aljaz/addons
1
0
Fork 0
mirror of https://github.com/aljazceru/addons.git synced 2025-12-17 13:14:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

SSH: Use new banner and tempio (#1800)

Browse Source 
* SSH: Use new banner and tempio

* fix change for tests

* Update ssh/build.json

Co-authored-by: Franck Nijhof <git@frenck.dev>

* fix build

Co-authored-by: Franck Nijhof <git@frenck.dev>
This commit is contained in:
Pascal Vizeli
2021-02-02 19:05:08 +01:00
committed by GitHub
parent e29eed1e76
commit 1abda8bfed
15 changed files with 68 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ssh/CHANGELOG.md
View File

@@ -2,6 +2,12 @@
## 8.10.0 ## 8.10.0
- Upgrade Alpine Linux to 3.13
- Update Home Assistant CLI to 4.10.0
- Use new HA banner on login
## 8.10.0
- Update Home Assistant CLI to 4.9.0 - Update Home Assistant CLI to 4.9.0
## 8.9.1 ## 8.9.1
@@ -86,11 +92,3 @@
- Persist .ssh folder across restarts - Persist .ssh folder across restarts
- Add helper symlink folders to user home folder - Add helper symlink folders to user home folder
## 7.1.0
- Update Hass.io CLI to 3.1.1
## 7.0.0
- Added bash_profile as a persistent file

22
ssh/Dockerfile
View File

@@ -5,15 +5,7 @@ FROM $BUILD_FROM
ARG LIBWEBSOCKETS_VERSION ARG LIBWEBSOCKETS_VERSION
ARG TTYD_VERSION ARG TTYD_VERSION
RUN \ RUN \
apk add --no-cache --virtual .build-dependencies \ set -x \
bsd-compat-headers \
build-base \
cmake \
json-c-dev \
libuv-dev \
openssl-dev \
zlib-dev \
\
&& apk add --no-cache \ && apk add --no-cache \
bash-completion \ bash-completion \
pulseaudio-utils \ pulseaudio-utils \
@@ -28,9 +20,19 @@ RUN \
tmux \ tmux \
vim \ vim \
\ \
&& apk add --no-cache --virtual .build-dependencies \
bsd-compat-headers \
build-base \
linux-headers \
cmake \
json-c-dev \
libuv-dev \
openssl-dev \
zlib-dev \
\
&& sed -i "s/ash/bash/" /etc/passwd \ && sed -i "s/ash/bash/" /etc/passwd \
\ \
&& git clone --branch "${LIBWEBSOCKETS_VERSION}" --depth=1 \ && git clone --branch "v${LIBWEBSOCKETS_VERSION}" --depth=1 \
https://github.com/warmcat/libwebsockets.git /tmp/libwebsockets \ https://github.com/warmcat/libwebsockets.git /tmp/libwebsockets \
\ \
&& mkdir -p /tmp/libwebsockets/build \ && mkdir -p /tmp/libwebsockets/build \

16
ssh/build.json
View File

@@ -1,14 +1,14 @@
{ {
"build_from": { "build_from": {
"aarch64": "homeassistant/aarch64-base:3.12", "aarch64": "homeassistant/aarch64-base:3.13",
"amd64": "homeassistant/amd64-base:3.12", "amd64": "homeassistant/amd64-base:3.13",
"armhf": "homeassistant/armhf-base:3.12", "armhf": "homeassistant/armhf-base:3.13",
"armv7": "homeassistant/armv7-base:3.12", "armv7": "homeassistant/armv7-base:3.13",
"i386": "homeassistant/i386-base:3.12" "i386": "homeassistant/i386-base:3.13"
}, },
"args": { "args": {
"CLI_VERSION": "4.9.0", "CLI_VERSION": "4.10.0",
"LIBWEBSOCKETS_VERSION": "v3.2.2", "LIBWEBSOCKETS_VERSION": "4.1.4",
"TTYD_VERSION": "1.6.0" "TTYD_VERSION": "1.6.3"
} }
} }

2
ssh/config.json
View File

@@ -1,6 +1,6 @@
{ {
"name": "Terminal & SSH", "name": "Terminal & SSH",
"version": "8.10.0", "version": "9.0.0",
"slug": "ssh", "slug": "ssh",
"description": "Allow logging in remotely to Home Assistant using SSH", "description": "Allow logging in remotely to Home Assistant using SSH",
"url": "https://github.com/home-assistant/hassio-addons/tree/master/ssh", "url": "https://github.com/home-assistant/hassio-addons/tree/master/ssh",

2
ssh/rootfs/etc/cont-init.d/keygen.sh
View File

@@ -2,7 +2,7 @@
# ============================================================================== # ==============================================================================
# SSH Host keys # SSH Host keys
# ============================================================================== # ==============================================================================
KEYS_PATH=/data/host_keys readonly KEYS_PATH=/data/host_keys
if ! bashio::fs.directory_exists "${KEYS_PATH}"; then if ! bashio::fs.directory_exists "${KEYS_PATH}"; then
bashio::log.info "Generating host keys..." bashio::log.info "Generating host keys..."

34
ssh/rootfs/etc/cont-init.d/profile.sh
View File

@@ -2,25 +2,28 @@
# ============================================================================== # ==============================================================================
# Setup persistent user settings # Setup persistent user settings
# ============================================================================== # ==============================================================================
DIRECTORIES=(addons backup config share ssl) readonly DIRECTORIES=(addons backup config share ssl)
# Persist shell history by redirecting .bash_history to /data # Persist shell history by redirecting .bash_history to /data
touch /data/.bash_history if ! bashio::fs.file_exists /data/.bash_profile; then
chmod 600 /data/.bash_history touch /data/.bash_history
ln -s -f /data/.bash_history /root/.bash_history chmod 600 /data/.bash_history
# Make Home Assistant TOKEN available on the CLI
echo "export SUPERVISOR_TOKEN=${SUPERVISOR_TOKEN}" >> /etc/profile.d/homeassistant.sh
# Remove old HASSIO_TOKEN from bash profile (if exists)
if bashio::fs.file_exists /data/.bash_profile; then
sed -i "/export HASSIO_TOKEN=.*/d" /data/.bash_profile
fi fi
# Persist .bash_profile by redirecting .bash_profile to /data # Make Home Assistant TOKEN available on the CLI
touch /data/.bash_profile mkdir -p /etc/profile.d
chmod 600 /data/.bash_profile bashio::var.json \
ln -s -f /data/.bash_profile /root/.bash_profile supervisor_token "${SUPERVISOR_TOKEN}" \
| tempio \
-template /usr/share/tempio/homeassistant.profile \
-out /etc/profile.d/homeassistant.sh
# Persist shell profile by redirecting .bash_profile to /data
if ! bashio::fs.file_exists /data/.bash_profile; then
touch /data/.bash_profile
chmod 600 /data/.bash_profile
fi
# Links some common directories to the user's home folder for convenience # Links some common directories to the user's home folder for convenience
for dir in "${DIRECTORIES[@]}"; do for dir in "${DIRECTORIES[@]}"; do
@@ -37,4 +40,3 @@ if ! bashio::fs.directory_exists /data/.ssh; then
|| bashio::exit.nok \ || bashio::exit.nok \
'Failed setting permissions on persistent .ssh folder' 'Failed setting permissions on persistent .ssh folder'
fi fi
ln -s /data/.ssh /root/.ssh

