Added support to enable a ssh-server.

Signed-off-by: Hermann Mayer <[email protected]>
hausgold · Aug 19, 2024 · 9756b4b · 9756b4b
1 parent 42314bb
commit 9756b4b
Show file tree

Hide file tree

Showing 12 changed files with 177 additions and 5 deletions.
diff --git a/4.4/Dockerfile b/4.4/Dockerfile
@@ -10,7 +10,8 @@ ENV MDNS_HOSTNAME=neo4j.local
 # Install system packages
 RUN apt-get update -yqqq && \
   apt-get install -y \
-    dbus avahi-daemon avahi-utils libnss-mdns haproxy supervisor
+    dbus avahi-daemon avahi-utils libnss-mdns haproxy supervisor \
+    openssh-server
 
 # Copy custom scripts
 COPY config/*.sh /usr/local/bin/

diff --git a/4.4/config/avahi.sh b/4.4/config/avahi.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 NSS_MDNS=$(dpkg -s libnss-mdns | grep Version: \
   | cut -d: -f2 | cut -d- -f1 | tr -d ' ')

diff --git a/4.4/config/sshd.sh b/4.4/config/sshd.sh
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+# We allow to start an SSH server inside the container to enable the
+# programmatically access to neo4j tooling. This is disabled by default.
+export SSHD_ENABLE=${SSHD_ENABLE:-'false'}
+export SSHD_CUSTOM_CONIFG=${SSHD_CUSTOM_CONIFG:-'false'}
+export SSHD_ROOT_PASSWORD=${SSHD_ROOT_PASSWORD:-'root'}
+
+# When this feature is disabled, we just do nothing. Forever.
+if [ "${SSHD_ENABLE}" != 'true' ]; then
+  tail -f /dev/null
+  exit $?
+fi
+
+# Prepare the environment for dbus
+mkdir -p /run/sshd
+chmod 0755 /run/sshd
+
+# We allow our users to supply a custom sshd config,
+# so we do not overwrite their file contents
+if [ "${SSHD_CUSTOM_CONIFG}" = 'false' ]; then
+  cat >/etc/ssh/sshd_config <<'EOF'
+UsePAM no
+PermitRootLogin yes
+PasswordAuthentication yes
+ChallengeResponseAuthentication no
+PermitEmptyPasswords yes
+MaxAuthTries 20
+StrictModes no
+EOF
+fi
+
+# Preserve the current environment variables for ssh sessions
+env | grep -P '(.+_|PATH)' | sed 's/^/export /g' >> /etc/environment
+echo 'source /etc/environment' >> /root/.bashrc
+
+# Change the root password to the configured one
+echo "root:${SSHD_ROOT_PASSWORD}" | chpasswd
+
+# Start the ssh daemon
+exec /usr/sbin/sshd -D -e
diff --git a/4.4/config/supervisor/sshd.conf b/4.4/config/supervisor/sshd.conf
@@ -0,0 +1,14 @@
+[program:sshd]
+priority=10
+startretries=20
+directory=/tmp
+command=/usr/local/bin/sshd.sh
+user=root
+autostart=true
+autorestart=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=KILL
+stopwaitsecs=1
diff --git a/5.3/Dockerfile b/5.3/Dockerfile
@@ -10,7 +10,8 @@ ENV MDNS_HOSTNAME=neo4j.local
 # Install system packages
 RUN apt-get update -yqqq && \
   apt-get install -y \
-    dbus avahi-daemon avahi-utils libnss-mdns haproxy supervisor
+    dbus avahi-daemon avahi-utils libnss-mdns haproxy supervisor \
+    openssh-server
 
 # Copy custom scripts
 COPY config/*.sh /usr/local/bin/

diff --git a/5.3/config/avahi.sh b/5.3/config/avahi.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 NSS_MDNS=$(dpkg -s libnss-mdns | grep Version: \
   | cut -d: -f2 | cut -d- -f1 | tr -d ' ')

diff --git a/5.3/config/sshd.sh b/5.3/config/sshd.sh
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+# We allow to start an SSH server inside the container to enable the
+# programmatically access to neo4j tooling. This is disabled by default.
+export SSHD_ENABLE=${SSHD_ENABLE:-'false'}
+export SSHD_CUSTOM_CONIFG=${SSHD_CUSTOM_CONIFG:-'false'}
+export SSHD_ROOT_PASSWORD=${SSHD_ROOT_PASSWORD:-'root'}
+
+# When this feature is disabled, we just do nothing. Forever.
+if [ "${SSHD_ENABLE}" != 'true' ]; then
+  tail -f /dev/null
+  exit $?
+fi
+
+# Prepare the environment for dbus
+mkdir -p /run/sshd
+chmod 0755 /run/sshd
+
+# We allow our users to supply a custom sshd config,
+# so we do not overwrite their file contents
+if [ "${SSHD_CUSTOM_CONIFG}" = 'false' ]; then
+  cat >/etc/ssh/sshd_config <<'EOF'
+UsePAM no
+PermitRootLogin yes
+PasswordAuthentication yes
+ChallengeResponseAuthentication no
+PermitEmptyPasswords yes
+MaxAuthTries 20
+StrictModes no
+EOF
+fi
+
+# Preserve the current environment variables for ssh sessions
+env | grep -P '(.+_|PATH)' | sed 's/^/export /g' >> /etc/environment
+echo 'source /etc/environment' >> /root/.bashrc
+
+# Change the root password to the configured one
+echo "root:${SSHD_ROOT_PASSWORD}" | chpasswd
+
+# Start the ssh daemon
+exec /usr/sbin/sshd -D -e
diff --git a/5.3/config/supervisor/sshd.conf b/5.3/config/supervisor/sshd.conf
@@ -0,0 +1,14 @@
+[program:sshd]
+priority=10
+startretries=20
+directory=/tmp
+command=/usr/local/bin/sshd.sh
+user=root
+autostart=true
+autorestart=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=KILL
+stopwaitsecs=1
diff --git a/README.md b/README.md
@@ -40,6 +40,11 @@ neo4j:
   environment:
     # Mind the .local suffix
     - MDNS_HOSTNAME=neo4j.test.local
+    # We allow to start an SSH server inside the container to enable the
+    # programmatically access to neo4j tooling. This is disabled by default.
+    - SSHD_ENABLE=false
+    - SSHD_ROOT_PASSWORD=root
+    - SSHD_CUSTOM_CONIFG=false
   ports:
     # The ports are just for you to know when configure your
     # container links, on depended containers

diff --git a/config/avahi.sh b/config/avahi.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 NSS_MDNS=$(dpkg -s libnss-mdns | grep Version: \
   | cut -d: -f2 | cut -d- -f1 | tr -d ' ')

diff --git a/config/sshd.sh b/config/sshd.sh
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+# We allow to start an SSH server inside the container to enable the
+# programmatically access to neo4j tooling. This is disabled by default.
+export SSHD_ENABLE=${SSHD_ENABLE:-'false'}
+export SSHD_CUSTOM_CONIFG=${SSHD_CUSTOM_CONIFG:-'false'}
+export SSHD_ROOT_PASSWORD=${SSHD_ROOT_PASSWORD:-'root'}
+
+# When this feature is disabled, we just do nothing. Forever.
+if [ "${SSHD_ENABLE}" != 'true' ]; then
+  tail -f /dev/null
+  exit $?
+fi
+
+# Prepare the environment for dbus
+mkdir -p /run/sshd
+chmod 0755 /run/sshd
+
+# We allow our users to supply a custom sshd config,
+# so we do not overwrite their file contents
+if [ "${SSHD_CUSTOM_CONIFG}" = 'false' ]; then
+  cat >/etc/ssh/sshd_config <<'EOF'
+UsePAM no
+PermitRootLogin yes
+PasswordAuthentication yes
+ChallengeResponseAuthentication no
+PermitEmptyPasswords yes
+MaxAuthTries 20
+StrictModes no
+EOF
+fi
+
+# Preserve the current environment variables for ssh sessions
+env | grep -P '(.+_|PATH)' | sed 's/^/export /g' >> /etc/environment
+echo 'source /etc/environment' >> /root/.bashrc
+
+# Change the root password to the configured one
+echo "root:${SSHD_ROOT_PASSWORD}" | chpasswd
+
+# Start the ssh daemon
+exec /usr/sbin/sshd -D -e
diff --git a/config/supervisor/sshd.conf b/config/supervisor/sshd.conf
@@ -0,0 +1,14 @@
+[program:sshd]
+priority=10
+startretries=20
+directory=/tmp
+command=/usr/local/bin/sshd.sh
+user=root
+autostart=true
+autorestart=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=KILL
+stopwaitsecs=1