Add SSHD for manipulating server files

Signed-off-by: Timo Reichl <[email protected]>

Author: Timo Reichl

image/base/.dockerignore

@@ -1 +1,3 @@
-Dockerfile
+*
+!/etc
+!/usr

image/base/Dockerfile

@@ -43,6 +43,15 @@ RUN sed -i '/\[main\]/a install_weak_deps=False' /etc/dnf/dnf.conf && \
         # required packages for SteamCMD
         ncurses-libs.i686 \
         SDL2.i686 \
+        # SSHD and editors for modifying server files externally
+        openssh-server \
+        vim \
+        nano \
+    && \
+        # Remve preinstalled SSHD configs but keep steamcmd.conf
+        mv /etc/ssh/sshd_config.d/steamcmd.conf /tmp/steamcmd.conf && \
+        rm -f /etc/ssh/sshd_config.d/* && \
+        mv /tmp/steamcmd.conf /etc/ssh/sshd_config.d/steamcmd.conf \
     && \
         # Update CA trust
         update-ca-trust \
@@ -86,7 +95,8 @@ RUN sed -i '/\[main\]/a install_weak_deps=False' /etc/dnf/dnf.conf && \
             /usr/bin/su \
             /usr/sbin/pam_timestamp_check \
             /usr/libexec/utempter/utempter \
-            /usr/bin/write
+            /usr/bin/write \
+            /usr/libexec/openssh/ssh-keysign
 
 # Switch to SteamCMD user
 USER steamcmd

image/base/etc/ssh/sshd_config.d/steamcmd.conf

@@ -0,0 +1,10 @@
+PermitRootLogin no
+PubkeyAuthentication yes
+PasswordAuthentication no
+UsePAM yes
+
+AuthorizedKeysFile %h/.ssh/authorized_keys
+
+HostKey /opt/ssh/ssh_host_rsa_key
+HostKey /opt/ssh/ssh_host_ecdsa_key
+HostKey /opt/ssh/ssh_host_ed25519_key

image/games/base/docker-entrypoint.sh

@@ -3,6 +3,17 @@
 # Set original entrypoint
 set -- tini -- start.sh ${@}
 
+# Helper function to fix host keys should they not exist
+prepare_ssh_host_key() {
+    host_key_type="${1}"
+    host_key_path="/opt/ssh/ssh_host_${host_key_type}_key"
+
+    if [[ ! -f ${host_key_path} ]]; then
+        rm -f "${host_key_path}*"
+        ssh-keygen -q -N "" -t ${host_key_type} -f ${host_key_path}
+    fi
+}
+
 # Fix file and directory permissions if run as root
 if [ $(id -u) -eq 0 ]; then
 
@@ -32,6 +43,31 @@ if [ $(id -u) -eq 0 ]; then
     mkdir -p ${tmux_socket_dir}
     chown -R steamcmd:steamcmd ${tmux_socket_dir}
 
+    if [[ "${STEAMCMD_SSH_SERVER_ENABLE}" == "1" ]]; then
+        # Prepare SSH server
+        echo "Preparing SSH server..."
+        mkdir -p "${STEAMCMD_USER_HOME}/.ssh"
+
+        echo -n "${STEAMCMD_SSH_AUTHORIZED_KEYS}" | base64 -d > "${STEAMCMD_USER_HOME}/.ssh/authorized_keys"
+
+        if [ $? -ne 0 ]; then
+            echo "${STEAMCMD_SSH_AUTHORIZED_KEYS}" > "${STEAMCMD_USER_HOME}/.ssh/authorized_keys"
+        fi
+
+        chown -R steamcmd:steamcmd "${STEAMCMD_USER_HOME}/.ssh"
+        chmod 0700 "${STEAMCMD_USER_HOME}/.ssh"
+        chmod 0600 "${STEAMCMD_USER_HOME}/.ssh/authorized_keys"
+
+        mkdir -p /opt/ssh
+        prepare_ssh_host_key "dsa"
+        prepare_ssh_host_key "rsa"
+        prepare_ssh_host_key "ecdsa"
+        prepare_ssh_host_key "ed25519"
+
+        # Run the server
+        /usr/sbin/sshd
+    fi
+
     # Call to gosu to drop from root user to steamcmd user
     # when running original entrypoint
     set -- gosu steamcmd $@