termius · EvgeneOskin · Oct 26, 2023 · Oct 10, 2023 · Oct 16, 2023
diff --git a/README.md b/README.md
@@ -72,6 +72,9 @@ When you want to add new server configuration follow step below:
 |                putty                 |          2237           |     sa      |      -      | [putty key](/keys/putty_rsa)<br/>[encrypted putty key](/keys/putty_rsa_encrypted) |
 |               tinyssh                |          2238           |     sa      |      -      |                          [ed25519 key](/keys/id_ed25519)                          |
 |     keyboard-interactive-custom      |          2239           |     sa      |      -      |                                         -                                         |
+|             hostkey-rsa              |          2255           |     sa      |    pass     |                                         -                                         |
+|           hostkey-ed25519            |          2256           |     sa      |    pass     |                                         -                                         |
+|            hostkey-multi             |          2257           |     sa      |    pass     |                                         -                                         |
 
 Passphrase for [`keys/id_rsa_encrypted`](/keys/id_rsa_encrypted) is `termius-test`.
 

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -670,6 +670,48 @@ services:
     ports:
       - '2251:22'
 
+  hostkey-rsa:
+    mem_limit: 64m
+    build:
+      context: .
+      dockerfile: hostkey-order/Dockerfile
+    environment:
+      ADMIN: sa
+      ADMIN_PASS: pass
+      CONFIG: pass/sshd_config
+      HOST_KEY_NAME: ssh_host_rsa_key
+    restart: "unless-stopped"
+    ports:
+      - '2255:22'
+
+  hostkey-ed25519:
+    mem_limit: 64m
+    build:
+      context: .
+      dockerfile: hostkey-order/Dockerfile
+    environment:
+      ADMIN: sa
+      ADMIN_PASS: pass
+      CONFIG: pass/sshd_config
+      HOST_KEY_NAME: ssh_host_ed25519_key
+    restart: "unless-stopped"
+    ports:
+      - '2256:22'
+
+  hostkey-multi:
+    mem_limit: 64m
+    build:
+      context: .
+      dockerfile: hostkey-order/Dockerfile
+    environment:
+      ADMIN: sa
+      ADMIN_PASS: pass
+      CONFIG: pass/sshd_config
+      HOST_KEY_NAME: ssh_host_rsa_key ssh_host_ed25519_key
+    restart: "unless-stopped"
+    ports:
+      - '2257:22'
+
 networks:
   pf-case-keystorage:
     ipam:

diff --git a/hostkey-order/Dockerfile b/hostkey-order/Dockerfile
@@ -0,0 +1,28 @@
+FROM ubuntu:20.04
+
+RUN apt-get update -y && apt-get install -y locales && \
+  locale-gen en_US.UTF-8 && update-locale LC_ALL="en_US.UTF-8"
+ENV LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update -y && apt-get upgrade -y && \
+  apt-get install -y openssh-server gettext-base syslog-ng \
+    tmux byobu emacs vim mc htop curl nano \
+    bb cmatrix libaa-bin \
+    zsh git
+
+RUN apt-get install -y pass
+
+ADD sshd_configs_raw /tmp/
+ADD keys /tmp/
+
+ADD hostkey-order/entrypoint.sh /usr/bin/entrypoint.sh
+RUN chmod +x /usr/bin/entrypoint.sh
+
+ADD sanitize-auth-log.sh /usr/bin/sanitize-auth-log.sh
+RUN chmod +x /usr/bin/sanitize-auth-log.sh
+
+ADD zshrc /tmp/
+
+ENTRYPOINT ["/usr/bin/entrypoint.sh"]
+CMD /usr/sbin/sshd -D
+
diff --git a/hostkey-order/entrypoint.sh b/hostkey-order/entrypoint.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+# Copyright (c) 2020 Termius Corporation.
