Refs #72026 - Add support for multiple authorized ssh keys

2016-06-15 17:17:32 +03:00 · 2016-06-15 17:17:32 +03:00 · 7da81a28a1
commit 7da81a28a1
parent e9ae9dea8c
2 changed files with 21 additions and 13 deletions
--- a/Readme.md
+++ b/Readme.md
@ -7,7 +7,7 @@ A simple rsync server/client Docker image to easily rsync data within Docker vol
 Get files from remote server within a `docker volume`:

    $ docker run --rm -v blobstorage:/data/ eeacms/rsync \
-                 rsync -avz user@remote.server.domain.or.ip:/var/local/blobs/ /data/
+             rsync -avzx --numeric-ids user@remote.server.domain.or.ip:/var/local/blobs/ /data/

 Get files from `remote server` to a `data container`:

@ -23,7 +23,7 @@ Start client to pack and sync every night:

    $ docker run --name=rsync_client -v client_vol_to_sync:/data \
                 -e CRON_TASK_1="0 1 * * * /data/pack-db.sh" \
-                 -e CRON_TASK_2="0 3 * * * rsync -e 'ssh -p 2222 -o StrictHostKeyChecking=no' -avz root@foo.bar.com:/data/ /data/" \
+                 -e CRON_TASK_2="0 3 * * * rsync -e 'ssh -p 2222' -aqx --numeric-ids root@foo.bar.com:/data/ /data/" \
             eeacms/rsync client

 Copy the client SSH public key printed found in console
@ -33,7 +33,8 @@ Copy the client SSH public key printed found in console
 Start server on `foo.bar.com`

    # docker run --name=rsync_server -d -p 2222:22 -v server_vol_to_sync:/data \
-                 -e SSH_AUTH_KEY="<SSH KEY FROM rsync_client>" \
+                 -e SSH_AUTH_KEY_1="<SSH KEY FROM rsync_client>" \
+                 -e SSH_AUTH_KEY_n="<SSH KEY FROM rsync_client_n>" \
             eeacms/rsync server

 ### Verify that it works
@ -46,5 +47,5 @@ Add `test` file on server:
 Bring the `file` on client:

    $ docker exec -it rsync_client sh
-      $ rsync -e 'ssh -p 2222 -o StrictHostKeyChecking=no' -avz root@foo.bar.com:/data/ /data/
+      $ rsync -e 'ssh -p 2222' -avz root@foo.bar.com:/data/ /data/
      $ ls -l /data/
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@ -4,16 +4,23 @@
 # INIT
 ################################################################################

-# Provide SSH AUTHORIZED KEY via environment variable
-if [ ! -z "$SSH_AUTH_KEY" ]; then
 mkdir -p /root/.ssh
-  echo "$SSH_AUTH_KEY" > /root/.ssh/authorized_keys
+> /root/.ssh/authorized_keys
 chmod go-rwx /root/.ssh/authorized_keys
 sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
-fi

-# Provide CRON_TASK via environment variable
-echo '' > /etc/crontabs/root
+# Provide SSH_AUTHORIZED_KEY_* via environment variable
+for item in `env`; do
+   case "$item" in
+       SSH_AUTHORIZED_KEY*)
+            ENVVAR=`echo $item | cut -d \= -f 1`
+            printenv $ENVVAR >> /root/.ssh/authorized_keys
+            ;;
+   esac
+done
+
+# Provide CRON_TASK_* via environment variable
+> /etc/crontabs/root
 for item in `env`; do
   case "$item" in
       CRON_TASK*)