changed, 139 insertions(+), 30 deletions(-)
|
|
|
|
diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
|
|
index 7e05bd6..95961a3 100644
|
|
--- a/templates/lxc-busybox.in
|
|
+++ b/templates/lxc-busybox.in
|
|
@@ -22,6 +22,7 @@
|
|
|
|
LXC_MAPPED_UID=
|
|
LXC_MAPPED_GID=
|
|
+SSH=
|
|
|
|
# Make sure the usual locations are in PATH
|
|
export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
|
|
@@ -160,6 +161,116 @@ EOF
|
|
return $res
|
|
}
|
|
|
|
+install_dropbear()
|
|
+{
|
|
+ # copy dropbear binary
|
|
+ cp $(which dropbear) $rootfs/usr/sbin
|
|
+ if [ $? -ne 0 ]; then
|
|
+ echo "Failed to copy dropbear in the rootfs"
|
|
+ return 1
|
|
+ fi
|
|
+
|
|
+ # make symlinks to various ssh utilities
|
|
+ utils="\
|
|
+ $rootfs/usr/bin/dbclient \
|
|
+ $rootfs/usr/bin/scp \
|
|
+ $rootfs/usr/bin/ssh \
|
|
+ $rootfs/usr/sbin/dropbearkey \
|
|
+ $rootfs/usr/sbin/dropbearconvert \
|
|
+ "
|
|
+ echo $utils | xargs -n1 ln -s /usr/sbin/dropbear
|
|
+
|
|
+ # add necessary config files
|
|
+ mkdir $rootfs/etc/dropbear
|
|
+ dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key > /dev/null 2>&1
|
|
+ dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key > /dev/null 2>&1
|
|
+
|
|
+ echo "'dropbear' ssh utility installed"
|
|
+
|
|
+ return 0
|
|
+}
|
|
+
|
|
+install_openssh()
|
|
+{
|
|
+ # tools to be installed
|
|
+ server_utils="sshd"
|
|
+ client_utils="\
|
|
+ ssh \
|
|
+ scp \
|
|
+ sftp \
|
|
+ ssh-add \
|
|
+ ssh-agent \
|
|
+ ssh-keygen \
|
|
+ ssh-keyscan \
|
|
+ ssh-argv0 \
|
|
+ ssh-copy-id \
|
|
+ "
|
|
+
|
|
+ # new folders used by ssh
|
|
+ ssh_tree="\
|
|
+$rootfs/etc/ssh \
|
|
+$rootfs/var/empty/sshd \
|
|
+$rootfs/var/lib/empty/sshd \
|
|
+$rootfs/var/run/sshd \
|
|
+"
|
|
+
|
|
+ # create folder structure
|
|
+ mkdir -p $ssh_tree
|
|
+ if [ $? -ne 0 ]; then
|
|
+ return 1
|
|
+ fi
|
|
+
|
|
+ # copy binaries
|
|
+ for bin in $server_utils $client_utils; do
|
|
+ tool_path=`which $bin`
|
|
+ cp $tool_path $rootfs/$tool_path
|
|
+ if [ $? -ne 0 ]; then
|
|
+ echo "Unable to copy $tool_path in the rootfs"
|
|
+ return 1
|
|
+ fi
|
|
+ done
|
|
+
|
|
+ # add user and group
|
|
+ cat <<EOF >> $rootfs/etc/passwd
|
|
+sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
|
|
+EOF
|
|
+
|
|
+ cat <<EOF >> $rootfs/etc/group
|
|
+sshd:x:74:
|
|
+EOF
|
|
+
|
|
+ # generate container keys
|
|
+ ssh-keygen -t rsa -N "" -f $rootfs/etc/ssh/ssh_host_rsa_key >/dev/null 2>&1
|
|
+ ssh-keygen -t dsa -N "" -f $rootfs/etc/ssh/ssh_host_dsa_key >/dev/null 2>&1
|
|
+
|
|
+ # by default setup root password with no password
|
|
+ cat <<EOF > $rootfs/etc/ssh/sshd_config
|
|
+Port 22
|
|
+Protocol 2
|
|
+HostKey /etc/ssh/ssh_host_rsa_key
|
|
+HostKey /etc/ssh/ssh_host_dsa_key
|
|
+UsePrivilegeSeparation yes
|
|
+KeyRegenerationInterval 3600
|
|
+ServerKeyBits 768
|
|
+SyslogFacility AUTH