+
+create_user() {
+    groupadd remote
+    useradd -s /bin/bash -d /home/$1 -G remote -m $1
+
+    git clone --depth=1 https://github.com/romkatv/powerlevel10k.git /home/$1/powerlevel10k
+    echo "source ~/powerlevel10k/powerlevel10k.zsh-theme" >>/home/$1/.zshrc
+    echo "source /tmp/zshrc" >>/home/$1/.zshrc
+    (cat /tmp/bashrc > /home/$1/.bashrc)
+}
+
+add_credential() {
+    mkdir -p /home/$1/.ssh/
+    echo "$ADMIN:$ADMIN_PASS" | chpasswd
+    cp /tmp/bash_logout /home/$1/.bash_logout
+    chown -R $1:remote /home/$1/.bash_logout
+
+    if [ -n "${PRIVATE_KEY_NAME}" ]; then
+        PUB_KEY="$PRIVATE_KEY_NAME.pub"
+
+        cp /tmp/$PRIVATE_KEY_NAME /home/$1/.ssh/id_rsa
+        cp /tmp/$PUB_KEY /home/$1/.ssh/id_rsa.pub
+
+        chmod 400 /home/$1/.ssh/id_rsa
+        chown -R $1:remote /home/$1/.ssh/
+    fi
+}
+
+envsubst < /tmp/$CONFIG > "/etc/ssh/sshd_config"
+
+mkdir /var/run/sshd
+
+create_user $ADMIN
+add_credential $ADMIN $ADMIN_PASS
+
+touch /var/log/auth.log
+chmod 666 /var/log/auth.log
+
+/usr/sbin/syslog-ng -F &
+/bin/sanitize-auth-log.sh &
+
+rm /etc/ssh/ssh_host_*
+
+if [ -n "${HOST_KEY_NAME}" ]; then
+  # shellcheck disable=SC2066
+  for KEY in ${HOST_KEY_NAME}
+  do
+    cp "/tmp/${KEY}" /etc/ssh/
+  done
+fi
+
+echo 'Start daemon'
+echo "$@"
+exec "$@"
diff --git a/keys/ssh_host_ed25519_key b/keys/ssh_host_ed25519_key
@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACC9m50Dr8kvK8WWNJWpgUsfXPyhZ8E7vWlEy2Enkxmu2AAAAKiu9ecArvXn
+AAAAAAtzc2gtZWQyNTUxOQAAACC9m50Dr8kvK8WWNJWpgUsfXPyhZ8E7vWlEy2Enkxmu2A
+AAAECLan9MmLK583qSFaBTw83vgwfkFZlQZheiNfqNMfm4/b2bnQOvyS8rxZY0lamBSx9c
+/KFnwTu9aUTLYSeTGa7YAAAAHnNoZXJvdkBJdmFucy1NYWNCb29rLVByby5sb2NhbAECAw
+QFBgc=
+-----END OPENSSH PRIVATE KEY-----
diff --git a/keys/ssh_host_ed25519_key.pub b/keys/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL2bnQOvyS8rxZY0lamBSx9c/KFnwTu9aUTLYSeTGa7Y [email protected]
diff --git a/keys/ssh_host_rsa_key b/keys/ssh_host_rsa_key
