From 7da81a28a155cc07047364d1a8932ca8168349d1 Mon Sep 17 00:00:00 2001 From: Alin Voinea Date: Wed, 15 Jun 2016 17:17:32 +0300 Subject: [PATCH] Refs #72026 - Add support for multiple authorized ssh keys --- Readme.md | 9 +++++---- docker-entrypoint.sh | 25 ++++++++++++++++--------- 2 files changed, 21 insertions(+), 13 deletions(-) diff --git a/Readme.md b/Readme.md index 237d52f..621a938 100644 --- a/Readme.md +++ b/Readme.md @@ -7,7 +7,7 @@ A simple rsync server/client Docker image to easily rsync data within Docker vol Get files from remote server within a `docker volume`: $ docker run --rm -v blobstorage:/data/ eeacms/rsync \ - rsync -avz user@remote.server.domain.or.ip:/var/local/blobs/ /data/ + rsync -avzx --numeric-ids user@remote.server.domain.or.ip:/var/local/blobs/ /data/ Get files from `remote server` to a `data container`: @@ -23,7 +23,7 @@ Start client to pack and sync every night: $ docker run --name=rsync_client -v client_vol_to_sync:/data \ -e CRON_TASK_1="0 1 * * * /data/pack-db.sh" \ - -e CRON_TASK_2="0 3 * * * rsync -e 'ssh -p 2222 -o StrictHostKeyChecking=no' -avz root@foo.bar.com:/data/ /data/" \ + -e CRON_TASK_2="0 3 * * * rsync -e 'ssh -p 2222' -aqx --numeric-ids root@foo.bar.com:/data/ /data/" \ eeacms/rsync client Copy the client SSH public key printed found in console @@ -33,7 +33,8 @@ Copy the client SSH public key printed found in console Start server on `foo.bar.com` # docker run --name=rsync_server -d -p 2222:22 -v server_vol_to_sync:/data \ - -e SSH_AUTH_KEY="" \ + -e SSH_AUTH_KEY_1="" \ + -e SSH_AUTH_KEY_n="" \ eeacms/rsync server ### Verify that it works @@ -46,5 +47,5 @@ Add `test` file on server: Bring the `file` on client: $ docker exec -it rsync_client sh - $ rsync -e 'ssh -p 2222 -o StrictHostKeyChecking=no' -avz root@foo.bar.com:/data/ /data/ + $ rsync -e 'ssh -p 2222' -avz root@foo.bar.com:/data/ /data/ $ ls -l /data/ diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 1ea3bb3..c618619 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -4,16 +4,23 @@ # INIT ################################################################################ -# Provide SSH AUTHORIZED KEY via environment variable -if [ ! -z "$SSH_AUTH_KEY" ]; then - mkdir -p /root/.ssh - echo "$SSH_AUTH_KEY" > /root/.ssh/authorized_keys - chmod go-rwx /root/.ssh/authorized_keys - sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config -fi +mkdir -p /root/.ssh +> /root/.ssh/authorized_keys +chmod go-rwx /root/.ssh/authorized_keys +sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config -# Provide CRON_TASK via environment variable -echo '' > /etc/crontabs/root +# Provide SSH_AUTHORIZED_KEY_* via environment variable +for item in `env`; do + case "$item" in + SSH_AUTHORIZED_KEY*) + ENVVAR=`echo $item | cut -d \= -f 1` + printenv $ENVVAR >> /root/.ssh/authorized_keys + ;; + esac +done + +# Provide CRON_TASK_* via environment variable +> /etc/crontabs/root for item in `env`; do case "$item" in CRON_TASK*)