4 # lxc: linux Container library
7 # Daniel Lezcano <daniel.lezcano@free.fr>
9 # This library is free software; you can redistribute it and/or
10 # modify it under the terms of the GNU Lesser General Public
11 # License as published by the Free Software Foundation; either
12 # version 2.1 of the License, or (at your option) any later version.
14 # This library is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 # Lesser General Public License for more details.
19 # You should have received a copy of the GNU Lesser General Public
20 # License along with this library; if not, write to the Free Software
21 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
28 $rootfs/var/run/sshd \
29 $rootfs/var/empty/sshd \
30 $rootfs/var/lib/empty/sshd \
56 cat <<EOF > $rootfs/etc/passwd
57 root:x:0:0:root:/root:/bin/bash
58 sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
61 cat <<EOF > $rootfs/etc/group
66 ssh-keygen -t rsa -f $rootfs/etc/ssh/ssh_host_rsa_key
67 ssh-keygen -t dsa -f $rootfs/etc/ssh/ssh_host_dsa_key
69 # by default setup root password with no password
70 cat <<EOF > $rootfs/etc/ssh/sshd_config
73 HostKey /etc/ssh/ssh_host_rsa_key
74 HostKey /etc/ssh/ssh_host_dsa_key
75 UsePrivilegeSeparation yes
76 KeyRegenerationInterval 3600
84 PubkeyAuthentication yes
86 RhostsRSAAuthentication no
87 HostbasedAuthentication no
88 PermitEmptyPasswords yes
89 ChallengeResponseAuthentication no
92 if [ -n "$auth_key" -a -f "$auth_key" ]; then
94 root_u_path="$rootfs/$u_path"
96 cp $auth_key "$root_u_path/authorized_keys"
97 chown -R 0:0 "$rootfs/$u_path"
98 chmod 700 "$rootfs/$u_path"
100 echo "Inserted SSH public key from $auth_key into /home/ubuntu/.ssh/authorized_keys"
112 grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
113 cat <<EOF >> $path/config
116 # uncomment the next line to run the container unconfined:
117 #lxc.aa_profile = unconfined
118 lxc.mount.entry=/dev dev none ro,bind 0 0
119 lxc.mount.entry=/lib lib none ro,bind 0 0
120 lxc.mount.entry=/bin bin none ro,bind 0 0
121 lxc.mount.entry=/usr usr none ro,bind 0 0
122 lxc.mount.entry=/sbin sbin none ro,bind 0 0
123 lxc.mount.entry=tmpfs var/run/sshd tmpfs mode=0644 0 0
124 lxc.mount.entry=/usr/share/lxc/templates/lxc-sshd sbin/init none bind 0 0
125 lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
128 # if no .ipv4 section in config, then have the container run dhcp
129 grep -q "^lxc.network.ipv4" $path/config || touch $rootfs/run-dhcp
131 if [ "$(uname -m)" = "x86_64" ]; then
132 cat <<EOF >> $path/config
133 lxc.mount.entry=/lib64 lib64 none ro,bind 0 0
141 $1 -h|--help -p|--path=<path>
146 options=$(getopt -o hp:n:S: -l help,path:,name:,auth-key: -- "$@")
147 if [ $? -ne 0 ]; then
151 eval set -- "$options"
156 -h|--help) usage $0 && exit 0;;
157 -p|--path) path=$2; shift 2;;
158 -n|--name) name=$2; shift 2;;
159 -S|--auth-key) auth_key=$2; shift 2;;
160 --) shift 1; break ;;
165 if [ "$(id -u)" != "0" ]; then
166 echo "This script should be run as 'root'"
170 if [ $0 == "/sbin/init" ]; then
172 type ${libexecdir}/lxc-init
173 if [ $? -ne 0 ]; then
174 echo "'lxc-init is not accessible on the system"
179 if [ $? -ne 0 ]; then
180 echo "'sshd' is not accessible on the system "
185 if [ -f /run-dhcp ]; then
187 if [ $? -ne 0 ]; then
188 echo "can't find dhclient"
193 cat > /dhclient.conf << EOF
194 send host-name "<hostname>";
197 dhclient eth0 -cf /dhclient.conf
200 exec ${libexecdir}/lxc-init -- /usr/sbin/sshd
204 if [ -z "$path" ]; then
205 echo "'path' parameter is required"
210 config="$path/config"
211 if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
212 rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
218 if [ $? -ne 0 ]; then
219 echo "failed to install sshd's rootfs"
223 configure_sshd $rootfs
224 if [ $? -ne 0 ]; then
225 echo "failed to configure sshd template"
229 copy_configuration $path $rootfs $name
230 if [ $? -ne 0 ]; then
231 echo "failed to write configuration file"