@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEAt7lQbg1EYfl3gVsVyHJzIRn96GuNVAhiPlNm9aI29QPfdX73s1p9
+ObgsdkW8UUFwEdHCrzoFA40uWbmVlbA3XcI3lp97FxdZBIZNbNkmWsvM3nlUI4p3vEZ61+
+bJrTAH/SgGwDum3ABBvP5+ykp0bqYe0puFQyOl41D1UQOyKbP5dPPEXEy5vX717PcyNvFB
+8J47+HZlMQyzklkOPjLjWl4D2KuD05SEOgrWyrZZDZMNBQT5+BEZ8gDh0yCNuS21rAq+AH
+UTa4fMI/1OC81ytMyR2Q+c8j4bBh+tSv3mqySyUKLj1zE3KrFE273te0rfp5NGcbGR0zdO
+35RfftqHao7i145cbMO3X/2grinengtMLTczUHa7nV5riMUnDGGq2plzjmUvztGhf7YqWU
+leEObR4l2lV5U20OUEomlIXjZcvQrK//zCZ1YybEZwLgf5poaMaDWnrSvyPaZuB6/z6s9Z
+tXa1jQ0ssQBhEbDpdyaPmSKxUzfA8Iv3J4IqQaeTAAAFmB8pOCwfKTgsAAAAB3NzaC1yc2
+EAAAGBALe5UG4NRGH5d4FbFchycyEZ/ehrjVQIYj5TZvWiNvUD33V+97NafTm4LHZFvFFB
+cBHRwq86BQONLlm5lZWwN13CN5afexcXWQSGTWzZJlrLzN55VCOKd7xGetfmya0wB/0oBs
+A7ptwAQbz+fspKdG6mHtKbhUMjpeNQ9VEDsimz+XTzxFxMub1+9ez3MjbxQfCeO/h2ZTEM
+s5JZDj4y41peA9irg9OUhDoK1sq2WQ2TDQUE+fgRGfIA4dMgjbkttawKvgB1E2uHzCP9Tg
+vNcrTMkdkPnPI+GwYfrUr95qskslCi49cxNyqxRNu97XtK36eTRnGxkdM3Tt+UX37ah2qO
+4teOXGzDt1/9oK4p3p4LTC03M1B2u51ea4jFJwxhqtqZc45lL87RoX+2KllJXhDm0eJdpV
+eVNtDlBKJpSF42XL0Kyv/8wmdWMmxGcC4H+aaGjGg1p60r8j2mbgev8+rPWbV2tY0NLLEA
+YRGw6Xcmj5kisVM3wPCL9yeCKkGnkwAAAAMBAAEAAAGBAJPp61oe7k4exVrslTYDBrPAtE
+4ZwPfFpCrfhMX/qlVKn+59oTjRgn4kzA8Qh9O3Zl3CTgY7JOw+DvIH2ulfrMOcaJqonTXz
+AyUEZ3NZxGpXKAJ5FgdjJJD9AUuvL/Fx+QyU3BKKNAVtY3+gOT3uAZ1PuwL+WKS8H4NKm6
+Z03kx67Dx/QTi6QNPSUnZMci4PwHHTQx7/WurJeg06C6CB4c7QYDJhq8l9CZOdRF6BvmKS
+YGoJHqLcSdIvaaBL1i4fIITSfrkrDkcgDzGshOczEsM0bJbJ/kEtxLgZIYMzbDeuS3tasD
+lLWTZIAGlTu//qFK1iW4MhJQEquRfXIGpex/Y+uv418uguT5kEOnsdmenSR9Fn10kJYGo/
+sYw8prCcLQWtpmmeakJbLf0CT9bYXy9zNtREnILz5asY2ldFmYZL2ij5c51D/2NgpQldgG
+HVKNgw/ldbKABuJWiDhKwt1MOhHfOhqSmpUUVlXvpSGxmkljlsr775IvzQCEXls/XwAQAA
+AMBIG5tfJ1+qN8/4IKBzWK0fMODw+eUG1dzhQqe3KfT2FlbNbH60TL9zm6YPmEgBP9qhgt
+mt7Zrhwm5b7gs4fnt+1Z3UUjxOe6k2Vd8mYstoqkMRkfiYIPtKqRG9IaPMcwwY/NQ/kDyp
+U8756Xz1/m8+zBwU1fRr+q501L/+0He6i9YVhkzLxkCPjLV/rMdoY2LblGuJDSGi/5AgHv
+Zl0qPri7eOrzO0bEHv1ySGJq+2rNAO5c/DOndVJ5JQ7jRAqlIAAADBAO2Esj8mTMYl2wwz
