Last active
August 29, 2015 13:57
-
-
Save scollier/9449915 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If you choose to use a password, inspired from the start.sh at: https://github.com/jbfink/docker-wordpress/blob/master/start.sh | |
#let's create a user to ssh into | |
SSH_USERPASS=`pwgen -c -n -1 8` | |
mkdir /home/user | |
useradd -G sudo -d /home/user user | |
chown user /home/user | |
echo user:$SSH_USERPASS | chpasswd | |
echo ssh user password: $SSH_USERPASS | |
As part of that, you could also go ahead and add the user to the wheel group for sudo. | |
Then for port (pick your port): | |
sudo sed -i 's/#Port 22/Port 900/g' /etc/ssh/sshd_config | |
This could also be left default, and just change the map with the docker run. docker run -p 22:$NEW_PORT | |
Disable root login | |
sudo sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config | |
OR disable password auth | |
sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config | |
You could then just copy your pubkey over during the ADD. | |
So the flow would be, picking what you want from the above, creating small start_ssh.sh script and ADD it and then RUN chmod it and the RUN the script. | |
You mentioned the security of the host, who knows how secure the host will be? not that this is total security either... | |
Then the only thing left would be moving zone files and config files to external volume, and that would require changing the startup script to point to the new location of named.conf. An example run: | |
docker run -p 53:53 -p $SSH_PORT:$SSH_PORT -h DNS1 -v /mnt/docker/config/dns:/mnt/dns/ -d dns/server1 | |
Again, this is not a blocker, just want to get your thoughts and see if it's worth it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment