init: nasp-jumpserver

nasp-jumpserver/Dockerfile

@@ -0,0 +1,15 @@
+FROM docker.io/alpine
+
+RUN apk add --no-cache openssh git sudo tmux vim bash zsh curl wget coreutils util-linux tzdata \
+  && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && echo "Asia/Shanghai" > /etc/timezone
+
+COPY sshd_config /etc/ssh/sshd_config
+
+RUN cd /opt && git clone https://git.nasp.ob.ac.cn/NASP/registry \
+  && ./registry/scripts/jumpserver_deploy.sh \
+  && curl dotfiles.cn | bash -s - -l -u root \
+  && sed -i 's?root:x:0:0:root:/root:/bin/ash?root:x:0:0:root:/root:/bin/zsh?' /etc/passwd \
+  && sed -i 's?ssh:x:1000:1000:jumpserver user ssh:/home/ssh:/bin/ash?ssh:x:1000:1000:jumpserver user ssh:/home/ssh:/bin/bash?' /etc/passwd
+
+EXPOSE 22
+ENTRYPOINT ["/etc/startup.sh"]

nasp-jumpserver/sshd_config

@@ -0,0 +1,15 @@
+Port 22
+
+# Authentication:
+LoginGraceTime 30s
+PermitRootLogin prohibit-password
+StrictModes yes
+MaxAuthTries 6
+MaxSessions 10
+PubkeyAuthentication yes
+AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
+PasswordAuthentication no
+AllowAgentForwarding yes
+
+# override default of no subsystems
+Subsystem       sftp    internal-sftp

nasp-jumpserver/startup.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+set -e
+
+crond
+/etc/init.d/sshd start
+bash