ssh: Add web terminal, alpine 3.11, improved token handling, bump 8.0 (#954)

* ssh: Add support for a web-based terminal via Ingress

* ssh: Upgrade Alpine Linux to 3.11

* ssh: Improve Hass.io API token handling

* ssh: Bump to 8.0, updated changelog

* ssh: Fix Shellcheck warning

* ssh: Use default Ingress port

* ssh: Persist .ssh folder

* ssh: Add some helper symlinks to use folder

* ssh: Make sure web terminal starts in home folder

* ssh: Update changelog to reflect latest changes

ssh/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 8.0
+
+- Add support for a web-based terminal via Ingress
+- Upgrade Alpine Linux to 3.11
+- Improve Hass.io API token handling
+- Persist .ssh folder across restarts
+- Add helper symlink folders to user home folder
+
 ## 7.1
 
 - Update Hass.io CLI to 3.1.1

ssh/Dockerfile

@@ -2,18 +2,66 @@ ARG BUILD_FROM
 FROM $BUILD_FROM
 
 # Setup base
-RUN apk add --no-cache \
-    bash-completion \
-    git \
-    mosquitto-clients \
-    nano \
-    openssh \
-    pwgen \
-    tmux \
-    vim
-
-# Replace bash as default shell
-RUN sed -i "s/ash/bash/" /etc/passwd
+ARG LIBWEBSOCKETS_VERSION
+ARG TTYD_VERSION
+RUN \
+    apk add --no-cache --virtual .build-dependencies \
+        bsd-compat-headers \
+        build-base \
+        cmake \
+        json-c-dev \
+        libuv-dev \
+        openssl-dev \
+    \
+    && apk add --no-cache \
+        bash-completion \
+        git \
+        libuv \
+        mosquitto-clients \
+        nano \
+        openssh \
+        pwgen \
+        tmux \
+        vim \
+    \
+    && sed -i "s/ash/bash/" /etc/passwd \
+    \
+    && git clone --branch "${LIBWEBSOCKETS_VERSION}" --depth=1 \
+        https://github.com/warmcat/libwebsockets.git /tmp/libwebsockets \
+    \
+    && mkdir -p /tmp/libwebsockets/build \
+    && cd /tmp/libwebsockets/build \
+    && cmake .. \
+        -DCMAKE_BUILD_TYPE=MinSizeRel \
+        -DCMAKE_INSTALL_PREFIX=/usr \
+        -DCMAKE_VERBOSE_MAKEFILE=TRUE \
+        -DLWS_IPV6=ON \
+        -DLWS_STATIC_PIC=ON \
+        -DLWS_UNIX_SOCK=OFF \
+        -DLWS_WITH_LIBUV=ON \
+        -DLWS_WITH_SHARED=ON \
+        -DLWS_WITHOUT_TESTAPPS=ON \
+    && make \
+    && make install \
+    \
+    && git clone --branch master --single-branch \
+        https://github.com/tsl0922/ttyd.git /tmp/ttyd \
+    && git -C /tmp/ttyd checkout "${TTYD_VERSION}" \
+    \
+    && mkdir -p /tmp/ttyd/build \
+    && cd /tmp/ttyd/build \
+    && cmake .. \
+        -DCMAKE_BUILD_TYPE=MinSizeRel \
+        -DCMAKE_INSTALL_PREFIX=/usr \
+        -DCMAKE_VERBOSE_MAKEFILE=TRUE \
+    && make \
+    && make install \
+    \
+    && apk del --no-cache --purge .build-dependencies \
+    && rm -f -r \
+        /root/.cache \
+        /root/.cmake \
+        /tmp/*
 
 # Add YAML highlighting for nano
 ADD https://raw.githubusercontent.com/scopatz/nanorc/master/yaml.nanorc /usr/share/nano/yaml.nanorc
@@ -28,8 +76,10 @@ RUN curl -Lso /usr/bin/hassio \
     && /usr/bin/hassio completion > /usr/share/bash-completion/completions/hassio
 
 # Copy data
-COPY data/run.sh /
+COPY data/.tmux.conf /root/
+COPY data/hassio.sh /etc/profile.d/
 COPY data/motd /etc/
+COPY data/run.sh /
 COPY data/sshd_config /etc/ssh/
 
 CMD [ "/run.sh" ]

ssh/build.json

@@ -1,12 +1,14 @@
 {
   "build_from": {
-    "aarch64": "homeassistant/aarch64-base:3.10",
-    "amd64": "homeassistant/amd64-base:3.10",
-    "armhf": "homeassistant/armhf-base:3.10",
-    "armv7": "homeassistant/armv7-base:3.10",
-    "i386": "homeassistant/i386-base:3.10"
+    "aarch64": "homeassistant/aarch64-base:3.11",
+    "amd64": "homeassistant/amd64-base:3.11",
+    "armhf": "homeassistant/armhf-base:3.11",
+    "armv7": "homeassistant/armv7-base:3.11",
+    "i386": "homeassistant/i386-base:3.11"
   },
   "args": {
-    "CLI_VERSION": "3.1.1"
+    "CLI_VERSION": "3.1.2",
+    "LIBWEBSOCKETS_VERSION": "v3.2.1",
+    "TTYD_VERSION": "aed3faa38dd20e8b377484ff7ac3da1826f21524"
   }
 }

