ssh: Refactor, bumped to 5.5 (#598)

2025-12-18 05:34:20 +01:00 · 2019-06-03 11:34:17 +02:00
parent 91ca564aca
commit 73e4aa8cbb
5 changed files with 167 additions and 34 deletions
--- a/ssh/CHANGELOG.md
+++ b/ssh/CHANGELOG.md
@@ -1,48 +1,68 @@
 # Changelog
 ## 5.5
 - Rewrite add-on onto Bashio
 - Added documentation to add-on repository
 - Code styling improvements
 ## 5.4
 - Update Hass.io CLI to 2.2.0
 ## 5.3
 - Fix: User root not allowed because account is locked
 ## 5.2
 - Update Hass.io CLI to 2.1.0
 ## 5.1
 - Map all serial devices into container for manual adjustments
 ## 5.0
 - Update Hass.io CLI to 2.0.1, include bash completion
 ## 4.0
 - Update Hass.io CLI to 1.4.0
 - Add new API role profile
 - Update OpenSSH to 7.7
 ## 3.7
 - Add YAML highlighting for nano
 ## 3.6
 - Update Hass.io CLI to 1.3.1
 ## 3.5
 - Update Hass.io CLI to 1.3.0
 ## 3.4
 - Update Hass.io CLI to 1.2.1
 ## 3.3
 - Update Hass.io CLI to 1.1.2
 ## 3.2
 - Downgrade Hass.io CLI to 1.0.1
 ## 3.1
 - Update Hass.io CLI to 1.1.1
 - Change internal token handling for Hass.io API
 ## 3.0
 - Use new base images
 - Add hassio-cli version 1.0
 - Use bash as default shell
--- a/ssh/Dockerfile
+++ b/ssh/Dockerfile
@@ -6,8 +6,14 @@ ENV LANG C.UTF-8
 # Setup base
 RUN apk add --no-cache \
-    openssh vim curl nano git mosquitto-clients tmux \
+    bash-completion \
-    bash-completion
+    curl \
    git \
    mosquitto-clients \
    nano \
    openssh \
    tmux \
    vim
 # Replace bash as default shell
 RUN sed -i "s/ash/bash/" /etc/passwd
@@ -15,8 +21,8 @@ RUN sed -i "s/ash/bash/" /etc/passwd
 # Add YAML highlighting for nano
 ADD https://raw.githubusercontent.com/scopatz/nanorc/master/yaml.nanorc /usr/share/nano/yaml.nanorc
 RUN sed -i 's/^#[[:space:]]*\(include "\/usr\/share\/nano\/\*\.nanorc".*\)/\1/' /etc/nanorc
 # Hass.io CLI
 ARG BUILD_ARCH
 ARG CLI_VERSION
 RUN apk add --no-cache curl \
--- a/ssh/README.md
+++ b/ssh/README.md
@@ -0,0 +1,94 @@
 # Hass.io Core Add-on: SSH server
 Allow logging in remotely to Hass.io using SSH.
 ![Supports aarch64 Architecture][aarch64-shield] ![Supports amd64 Architecture][amd64-shield] ![Supports armhf Architecture][armhf-shield] ![Supports armv7 Architecture][armv7-shield] ![Supports i386 Architecture][i386-shield]
 ## About
 Setting up an SSH server allows access to your Hass.io folders with any SSH
 client. It also includes a command-line tool to access the Hass.io API.
 Try it out using:
 ```bash
 hassio help
 ```
 ## Installation
 The installation of this add-on is straightforward and easy to do.
 1. Navigate in your Home Assistant frontend to **Hass.io** -> **Add-on Store**.
 2. Find the "SSH server" add-on and click it.
 3. Click on the "INSTALL" button.
 ## How to use
 To use this add-on, you must have a private/public key to log in.
 To generate them, follow the [instructions for Windows][keygen-windows]
 and [these for other platforms][keygen]. It is possible to set a password for
 login since version 2.0 but for high security use private/public keys.
 You can not run both variants at the same time. Enabling login via keys, will
 simply disable password login.
 1. Add a ssh key to  `authorized_keys` or set a `password` in the add-on configuration.
 2. Start the add-on.
 3. Connect to your device using your preferred SSH client and use `root` as 
   the username.
 After logging in, you will find yourself in this add-on’s container.
 The Home Assistant configuration directory is mounted on the path `/config`.
 ## Configuration
 Add-on configuration:
 ```json
 {
  "authorized_keys": [
    "ssh-rsa AKDJD3839...== my-key"
  ],
  "password": ""
 }
 ```
 ### Option: `authorized_keys`
 Your **public keys** for the authorized key file. You can authorize multiple
 keys by adding multiple public keys to the list.
 ### Option: `password`
 Set a password for login. **We do NOT recommend this variant**.
 ## Known issues and limitations
 - This add-on will not enable you to install packages or do anything as root.
  This is not working with Hass.io.
 ## Support
 Got questions?
 You have several options to get them answered:
 - The [Home Assistant Discord Chat Server][discord].
 - The Home Assistant [Community Forum][forum].
 - Join the [Reddit subreddit][reddit] in [/r/homeassistant][reddit]
 In case you've found an bug, please [open an issue on our GitHub][issue].
