#!/bin/sh PREFIX=@PREFIX@ : ${LIBDIR=$PREFIX/lib} . "$LIBDIR/libalpine.sh" usage() { cat <<-__EOF__ usage: setup-sshd [-h] [-k authorized key] [openssh | dropbear | none] Setup sshd daemon options: -h Show this help -k Authorized key for root (HTTP(S)/FTP URL, the public key itself or 'none') __EOF__ exit $1 } authorized_key="$SSH_KEY" while getopts "hc:k:" opt; do case $opt in h) usage 0;; c) sshdchoice="$OPTARG";; # backwards compat k) authorized_key="$OPTARG";; '?') usage "1" >&2;; esac done shift $(( $OPTIND - 1 )) case "$1" in openssh|dropbear|none) sshdchoice="$1" ;; "") ;; *) usage "1" >&2;; esac while ! isin "$sshdchoice" openssh dropbear none; do ask "Which SSH server? ('openssh', 'dropbear' or 'none')" openssh sshdchoice="$resp" done if [ "$sshdchoice" = "none" ]; then exit 0 fi pkgs="$sshdchoice" if [ "$sshdchoice" = "openssh" ] && apk info --quiet --installed acf-core; then pkgs="$pkgs acf-openssh" fi $MOCK apk add --quiet $pkgs if [ "$sshdchoice" = "openssh" ] && [ -z "$authorized_key" ]; then while true; do ask "Allow root ssh login? ('yes', 'no', 'prohibit-password' or KEYURL) [prohibit-password]" prohibit-password case "$resp" in yes|no|prohibit-password) sed -i -E -e "s/^#?\s*PermitRootLogin.*/PermitRootLogin $resp/" "$ROOT"/etc/ssh/sshd_config if ! grep -q ^PermitRootLogin "$ROOT"/etc/ssh/sshd_config; then echo "PermitRootLogin $resp" >> "$ROOT"/etc/ssh/sshd_config fi break ;; http://*|https://*) authorized_key="$(wget -qO- "$resp")" || { echo "Failed to fetch key from '$resp'"; continue; } break ;; esac done fi svc= case "$sshdchoice" in openssh) svc=sshd;; dropbear) svc=dropbear;; esac if [ -n "$svc" ]; then $MOCK rc-update add $svc default $MOCK rc-service $svc start fi if [ -n "$authorized_key" -a "$authorized_key" != "none" ]; then # if the argument is an HTTP(S)/FTP URL, try to fetch the file contents case "$authorized_key" in http*://*|ftp://) key_url="$authorized_key" authorized_key="$(wget -qO- "$key_url")" || die "Failed to fetch key from '$key_url'" ;; esac mkdir -p "$ROOT"/root/.ssh echo "$authorized_key" >> "$ROOT"/root/.ssh/authorized_keys fi