ssh: Refactor, bumped to 5.5 (#598)

ssh/CHANGELOG.md

@@ -1,48 +1,68 @@
 # Changelog
 
+## 5.5
+
+- Rewrite add-on onto Bashio
+- Added documentation to add-on repository
+- Code styling improvements
+
 ## 5.4
+
 - Update Hass.io CLI to 2.2.0
 
 ## 5.3
+
 - Fix: User root not allowed because account is locked
 
 ## 5.2
+
 - Update Hass.io CLI to 2.1.0
 
 ## 5.1
+
 - Map all serial devices into container for manual adjustments
 
 ## 5.0
+
 - Update Hass.io CLI to 2.0.1, include bash completion
 
 ## 4.0
+
 - Update Hass.io CLI to 1.4.0
 - Add new API role profile
 - Update OpenSSH to 7.7
 
 ## 3.7
+
 - Add YAML highlighting for nano
 
 ## 3.6
+
 - Update Hass.io CLI to 1.3.1
 
 ## 3.5
+
 - Update Hass.io CLI to 1.3.0
 
 ## 3.4
+
 - Update Hass.io CLI to 1.2.1
 
 ## 3.3
+
 - Update Hass.io CLI to 1.1.2
 
 ## 3.2
+
 - Downgrade Hass.io CLI to 1.0.1
 
 ## 3.1
+
 - Update Hass.io CLI to 1.1.1
 - Change internal token handling for Hass.io API
 
 ## 3.0
+
 - Use new base images
 - Add hassio-cli version 1.0
 - Use bash as default shell

ssh/Dockerfile

@@ -6,8 +6,14 @@ ENV LANG C.UTF-8
 
 # Setup base
 RUN apk add --no-cache \
-    openssh vim curl nano git mosquitto-clients tmux \
-    bash-completion
+    bash-completion \
+    curl \
+    git \
+    mosquitto-clients \
+    nano \
+    openssh \
+    tmux \
+    vim
 
 # Replace bash as default shell
 RUN sed -i "s/ash/bash/" /etc/passwd
@@ -15,8 +21,8 @@ RUN sed -i "s/ash/bash/" /etc/passwd
 # Add YAML highlighting for nano
 ADD https://raw.githubusercontent.com/scopatz/nanorc/master/yaml.nanorc /usr/share/nano/yaml.nanorc
 RUN sed -i 's/^#[[:space:]]*\(include "\/usr\/share\/nano\/\*\.nanorc".*\)/\1/' /etc/nanorc
-
 # Hass.io CLI
+
 ARG BUILD_ARCH
 ARG CLI_VERSION
 RUN apk add --no-cache curl \

ssh/README.md

@@ -0,0 +1,94 @@
+# Hass.io Core Add-on: SSH server
+
+Allow logging in remotely to Hass.io using SSH.
+
+![Supports aarch64 Architecture][aarch64-shield] ![Supports amd64 Architecture][amd64-shield] ![Supports armhf Architecture][armhf-shield] ![Supports armv7 Architecture][armv7-shield] ![Supports i386 Architecture][i386-shield]
+
+## About
+
+Setting up an SSH server allows access to your Hass.io folders with any SSH
+client. It also includes a command-line tool to access the Hass.io API.
+
+Try it out using:
+
+```bash
+hassio help
+```
+
+## Installation
+
+The installation of this add-on is straightforward and easy to do.
+
+1. Navigate in your Home Assistant frontend to **Hass.io** -> **Add-on Store**.
+2. Find the "SSH server" add-on and click it.
+3. Click on the "INSTALL" button.
+
+## How to use
+
+To use this add-on, you must have a private/public key to log in.
+To generate them, follow the [instructions for Windows][keygen-windows]
+and [these for other platforms][keygen]. It is possible to set a password for
+login since version 2.0 but for high security use private/public keys.
+
+You can not run both variants at the same time. Enabling login via keys, will
+simply disable password login.
+
+1. Add a ssh key to  `authorized_keys` or set a `password` in the add-on configuration.
+2. Start the add-on.
+3. Connect to your device using your preferred SSH client and use `root` as 
+   the username.
+
+After logging in, you will find yourself in this add-on’s container.
+The Home Assistant configuration directory is mounted on the path `/config`.
+
+## Configuration
+
+Add-on configuration:
+
+```json
+{
+  "authorized_keys": [
+    "ssh-rsa AKDJD3839...== my-key"
+  ],
+  "password": ""
+}
+```
+
+### Option: `authorized_keys`
+
+Your **public keys** for the authorized key file. You can authorize multiple
+keys by adding multiple public keys to the list.
+
+### Option: `password`
+
+Set a password for login. **We do NOT recommend this variant**.
+
+## Known issues and limitations
+
+- This add-on will not enable you to install packages or do anything as root.
+  This is not working with Hass.io.
+
+## Support
+
+Got questions?
+
+You have several options to get them answered:
+
+- The [Home Assistant Discord Chat Server][discord].
+- The Home Assistant [Community Forum][forum].
+- Join the [Reddit subreddit][reddit] in [/r/homeassistant][reddit]
+
+In case you've found an bug, please [open an issue on our GitHub][issue].
+
+[aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg
+[amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg
+[armhf-shield]: https://img.shields.io/badge/armhf-yes-green.svg
+[armv7-shield]: https://img.shields.io/badge/armv7-yes-green.svg
+[discord]: https://discord.gg/c5DvZ4e
+[forum]: https://community.home-assistant.io
+[i386-shield]: https://img.shields.io/badge/i386-yes-green.svg
+[issue]: https://github.com/home-assistant/hassio-addons/issues
+[keygen-windows]: https://www.digitalocean.com/community/tutorials/how-to-create-ssh-keys-with-putty-to-connect-to-a-vps
+[keygen]: https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/
+[reddit]: https://reddit.com/r/homeassistant
+[repository]: https://github.com/hassio-addons/repository