 [aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg
 [amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg
 [armhf-shield]: https://img.shields.io/badge/armhf-yes-green.svg
 [armv7-shield]: https://img.shields.io/badge/armv7-yes-green.svg
 [discord]: https://discord.gg/c5DvZ4e
 [forum]: https://community.home-assistant.io
 [i386-shield]: https://img.shields.io/badge/i386-yes-green.svg
 [issue]: https://github.com/home-assistant/hassio-addons/issues
 [keygen-windows]: https://www.digitalocean.com/community/tutorials/how-to-create-ssh-keys-with-putty-to-connect-to-a-vps
 [keygen]: https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/
 [reddit]: https://reddit.com/r/homeassistant
 [repository]: https://github.com/hassio-addons/repository
--- a/ssh/config.json
+++ b/ssh/config.json
@@ -1,10 +1,16 @@
 {
  "name": "SSH server",
-  "version": "5.4",
+  "version": "5.5",
  "slug": "ssh",
  "description": "Allows connections over SSH",
-  "url": "https://home-assistant.io/addons/ssh/",
+  "url": "https://github.com/home-assistant/hassio-addons/tree/master/ssh",
-  "arch": ["armhf", "armv7", "aarch64", "amd64", "i386"],
+  "arch": [
    "armhf",
    "armv7",
    "aarch64",
    "amd64",
    "i386"
  ],
  "startup": "services",
  "boot": "auto",
  "hassio_api": true,
@@ -12,14 +18,22 @@
  "auto_uart": true,
  "ports": {
    "22/tcp": 22
-   },
+  },
-  "map": ["config:rw", "ssl:rw", "addons:rw", "share:rw", "backup:rw"],
+  "map": [
    "config:rw",
    "ssl:rw",
    "addons:rw",
    "share:rw",
    "backup:rw"
  ],
  "options": {
    "authorized_keys": [],
    "password": ""
  },
  "schema": {
-    "authorized_keys": ["str"],
+    "authorized_keys": [
      "str"
    ],
    "password": "str"
  },
  "image": "homeassistant/{arch}-addon-ssh"
--- a/ssh/run.sh
+++ b/ssh/run.sh
@@ -1,47 +1,45 @@
-#!/bin/bash
+#!/usr/bin/env bashio
 set -e
 CONFIG_PATH=/data/options.json
 KEYS_PATH=/data/host_keys
-AUTHORIZED_KEYS=$(jq --raw-output ".authorized_keys[]" $CONFIG_PATH)
+bashio::log.info "Initializing add-on for use..."
-PASSWORD=$(jq --raw-output ".password" $CONFIG_PATH)
+if bashio::config.has_value 'authorized_keys'; then
-
+    bashio::log.info "Setup authorized_keys"
 if [ -n "$AUTHORIZED_KEYS" ]; then
    echo "[INFO] Setup authorized_keys"
    mkdir -p ~/.ssh
    while read -r line; do
        echo "$line" >> ~/.ssh/authorized_keys
-    done <<< "$AUTHORIZED_KEYS"
+    done <<< "$(bashio::config 'authorized_keys')"
    chmod 600 ~/.ssh/authorized_keys
    sed -i s/#PasswordAuthentication.*/PasswordAuthentication\ no/ /etc/ssh/sshd_config
-    # Unlook account
+    # Unlock account
    PASSWORD="$(strings /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c32)"
-    echo "root:$PASSWORD" | chpasswd 2&> /dev/null
+    echo "root:${PASSWORD}" | chpasswd 2&> /dev/null
-elif [ -n "$PASSWORD" ]; then
+elif bashio::config.has_value 'password'; then
-    echo "[INFO] Setup password login"
+    bashio::log.info "Setup password login"
    PASSWORD=$(bashio::config 'password')
    echo "root:${PASSWORD}" | chpasswd 2&> /dev/null
    echo "root:$PASSWORD" | chpasswd 2&> /dev/null
    sed -i s/#PasswordAuthentication.*/PasswordAuthentication\ yes/ /etc/ssh/sshd_config
    sed -i s/#PermitEmptyPasswords.*/PermitEmptyPasswords\ no/ /etc/ssh/sshd_config
 else
-    echo "[Error] You need to setup a login!"
+    bashio::exit.nok "You need to setup a login!"
    exit 1
 fi
 # Generate host keys
-if [ ! -d "$KEYS_PATH" ]; then
+if ! bashio::fs.directory_exists "${KEYS_PATH}"; then
-    echo "[INFO] Create host keys"
+    bashio::log.info "Generating host keys..."
-    mkdir -p "$KEYS_PATH"
+    mkdir -p "${KEYS_PATH}"
-    ssh-keygen -A
+    ssh-keygen -A || bashio::exit.nok "Failed to create host keys!"
-    cp -fp /etc/ssh/ssh_host* "$KEYS_PATH/"
+    cp -fp /etc/ssh/ssh_host* "${KEYS_PATH}/"
 else
-    echo "[INFO] Restore host keys"
+    bashio::log.info "Restoring host keys..."
-    cp -fp "$KEYS_PATH"/* /etc/ssh/
+    cp -fp "${KEYS_PATH}"/* /etc/ssh/
 fi
 # Persist shell history by redirecting .bash_history to /data
@@ -49,8 +47,9 @@ touch /data/.bash_history
 chmod 600 /data/.bash_history
 ln -s -f /data/.bash_history /root/.bash_history
-# Store token for hass.io API
+# Store token for Hass.io API
-echo "export HASSIO_TOKEN=$HASSIO_TOKEN" >> /root/.bash_profile
+echo "export HASSIO_TOKEN=${HASSIO_TOKEN}" >> /root/.bash_profile
-# start server
+# Start server
 bashio::log.info "Starting SSH daemon..."
 exec /usr/sbin/sshd -D -e < /dev/null