Merge branch 'belsander/master'

ofilla · ofilla · commit c7785bf222a3 · 2025-02-20T20:41:00.000+01:00
diff --git a/Dockerfile b/Dockerfile
@@ -1,14 +1,18 @@
 FROM alpine:latest
 
 LABEL org.opencontainers.image.authors="Oliver Filla <https://github.com/ofilla>, Carlos Bernárdez <carlos@z4studios.com>"
+LABEL maintainer='Carlos Bernárdez <carlos@z4studios.com>'
 
 RUN apk add --no-cache openssh git
 
 # -D flag avoids password generation
 # -s flag changes user's shell
 RUN adduser -D -s /usr/bin/git-shell git \
     && passwd -u git \
-    && mkdir -p /git-server/keys /git-server/repos ~git/.ssh
+    && mkdir -p /git-server/keys /git-server/repos /opt/etc/ssh ~git/.ssh
+
+WORKDIR /git-server/
+
 
 # This is a login shell for SSH accounts to provide restricted Git access.
 # It permits execution only of server-side Git commands implementing the
@@ -23,4 +27,5 @@ COPY start.sh start.sh
 
 EXPOSE 22
 
+VOLUME ["/git-server/keys", "/opt/etc/ssh", "/git-server/repos"]
 CMD ["sh", "start.sh"]
diff --git a/README.md b/README.md
@@ -63,6 +63,7 @@ $ git clone ssh://git@<ip-docker-server>:2222/git-server/repos/myrepo.git
 * **Volumes**:
   * `/git-server/keys`: Volume to store the users public keys
   * `/git-server/repos`: Volume to store the repositories
+  * `/git-server/host-keys`: Volume to store the SSHd host keys
 
 ### SSH Keys
 
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -9,4 +9,8 @@ services:
     volumes:
     - ${GIT_SERVER_KEYS_DIR:-~/git-server/keys}:/git-server/keys:ro
     - ${GIT_SERVER_REPO_DIR:-~/git-server/repos}:/git-server/repos
+    - host_keys:/opt/etc/ssh
 
+volumes:
+  host_keys:
+    name: git-server-host-keys
diff --git a/git-shell-commands/no-interactive-login b/git-shell-commands/no-interactive-login
@@ -2,4 +2,16 @@
 printf '%s\n' "Welcome to git-server-docker!"
 printf '%s\n' "You've successfully authenticated, but I do not"
 printf '%s\n' "provide interactive shell access."
+
+printf '\n'
+printf '%s\n' "The following repositories are available:"
+for REPO in /git-server/repos/*
+do
+  printf '%s\n' " - $(basename ${REPO%.git})"
+done
+
+printf '\n'
+printf '%s\n' "To clone, use the following URL:"
+printf '%s\n' "ssh://git@<SERVER>:<PORT>/git-server/repos/<REPO_NAME>.git"
+
 exit 128
diff --git a/sshd_config b/sshd_config
@@ -7,3 +7,8 @@ AllowUsers git
 X11Forwarding no
 AllowTcpForwarding no
 PermitTTY no
+
+# host keys at different path
+HostKey /opt/etc/ssh/ssh_host_rsa_key
+HostKey /opt/etc/ssh/ssh_host_ecdsa_key
+HostKey /opt/etc/ssh/ssh_host_ed25519_key
diff --git a/start.sh b/start.sh
@@ -8,7 +8,7 @@ _term() {
 trap _term SIGTERM
 
 # generate host keys, if required
-ssh-keygen -A
+ssh-keygen -A -f /opt
 
 # If there are some public keys in keys folder
 # then it copies its contain in authorized_keys file