14
ssh/rootfs/etc/cont-init.d/ssh.sh
View File

@@ -13,7 +13,6 @@ if bashio::config.has_value 'authorized_keys'; then
done <<< "$(bashio::config 'authorized_keys')" done <<< "$(bashio::config 'authorized_keys')"
chmod 600 /data/.ssh/authorized_keys chmod 600 /data/.ssh/authorized_keys
sed -i s/#PasswordAuthentication.*/PasswordAuthentication\ no/ /etc/ssh/sshd_config
# Unlock account # Unlock account
PASSWORD="$(pwgen -s 64 1)" PASSWORD="$(pwgen -s 64 1)"
@@ -23,14 +22,13 @@ elif bashio::config.has_value 'password'; then
PASSWORD=$(bashio::config 'password') PASSWORD=$(bashio::config 'password')
echo "root:${PASSWORD}" | chpasswd 2&> /dev/null echo "root:${PASSWORD}" | chpasswd 2&> /dev/null
sed -i s/#PasswordAuthentication.*/PasswordAuthentication\ yes/ /etc/ssh/sshd_config
sed -i s/#PermitEmptyPasswords.*/PermitEmptyPasswords\ no/ /etc/ssh/sshd_config
elif bashio::var.has_value "$(bashio::addon.port 22)"; then elif bashio::var.has_value "$(bashio::addon.port 22)"; then
bashio::exit.nok "You need to setup a login!" bashio::exit.nok "You need to setup a login!"
fi fi
# Allow TCP forwarding # Generate config
if bashio::config.true 'server.tcp_forwarding'; then mkdir -p /etc/ssh
sed -i "s/AllowTcpForwarding.*/AllowTcpForwarding\\ yes/" /etc/ssh/sshd_config tempio \
fi -conf /data/options.json \
-template /usr/share/tempio/sshd_config \
-out /etc/ssh/sshd_config

11
ssh/rootfs/etc/motd
View File

@@ -1,11 +0,0 @@
_ _ _ _ _
| | | | /\ (_) | | | |
| |__| | ___ _ __ ___ ___ / \ ___ ___ _ ___| |_ __ _ _ __ | |_
| __ |/ _ \| '_ ` _ \ / _ \ / /\ \ / __/ __| / __| __/ _` | '_ \| __|
| | | | (_) | | | | | | __/ / ____ \\__ \__ \ \__ \ || (_| | | | | |_
|_| |_|\___/|_| |_| |_|\___| /_/ \_\___/___/_|___/\__\__,_|_| |_|\__|
Our command line:
$ ha help

3
ssh/rootfs/etc/profile.d/homeassistant.sh
View File

@@ -1,3 +0,0 @@
#!/usr/bin/env bash
export PS1="\W \$ "
cat /etc/motd

2
ssh/rootfs/etc/services.d/sshd/run
View File

@@ -6,7 +6,7 @@
# If SSH is disabled, use a fake sleep process # If SSH is disabled, use a fake sleep process
if ! bashio::var.has_value "$(bashio::addon.port 22)"; then if ! bashio::var.has_value "$(bashio::addon.port 22)"; then
bashio::log.warning "SSH port is disabled. Prevent start of SSH server." bashio::log.warning "SSH port is disabled. Prevent start of SSH server."
exec sleep 864000 exec sleep infinity
fi fi
bashio::log.info "Starting the SSH daemon..." bashio::log.info "Starting the SSH daemon..."

1
ssh/rootfs/root/.bash_history Symbolic link
View File

@@ -0,0 +1 @@
/data/.bash_history

1
ssh/rootfs/root/.bash_profile Symbolic link
View File

@@ -0,0 +1 @@
/data/.bash_profile

1
ssh/rootfs/root/.ssh Symbolic link
View File

@@ -0,0 +1 @@
/data/.ssh

5
ssh/rootfs/usr/share/tempio/homeassistant.profile Normal file
View File

@@ -0,0 +1,5 @@
#!/usr/bin/env bash
export PS1="\W \$ "
export SUPERVISOR_TOKEN={{ .supervisor_token }}
ha banner

11
ssh/rootfs/etc/ssh/sshd_config → ssh/rootfs/usr/share/tempio/sshd_config
View File

@@ -5,7 +5,7 @@
LogLevel INFO LogLevel INFO
# Default # Default
AllowTcpForwarding no AllowTcpForwarding {{ if .server.tcp_forwarding }}yes{{ else }}no{{ end }}
GatewayPorts no GatewayPorts no
X11Forwarding no X11Forwarding no
@@ -17,7 +17,10 @@ PermitRootLogin yes
Banner none Banner none
PrintMotd no PrintMotd no
#PasswordAuthentication no {{ if .authorized_keys }}
#PermitEmptyPasswords no PasswordAuthentication no
{{ else if .password }}
PasswordAuthentication yes
PermitEmptyPasswords no
{{ end }}