diff --git a/ssh/CHANGELOG.md b/ssh/CHANGELOG.md index a28e67d..1bedfab 100644 --- a/ssh/CHANGELOG.md +++ b/ssh/CHANGELOG.md @@ -2,6 +2,12 @@ ## 8.10.0 +- Upgrade Alpine Linux to 3.13 +- Update Home Assistant CLI to 4.10.0 +- Use new HA banner on login + +## 8.10.0 + - Update Home Assistant CLI to 4.9.0 ## 8.9.1 @@ -86,11 +92,3 @@ - Persist .ssh folder across restarts - Add helper symlink folders to user home folder -## 7.1.0 - -- Update Hass.io CLI to 3.1.1 - -## 7.0.0 - -- Added bash_profile as a persistent file - diff --git a/ssh/Dockerfile b/ssh/Dockerfile index 6d9a30e..3b5776e 100644 --- a/ssh/Dockerfile +++ b/ssh/Dockerfile @@ -5,15 +5,7 @@ FROM $BUILD_FROM ARG LIBWEBSOCKETS_VERSION ARG TTYD_VERSION RUN \ - apk add --no-cache --virtual .build-dependencies \ - bsd-compat-headers \ - build-base \ - cmake \ - json-c-dev \ - libuv-dev \ - openssl-dev \ - zlib-dev \ - \ + set -x \ && apk add --no-cache \ bash-completion \ pulseaudio-utils \ @@ -28,9 +20,19 @@ RUN \ tmux \ vim \ \ + && apk add --no-cache --virtual .build-dependencies \ + bsd-compat-headers \ + build-base \ + linux-headers \ + cmake \ + json-c-dev \ + libuv-dev \ + openssl-dev \ + zlib-dev \ + \ && sed -i "s/ash/bash/" /etc/passwd \ \ - && git clone --branch "${LIBWEBSOCKETS_VERSION}" --depth=1 \ + && git clone --branch "v${LIBWEBSOCKETS_VERSION}" --depth=1 \ https://github.com/warmcat/libwebsockets.git /tmp/libwebsockets \ \ && mkdir -p /tmp/libwebsockets/build \ diff --git a/ssh/build.json b/ssh/build.json index 08d2e72..743311b 100644 --- a/ssh/build.json +++ b/ssh/build.json @@ -1,14 +1,14 @@ { "build_from": { - "aarch64": "homeassistant/aarch64-base:3.12", - "amd64": "homeassistant/amd64-base:3.12", - "armhf": "homeassistant/armhf-base:3.12", - "armv7": "homeassistant/armv7-base:3.12", - "i386": "homeassistant/i386-base:3.12" + "aarch64": "homeassistant/aarch64-base:3.13", + "amd64": "homeassistant/amd64-base:3.13", + "armhf": "homeassistant/armhf-base:3.13", + "armv7": "homeassistant/armv7-base:3.13", + "i386": "homeassistant/i386-base:3.13" }, "args": { - "CLI_VERSION": "4.9.0", - "LIBWEBSOCKETS_VERSION": "v3.2.2", - "TTYD_VERSION": "1.6.0" + "CLI_VERSION": "4.10.0", + "LIBWEBSOCKETS_VERSION": "4.1.4", + "TTYD_VERSION": "1.6.3" } } diff --git a/ssh/config.json b/ssh/config.json index 7a19e87..8efbf0b 100644 --- a/ssh/config.json +++ b/ssh/config.json @@ -1,6 +1,6 @@ { "name": "Terminal & SSH", - "version": "8.10.0", + "version": "9.0.0", "slug": "ssh", "description": "Allow logging in remotely to Home Assistant using SSH", "url": "https://github.com/home-assistant/hassio-addons/tree/master/ssh", diff --git a/ssh/rootfs/etc/cont-init.d/keygen.sh b/ssh/rootfs/etc/cont-init.d/keygen.sh index b747f7f..c913a51 100644 --- a/ssh/rootfs/etc/cont-init.d/keygen.sh +++ b/ssh/rootfs/etc/cont-init.d/keygen.sh @@ -2,7 +2,7 @@ # ============================================================================== # SSH Host keys # ============================================================================== -KEYS_PATH=/data/host_keys +readonly KEYS_PATH=/data/host_keys if ! bashio::fs.directory_exists "${KEYS_PATH}"; then bashio::log.info "Generating host keys..." diff --git a/ssh/rootfs/etc/cont-init.d/profile.sh b/ssh/rootfs/etc/cont-init.d/profile.sh index be3b892..aa816f1 100644 --- a/ssh/rootfs/etc/cont-init.d/profile.sh +++ b/ssh/rootfs/etc/cont-init.d/profile.sh @@ -2,25 +2,28 @@ # ============================================================================== # Setup persistent user settings # ============================================================================== -DIRECTORIES=(addons backup config share ssl) +readonly DIRECTORIES=(addons backup config share ssl) # Persist shell history by redirecting .bash_history to /data -touch /data/.bash_history -chmod 600 /data/.bash_history -ln -s -f /data/.bash_history /root/.bash_history - -# Make Home Assistant TOKEN available on the CLI -echo "export SUPERVISOR_TOKEN=${SUPERVISOR_TOKEN}" >> /etc/profile.d/homeassistant.sh - -# Remove old HASSIO_TOKEN from bash profile (if exists) -if bashio::fs.file_exists /data/.bash_profile; then - sed -i "/export HASSIO_TOKEN=.*/d" /data/.bash_profile +if ! bashio::fs.file_exists /data/.bash_profile; then + touch /data/.bash_history + chmod 600 /data/.bash_history fi -# Persist .bash_profile by redirecting .bash_profile to /data -touch /data/.bash_profile -chmod 600 /data/.bash_profile -ln -s -f /data/.bash_profile /root/.bash_profile +# Make Home Assistant TOKEN available on the CLI +mkdir -p /etc/profile.d +bashio::var.json \ + supervisor_token "${SUPERVISOR_TOKEN}" \ + | tempio \ + -template /usr/share/tempio/homeassistant.profile \ + -out /etc/profile.d/homeassistant.sh + + +# Persist shell profile by redirecting .bash_profile to /data +if ! bashio::fs.file_exists /data/.bash_profile; then + touch /data/.bash_profile + chmod 600 /data/.bash_profile +fi # Links some common directories to the user's home folder for convenience for dir in "${DIRECTORIES[@]}"; do @@ -37,4 +40,3 @@ if ! bashio::fs.directory_exists /data/.ssh; then || bashio::exit.nok \ 'Failed setting permissions on persistent .ssh folder' fi -ln -s /data/.ssh /root/.ssh diff --git a/ssh/rootfs/etc/cont-init.d/ssh.sh b/ssh/rootfs/etc/cont-init.d/ssh.sh index 0b58ce8..975860e 100644 --- a/ssh/rootfs/etc/cont-init.d/ssh.sh +++ b/ssh/rootfs/etc/cont-init.d/ssh.sh @@ -13,7 +13,6 @@ if bashio::config.has_value 'authorized_keys'; then done <<< "$(bashio::config 'authorized_keys')" chmod 600 /data/.ssh/authorized_keys - sed -i s/#PasswordAuthentication.*/PasswordAuthentication\ no/ /etc/ssh/sshd_config # Unlock account PASSWORD="$(pwgen -s 64 1)" @@ -23,14 +22,13 @@ elif bashio::config.has_value 'password'; then PASSWORD=$(bashio::config 'password') echo "root:${PASSWORD}" | chpasswd 2&> /dev/null - - sed -i s/#PasswordAuthentication.*/PasswordAuthentication\ yes/ /etc/ssh/sshd_config - sed -i s/#PermitEmptyPasswords.*/PermitEmptyPasswords\ no/ /etc/ssh/sshd_config elif bashio::var.has_value "$(bashio::addon.port 22)"; then bashio::exit.nok "You need to setup a login!" fi -# Allow TCP forwarding -if bashio::config.true 'server.tcp_forwarding'; then - sed -i "s/AllowTcpForwarding.