ssh/config.json

@@ -1,11 +1,14 @@
 {
   "name": "SSH server",
-  "version": "7.1",
+  "version": "8.0",
   "slug": "ssh",
   "description": "Allows connections over SSH",
   "url": "https://github.com/home-assistant/hassio-addons/tree/master/ssh",
   "arch": ["armhf", "armv7", "aarch64", "amd64", "i386"],
   "startup": "services",
+  "ingress": true,
+  "panel_icon": "mdi:console",
+  "panel_title": "Terminal",
   "boot": "auto",
   "hassio_api": true,
   "hassio_role": "manager",

ssh/data/.tmux.conf

@@ -0,0 +1,26 @@
+set-option -g default-shell /bin/zsh
+set-option -g default-terminal $TERM
+set-option -g base-index 1
+setw -g pane-base-index 1
+setw -g window-status-format "#[fg=white]#[bg=blue] #I #[bg=blue]#[fg=white] #W "
+setw -g window-status-current-format "#[bg=brightmagenta]#[fg=white] *#I #[fg=white,bold]#[bg=cyan] [#W] "
+set -g status-fg white
+set -g status-bg blue
+set -g status-left ''
+set -g status-right '%a %m-%d %H:%M'
+set -g mouse on
+unbind C-b
+set-option -g prefix C-a
+bind-key C-a send-prefix
+bind | split-window -h
+bind \\ split-window -h
+bind - split-window -v
+unbind '"'
+unbind %
+bind -n M-Left select-pane -L
+bind -n M-Right select-pane -R
+bind -n M-Up select-pane -U
+bind -n M-Down select-pane -D
+set -s escape-time 0
+bind-key -T copy-mode-vi MouseDragEnd1Pane send-keys -X copy-pipe-and-cancel "xclip -selection clipboard -i"
+bind-key -T copy-mode MouseDragEnd1Pane send-keys -X copy-pipe-and-cancel "xclip -selection clipboard -i"

ssh/data/hassio.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+export PS1="\$ "
+cat /etc/motd

ssh/data/run.sh

@@ -3,6 +3,8 @@ set -e
 
 KEYS_PATH=/data/host_keys
 
+WAIT_PIDS=()
+
 bashio::log.info "Initializing add-on for use..."
 if bashio::config.has_value 'authorized_keys'; then
     bashio::log.info "Setup authorized_keys"
@@ -47,16 +49,57 @@ touch /data/.bash_history
 chmod 600 /data/.bash_history
 ln -s -f /data/.bash_history /root/.bash_history
 
-# Persist .bash_profile by redirecting .bash_profile to /data
+# Make Hass.io TOKEN available on the CLI
+echo "export HASSIO_TOKEN=${HASSIO_TOKEN}" >> /etc/profile.d/hassio.sh
+
+# Remove old HASSIO_TOKEN from bash profile (if exists)
 if bashio::fs.file_exists /data/.bash_profile; then
-  sed -i "s/export HASSIO_TOKEN=.*/export HASSIO_TOKEN=${HASSIO_TOKEN}/" /data/.bash_profile
-else
-  echo "export HASSIO_TOKEN=${HASSIO_TOKEN}" > /data/.bash_profile
+  sed -i "/export HASSIO_TOKEN=.*/d" /data/.bash_profile
 fi
 
+# Persist .bash_profile by redirecting .bash_profile to /data
 chmod 600 /data/.bash_profile
 ln -s -f /data/.bash_profile /root/.bash_profile
 
-# Start server
+# Links some common directories to the user's home folder for convenience
+DIRECTORIES=(addons backup config share ssl)
+for dir in "${DIRECTORIES[@]}"; do
+    ln -s "/${dir}" "${HOME}/${dir}" \
+        || bashio::log.warning "Failed linking common directory: ${dir}"
+done
+
+# Sets up the users .ssh folder to be persistent
+if ! bashio::fs.directory_exists /data/.ssh; then
+    mkdir -p /data/.ssh \
+        || bashio::exit.nok 'Failed to create a persistent .ssh folder'
+
+    chmod 700 /data/.ssh \
+        || bashio::exit.nok \
+            'Failed setting permissions on persistent .ssh folder'
+fi
+ln -s /data/.ssh /root/.ssh
+
+# Register stop
+function stop_addon() {
+    bashio::log.debug "Kill Processes..."
+    kill -15 "${WAIT_PIDS[@]}"
+
+    wait "${WAIT_PIDS[@]}"
+    bashio::log.debug "Done."
+}
+trap "stop_addon" SIGTERM SIGHUP
+
+# Start SSH server
 bashio::log.info "Starting SSH daemon..."
-exec /usr/sbin/sshd -D -e < /dev/null
+/usr/sbin/sshd -D -e < /dev/null &
+WAIT_PIDS+=($!)
+
+# Start ttyd server
+bashio::log.info "Starting Web Terminal..."
+cd /root
+ttyd -p 8099 tmux -u new -A -s hassio bash -l &
+WAIT_PIDS+=($!)
+
+# Wait until all is done
+bashio::log.info "SSH add-on is set up and running!"
+wait "${WAIT_PIDS[@]}"

ssh/data/sshd_config

@@ -14,6 +14,9 @@ Subsystem       sftp    /usr/lib/ssh/sftp-server
 # Authentication:
 PermitRootLogin yes
 
+Banner none
+PrintMotd no
+
 #PasswordAuthentication no
 #PermitEmptyPasswords no