ssh/config.json

@@ -1,10 +1,16 @@
 {
   "name": "SSH server",
-  "version": "5.4",
+  "version": "5.5",
   "slug": "ssh",
   "description": "Allows connections over SSH",
-  "url": "https://home-assistant.io/addons/ssh/",
-  "arch": ["armhf", "armv7", "aarch64", "amd64", "i386"],
+  "url": "https://github.com/home-assistant/hassio-addons/tree/master/ssh",
+  "arch": [
+    "armhf",
+    "armv7",
+    "aarch64",
+    "amd64",
+    "i386"
+  ],
   "startup": "services",
   "boot": "auto",
   "hassio_api": true,
@@ -12,14 +18,22 @@
   "auto_uart": true,
   "ports": {
     "22/tcp": 22
-   },
-  "map": ["config:rw", "ssl:rw", "addons:rw", "share:rw", "backup:rw"],
+  },
+  "map": [
+    "config:rw",
+    "ssl:rw",
+    "addons:rw",
+    "share:rw",
+    "backup:rw"
+  ],
   "options": {
     "authorized_keys": [],
     "password": ""
   },
   "schema": {
-    "authorized_keys": ["str"],
+    "authorized_keys": [
+      "str"
+    ],
     "password": "str"
   },
   "image": "homeassistant/{arch}-addon-ssh"

ssh/run.sh

@@ -1,47 +1,45 @@
-#!/bin/bash
+#!/usr/bin/env bashio
 set -e
 
-CONFIG_PATH=/data/options.json
 KEYS_PATH=/data/host_keys
 
-AUTHORIZED_KEYS=$(jq --raw-output ".authorized_keys[]" $CONFIG_PATH)
-PASSWORD=$(jq --raw-output ".password" $CONFIG_PATH)
-
-if [ -n "$AUTHORIZED_KEYS" ]; then
-    echo "[INFO] Setup authorized_keys"
+bashio::log.info "Initializing add-on for use..."
+if bashio::config.has_value 'authorized_keys'; then
+    bashio::log.info "Setup authorized_keys"
 
     mkdir -p ~/.ssh
     while read -r line; do
         echo "$line" >> ~/.ssh/authorized_keys
-    done <<< "$AUTHORIZED_KEYS"
+    done <<< "$(bashio::config 'authorized_keys')"
 
     chmod 600 ~/.ssh/authorized_keys
     sed -i s/#PasswordAuthentication.*/PasswordAuthentication\ no/ /etc/ssh/sshd_config
 
-    # Unlook account
+    # Unlock account
     PASSWORD="$(strings /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c32)"
-    echo "root:$PASSWORD" | chpasswd 2&> /dev/null
-elif [ -n "$PASSWORD" ]; then
-    echo "[INFO] Setup password login"
+    echo "root:${PASSWORD}" | chpasswd 2&> /dev/null
+elif bashio::config.has_value 'password'; then
+    bashio::log.info "Setup password login"
+
+    PASSWORD=$(bashio::config 'password')
+    echo "root:${PASSWORD}" | chpasswd 2&> /dev/null
 
-    echo "root:$PASSWORD" | chpasswd 2&> /dev/null
     sed -i s/#PasswordAuthentication.*/PasswordAuthentication\ yes/ /etc/ssh/sshd_config
     sed -i s/#PermitEmptyPasswords.*/PermitEmptyPasswords\ no/ /etc/ssh/sshd_config
 else
-    echo "[Error] You need to setup a login!"
-    exit 1
+    bashio::exit.nok "You need to setup a login!"
 fi
 
 # Generate host keys
-if [ ! -d "$KEYS_PATH" ]; then
-    echo "[INFO] Create host keys"
+if ! bashio::fs.directory_exists "${KEYS_PATH}"; then
+    bashio::log.info "Generating host keys..."
 
-    mkdir -p "$KEYS_PATH"
-    ssh-keygen -A
-    cp -fp /etc/ssh/ssh_host* "$KEYS_PATH/"
+    mkdir -p "${KEYS_PATH}"
+    ssh-keygen -A || bashio::exit.nok "Failed to create host keys!"
+    cp -fp /etc/ssh/ssh_host* "${KEYS_PATH}/"
 else
-    echo "[INFO] Restore host keys"
-    cp -fp "$KEYS_PATH"/* /etc/ssh/
+    bashio::log.info "Restoring host keys..."
+    cp -fp "${KEYS_PATH}"/* /etc/ssh/
 fi
 
 # Persist shell history by redirecting .bash_history to /data
@@ -49,8 +47,9 @@ touch /data/.bash_history
 chmod 600 /data/.bash_history
 ln -s -f /data/.bash_history /root/.bash_history
 
-# Store token for hass.io API
-echo "export HASSIO_TOKEN=$HASSIO_TOKEN" >> /root/.bash_profile
+# Store token for Hass.io API
+echo "export HASSIO_TOKEN=${HASSIO_TOKEN}" >> /root/.bash_profile
 
-# start server
+# Start server
+bashio::log.info "Starting SSH daemon..."
 exec /usr/sbin/sshd -D -e < /dev/null