*/AllowTcpForwarding\\ yes/" /etc/ssh/sshd_config -fi +# Generate config +mkdir -p /etc/ssh +tempio \ + -conf /data/options.json \ + -template /usr/share/tempio/sshd_config \ + -out /etc/ssh/sshd_config diff --git a/ssh/rootfs/etc/motd b/ssh/rootfs/etc/motd deleted file mode 100644 index 0b13fd4..0000000 --- a/ssh/rootfs/etc/motd +++ /dev/null @@ -1,11 +0,0 @@ - _ _ _ _ _ -| | | | /\ (_) | | | | -| |__| | ___ _ __ ___ ___ / \ ___ ___ _ ___| |_ __ _ _ __ | |_ -| __ |/ _ \| '_ ` _ \ / _ \ / /\ \ / __/ __| / __| __/ _` | '_ \| __| -| | | | (_) | | | | | | __/ / ____ \\__ \__ \ \__ \ || (_| | | | | |_ -|_| |_|\___/|_| |_| |_|\___| /_/ \_\___/___/_|___/\__\__,_|_| |_|\__| - - -Our command line: -$ ha help - diff --git a/ssh/rootfs/etc/profile.d/homeassistant.sh b/ssh/rootfs/etc/profile.d/homeassistant.sh deleted file mode 100644 index 2a93649..0000000 --- a/ssh/rootfs/etc/profile.d/homeassistant.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash -export PS1="\W \$ " -cat /etc/motd diff --git a/ssh/rootfs/etc/services.d/sshd/run b/ssh/rootfs/etc/services.d/sshd/run index 1a8692e..4be0401 100644 --- a/ssh/rootfs/etc/services.d/sshd/run +++ b/ssh/rootfs/etc/services.d/sshd/run @@ -6,7 +6,7 @@ # If SSH is disabled, use a fake sleep process if ! bashio::var.has_value "$(bashio::addon.port 22)"; then bashio::log.warning "SSH port is disabled. Prevent start of SSH server." - exec sleep 864000 + exec sleep infinity fi bashio::log.info "Starting the SSH daemon..." diff --git a/ssh/rootfs/root/.bash_history b/ssh/rootfs/root/.bash_history new file mode 120000 index 0000000..ee4752b --- /dev/null +++ b/ssh/rootfs/root/.bash_history @@ -0,0 +1 @@ +/data/.bash_history \ No newline at end of file diff --git a/ssh/rootfs/root/.bash_profile b/ssh/rootfs/root/.bash_profile new file mode 120000 index 0000000..c79acaf --- /dev/null +++ b/ssh/rootfs/root/.bash_profile @@ -0,0 +1 @@ +/data/.bash_profile \ No newline at end of file diff --git a/ssh/rootfs/root/.ssh b/ssh/rootfs/root/.ssh new file mode 120000 index 0000000..71426d9 --- /dev/null +++ b/ssh/rootfs/root/.ssh @@ -0,0 +1 @@ +/data/.ssh \ No newline at end of file diff --git a/ssh/rootfs/usr/share/tempio/homeassistant.profile b/ssh/rootfs/usr/share/tempio/homeassistant.profile new file mode 100644 index 0000000..58bceac --- /dev/null +++ b/ssh/rootfs/usr/share/tempio/homeassistant.profile @@ -0,0 +1,5 @@ +#!/usr/bin/env bash +export PS1="\W \$ " +export SUPERVISOR_TOKEN={{ .supervisor_token }} + +ha banner diff --git a/ssh/rootfs/etc/ssh/sshd_config b/ssh/rootfs/usr/share/tempio/sshd_config similarity index 57% rename from ssh/rootfs/etc/ssh/sshd_config rename to ssh/rootfs/usr/share/tempio/sshd_config index a83b2c9..72e4255 100644 --- a/ssh/rootfs/etc/ssh/sshd_config +++ b/ssh/rootfs/usr/share/tempio/sshd_config @@ -5,7 +5,7 @@ LogLevel INFO # Default -AllowTcpForwarding no +AllowTcpForwarding {{ if .server.tcp_forwarding }}yes{{ else }}no{{ end }} GatewayPorts no X11Forwarding no @@ -17,7 +17,10 @@ PermitRootLogin yes Banner none PrintMotd no -#PasswordAuthentication no -#PermitEmptyPasswords no - +{{ if .authorized_keys }} +PasswordAuthentication no +{{ else if .password }} +PasswordAuthentication yes +PermitEmptyPasswords no +{{ end }}