|
|
+LogLevel INFO
|
|
+LoginGraceTime 120
|
|
+PermitRootLogin yes
|
|
+StrictModes yes
|
|
+RSAAuthentication yes
|
|
+PubkeyAuthentication yes
|
|
+IgnoreRhosts yes
|
|
+RhostsRSAAuthentication no
|
|
+HostbasedAuthentication no
|
|
+PermitEmptyPasswords yes
|
|
+ChallengeResponseAuthentication no
|
|
+EOF
|
|
+
|
|
+ echo "'OpenSSH' utility installed"
|
|
+
|
|
+ return 0
|
|
+}
|
|
+
|
|
configure_busybox()
|
|
{
|
|
rootfs=$1
|
|
@@ -230,34 +341,6 @@ EOF
|
|
lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE
|
|
rm $CHPASSWD_FILE
|
|
|
|
- # add ssh functionality if dropbear package available on host
|
|
- which dropbear >/dev/null 2>&1
|
|
- if [ $? -eq 0 ]; then
|
|
- # copy dropbear binary
|
|
- cp $(which dropbear) $rootfs/usr/sbin
|
|
- if [ $? -ne 0 ]; then
|
|
- echo "Failed to copy dropbear in the rootfs"
|
|
- return 1
|
|
- fi
|
|
-
|
|
- # make symlinks to various ssh utilities
|
|
- utils="\
|
|
- $rootfs/usr/bin/dbclient \
|
|
- $rootfs/usr/bin/scp \
|
|
- $rootfs/usr/bin/ssh \
|
|
- $rootfs/usr/sbin/dropbearkey \
|
|
- $rootfs/usr/sbin/dropbearconvert \
|
|
- "
|
|
- echo $utils | xargs -n1 ln -s /usr/sbin/dropbear
|
|
-
|
|
- # add necessary config files
|
|
- mkdir $rootfs/etc/dropbear
|
|
- dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key > /dev/null 2>&1
|
|
- dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key > /dev/null 2>&1
|
|
-
|
|
- echo "'dropbear' ssh utility installed"
|
|
- fi
|
|
-
|
|
return 0
|
|
}
|
|
|
|
@@ -315,12 +398,12 @@ remap_userns()
|
|
usage()
|
|
{
|
|
cat <<EOF
|
|
-$1 -h|--help -p|--path=<path>
|
|
+$1 -h|--help -p|--path=<path> -s|--ssh={dropbear,openssh}
|
|
EOF
|
|
return 0
|
|
}
|
|
|
|
-options=$(getopt -o hp:n: -l help,rootfs:,path:,name:,mapped-uid:,mapped-gid: -- "$@")
|
|
+options=$(getopt -o hp:n:s: -l help,rootfs:,path:,name:,mapped-uid:,mapped-gid:,ssh: -- "$@")
|
|
if [ $? -ne 0 ]; then
|
|
usage $(basename $0)
|
|
exit 1
|
|
@@ -336,6 +419,7 @@ do
|
|
-n|--name) name=$2; shift 2;;
|
|
--mapped-uid) LXC_MAPPED_UID=$2; shift 2;;
|
|
--mapped-gid) LXC_MAPPED_GID=$2; shift 2;;
|
|
+ -s|--ssh) SSH=$2; shift 2;;
|
|
--) shift 1; break ;;
|
|
*) break ;;
|
|
esac
|
|
@@ -384,3 +468,28 @@ if [ $? -ne 0 ]; then
|
|
echo "failed to remap files to user"
|
|
exit 1
|
|
fi
|
|
+
|
|
+if [ -n "$SSH" ]; then
|
|
+ case "$SSH" in
|
|
+ "dropbear")
|
|
+ install_dropbear
|
|
+ if [ $? -ne 0 ]; then
|
|
+ echo "Unable to install 'dropbear' ssh utility"
|
|
+ exit 1
|
|
+ fi ;;
|
|
+ "openssh")
|
|
+ install_openssh
|
|
+ if [ $? -ne 0 ]; then
|
|
+ echo "Unable to install 'OpenSSH' utility"
|
|
+ exit 1
|
|
+ fi ;;
|
|
+ *)
|
|
+ echo "$SSH: unrecognized ssh utility"
|
|
+ exit 1
|
|
+ esac
|
|
+else
|
|
+ which dropbear >/dev/null 2>&1
|
|
+ if [ $? -eq 0 ]; then
|
|
+ install_dropbear
|
|
+ fi
|
|
+fi
|
|
--
|
|
2.1.4
|
|
|