diff --git a/ssh/CHANGELOG.md b/ssh/CHANGELOG.md index 4bd84da..db7e0c0 100644 --- a/ssh/CHANGELOG.md +++ b/ssh/CHANGELOG.md @@ -1,5 +1,8 @@ # Changelog +## 5.3 +- Fix: User root not allowed because account is locked + ## 5.2 - Update Hass.io CLI to 2.1.0 diff --git a/ssh/Dockerfile b/ssh/Dockerfile index 55f6fb6..7da9330 100644 --- a/ssh/Dockerfile +++ b/ssh/Dockerfile @@ -27,5 +27,6 @@ RUN apk add --no-cache curl \ # Copy data COPY run.sh / COPY motd /etc/ +COPY sshd_config /etc/ssh/ CMD [ "/run.sh" ] diff --git a/ssh/config.json b/ssh/config.json index de25263..ac0073f 100644 --- a/ssh/config.json +++ b/ssh/config.json @@ -1,6 +1,6 @@ { "name": "SSH server", - "version": "5.2", + "version": "5.3", "slug": "ssh", "description": "Allows connections over SSH", "url": "https://home-assistant.io/addons/ssh/", diff --git a/ssh/run.sh b/ssh/run.sh index c0468af..b9a6ef8 100755 --- a/ssh/run.sh +++ b/ssh/run.sh @@ -7,10 +7,6 @@ KEYS_PATH=/data/host_keys AUTHORIZED_KEYS=$(jq --raw-output ".authorized_keys[]" $CONFIG_PATH) PASSWORD=$(jq --raw-output ".password" $CONFIG_PATH) -# Init defaults config -sed -i s/#PermitRootLogin.*/PermitRootLogin\ yes/ /etc/ssh/sshd_config -sed -i s/#LogLevel.*/LogLevel\ DEBUG/ /etc/ssh/sshd_config - if [ -n "$AUTHORIZED_KEYS" ]; then echo "[INFO] Setup authorized_keys" @@ -21,6 +17,10 @@ if [ -n "$AUTHORIZED_KEYS" ]; then chmod 600 ~/.ssh/authorized_keys sed -i s/#PasswordAuthentication.*/PasswordAuthentication\ no/ /etc/ssh/sshd_config + + # Unlook account + PASSWORD="$(strings /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c32)" + echo "root:$PASSWORD" | chpasswd 2&> /dev/null elif [ -n "$PASSWORD" ]; then echo "[INFO] Setup password login" diff --git a/ssh/sshd_config b/ssh/sshd_config new file mode 100644 index 0000000..d1ebcf0 --- /dev/null +++ b/ssh/sshd_config @@ -0,0 +1,20 @@ +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# Logging +LogLevel DEBUG + +# Default +AllowTcpForwarding no +GatewayPorts no +X11Forwarding no + +Subsystem sftp /usr/lib/ssh/sftp-server + +# Authentication: +PermitRootLogin yes + +#PasswordAuthentication no +#PermitEmptyPasswords no + +