+BI1liJm4eRfbtcLtoOCwpG6zS687Rh5u68p4UcbL9hQrdsdUcj3V/Ns+Ejr+mYVOrJ0Fpo
+Tu15/oVoq5kgibQ+aMIzDOMHN6DF7p0h3vYDaE6BeN2wo3U1zaRgxO2iMUpKc0wg1TBmUc
+1rf9xn3wSb3VkNKaKzVM5V4j9QrDSEoQd2oIwU+S+LiUl2ESrvM+UySFb1qcdsiL9kooZ5
+b4dovMFwf2PyCHpY5X6NCK315Dde8vkwAAAMEAxgUL1Ft3YUFxOkddqhenn7fqr11I2jjO
+JwQjyDH65UU6rfHUgT9H9oEMxKGUoFJgoEZAdrswcIAeAAzmvxOY4pqbyg3vawlROF8v1w
+U9+quSqoohlnGBp5taRYEMTSlVN5+QklLyfU0rKgi2fsBbNotgIRglAO2XNkEqHev2y4br
+rHP5xhUoDltC7sr0dxjICAgQVsduPdBjaWpYf4GEal1GR1pnj9oWHq5GlYzrGj+QgFrDNL
+X9+E+XVTKavqgBAAAAHnNoZXJvdkBJdmFucy1NYWNCb29rLVByby5sb2NhbAECAwQ=
+-----END OPENSSH PRIVATE KEY-----
diff --git a/keys/ssh_host_rsa_key.pub b/keys/ssh_host_rsa_key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3uVBuDURh+XeBWxXIcnMhGf3oa41UCGI+U2b1ojb1A991fvezWn05uCx2RbxRQXAR0cKvOgUDjS5ZuZWVsDddwjeWn3sXF1kEhk1s2SZay8zeeVQjine8RnrX5smtMAf9KAbAO6bcAEG8/n7KSnRuph7Sm4VDI6XjUPVRA7Ips/l088RcTLm9fvXs9zI28UHwnjv4dmUxDLOSWQ4+MuNaXgPYq4PTlIQ6CtbKtlkNkw0FBPn4ERnyAOHTII25LbWsCr4AdRNrh8wj/U4LzXK0zJHZD5zyPhsGH61K/earJLJQouPXMTcqsUTbve17St+nk0ZxsZHTN07flF9+2odqjuLXjlxsw7df/aCuKd6eC0wtNzNQdrudXmuIxScMYaramXOOZS/O0aF/tipZSV4Q5tHiXaVXlTbQ5QSiaUheNly9Csr//MJnVjJsRnAuB/mmhoxoNaetK/I9pm4Hr/Pqz1m1drWNDSyxAGERsOl3Jo+ZIrFTN8Dwi/cngipBp5M= [email protected]
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL2bnQOvyS8rxZY0lamBSx9c/KFnwTu9aUTLYSeTGa7Y [email protected]
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3uVBuDURh+XeBWxXIcnMhGf3oa41UCGI+U2b1ojb1A991fvezWn05uCx2RbxRQXAR0cKvOgUDjS5ZuZWVsDddwjeWn3sXF1kEhk1s2SZay8zeeVQjine8RnrX5smtMAf9KAbAO6bcAEG8/n7KSnRuph7Sm4VDI6XjUPVRA7Ips/l088RcTLm9fvXs9zI28UHwnjv4dmUxDLOSWQ4+MuNaXgPYq4PTlIQ6CtbKtlkNkw0FBPn4ERnyAOHTII25LbWsCr4AdRNrh8wj/U4LzXK0zJHZD5zyPhsGH61K/earJLJQouPXMTcqsUTbve17St+nk0ZxsZHTN07flF9+2odqjuLXjlxsw7df/aCuKd6eC0wtNzNQdrudXmuIxScMYaramXOOZS/O0aF/tipZSV4Q5tHiXaVXlTbQ5QSiaUheNly9Csr//MJnVjJsRnAuB/mmhoxoNaetK/I9pm4Hr/Pqz1m1drWNDSyxAGERsOl3Jo+ZIrFTN8Dwi/cngipBp5M= [email protected]