Docker-compose private key

JulienKyu commented 5 years ago

Hi everyone,

I dont found where is my problem.... please help me if you can

This is my docker-compose file

sftp:
    image: atmoz/sftp
    volumes:
        - ./ssh_host_ed25519_key:/etc/ssh/ssh_host_ed25519_key
        - ./ssh_host_rsa_key:/etc/ssh/ssh_host_rsa_key
    ports:
        - "2223:22"
    command: user:pw:1001

And this my output


sftp_1  | [/usr/local/bin/create-sftp-user] Parsing user data: "user:pw:1001"
sftp_1  | Generating public/private ed25519 key pair.
sftp_1  | /etc/ssh/ssh_host_ed25519_key already exists.
sftp_1  | Overwrite (y/n)? /entrypoint: Error on line 69: ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ''

If I remove ed25519 line in volume array, I got this error:

sftp_1  | [/usr/local/bin/create-sftp-user] Parsing user data: "user:pw:1001"
sftp_1  | Generating public/private ed25519 key pair.
sftp_1  | Your identification has been saved in /etc/ssh/ssh_host_ed25519_key.
sftp_1  | Your public key has been saved in /etc/ssh/ssh_host_ed25519_key.pub.
sftp_1  | The key fingerprint is:
sftp_1  | SHA256:IMuGxGPLfbnV3d52rTgcwhoECXZRMT9P9yQZ/yLzLCs root@ae78c0362c72
sftp_1  | The key's randomart image is:
sftp_1  | +--[ED25519 256]--+
sftp_1  | |    o.o++.    .  |
sftp_1  | | . . .o  o     + |
sftp_1  | |  = . ..  o . + o|
sftp_1  | | + * o o.. = o +.|
sftp_1  | |  + = o.S.. = o o|
sftp_1  | |   . . o. o .* o.|
sftp_1  | |      .  o o..+ =|
sftp_1  | |        . E o+ o.|
sftp_1  | |           .o..  |
sftp_1  | +----[SHA256]-----+
sftp_1  | Generating public/private rsa key pair.
sftp_1  | /etc/ssh/ssh_host_rsa_key already exists.
sftp_1  | Overwrite (y/n)? /entrypoint: Error on line 72: ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ''

The container shut down instantly after error... I dont understand why ? I doesn't found any post who talking about these errors.

Thanks you for your help Julien

alemenke commented 5 years ago

I would guess that it's a permission error. What permissions do both your key files have? They need have to have 600 (u+rw) and be owned by root

stefanproell commented 4 years ago

Can you try replacing the relative paths in your docker compose file? Replace this

    volumes:
        - ./ssh_host_ed25519_key:/etc/ssh/ssh_host_ed25519_key
        - ./ssh_host_rsa_key:/etc/ssh/ssh_host_rsa_key

with

    volumes:
        - ${PWD}/ssh_host_ed25519_key:/etc/ssh/ssh_host_ed25519_key
        - ${PWD}/ssh_host_rsa_key:/etc/ssh/ssh_host_rsa_key

or make the path absolte by providing the full path, e.g. /home/user/.ssh/ ...

benjaminnilo commented 4 years ago

I solved this problem by creating a volum of the folder ssh:

/home/foo/sshkey:/etc/ssh

And in the folder /home/foo/sshkey leave the following files:

ssh_host_ed25519_key
ssh_host_ed25519_key.pub
ssh_host_rsa_key
ssh_host_rsa_key.pub
sshd_config

Caerbannog commented 4 years ago

I had a similar problem on CircleCI, because their 'docker executor' does not allow mounting volumes. I solved it by building a bespoke image. The image is based on atmoz/sftp and just copies my config files copied over.

To accomplish that with docker-compose is easy:

# docker-compose.yml
services:
  sftp:
    build: ./sftp
    command: foo:pass:::upload

# sftp/Dockerfile
FROM atmoz/sftp:alpine-3.7
COPY ./ssh_host_* /etc/ssh/
RUN chmod 600 /etc/ssh/ssh_host_*

atmoz / sftp

Docker-compose private key #160