search

mickaelperrin / docker-sftp-server

Alpine based SFTP server with automatic user ID discovery and chroot
7 stars 3 forks source link

Doesn't work out-of-the-box #1

Open wildsurfer opened 7 years ago

wildsurfer commented 7 years ago

Hi!

Trying to launch it using example in README:

git clone https://github.com/mickaelperrin/docker-sshd-server.git
cd docker-sshd-server
docker-compose up

Here is what I see:

bash-3.2$ docker-compose up
Creating network "dockersshdserver_default" with the default driver
Pulling app (alpine:3.5)...
3.5: Pulling from library/alpine
019300c8a437: Already exists
Digest: sha256:af2a5bd2f8de8fc1ecabf1c76611cdc6a5f1ada1a2bdd7d3816e121b70300308
Status: Downloaded newer image for alpine:3.5
Building sshd
Step 1/13 : FROM alpine
latest: Pulling from library/alpine
88286f41530e: Already exists
Digest: sha256:1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe
Status: Downloaded newer image for alpine:latest
 ---> 7328f6f8b418
Step 2/13 : MAINTAINER Mickaël PERRIN <dev@mickaelperrin.fr>
 ---> Running in c08160e2a88b
 ---> 4bb3ed100f58
Removing intermediate container c08160e2a88b
Step 3/13 : RUN apk add --no-cache openssh bash shadow tzdata
 ---> Running in a974ebe64ee9
fetch http://dl-cdn.alpinelinux.org/alpine/v3.6/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.6/community/x86_64/APKINDEX.tar.gz
(1/13) Installing ncurses-terminfo-base (6.0-r8)
(2/13) Installing ncurses-terminfo (6.0-r8)
(3/13) Installing ncurses-libs (6.0-r8)
(4/13) Installing readline (6.3.008-r5)
(5/13) Installing bash (4.3.48-r1)
Executing bash-4.3.48-r1.post-install
(6/13) Installing openssh-keygen (7.5_p1-r1)
(7/13) Installing openssh-client (7.5_p1-r1)
(8/13) Installing openssh-sftp-server (7.5_p1-r1)
(9/13) Installing openssh-server (7.5_p1-r1)
(10/13) Installing openssh (7.5_p1-r1)
(11/13) Installing linux-pam (1.2.1-r1)
(12/13) Installing shadow (4.2.1-r11)
(13/13) Installing tzdata (2017a-r0)
Executing busybox-1.26.2-r5.trigger
OK: 21 MiB in 24 packages
 ---> 8b7da41c365c
Removing intermediate container a974ebe64ee9
Step 4/13 : RUN rm -rf /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_ecdsa_key
 ---> Running in 15c7b863d2f7
 ---> 8f7a6a7bcb94
Removing intermediate container 15c7b863d2f7
Step 5/13 : ADD docker-entrypoint.sh /
 ---> 630dde541cef
Removing intermediate container c4d7604982c9
Step 6/13 : RUN chmod +x /docker-entrypoint.sh
 ---> Running in 928b43c2f88f
 ---> 036d09aba195
Removing intermediate container 928b43c2f88f
Step 7/13 : RUN mkdir -p /docker-entrypoint.d
 ---> Running in 25beb0ace8b2
 ---> 584f9694dc3b
Removing intermediate container 25beb0ace8b2
Step 8/13 : ADD sshd_config /etc/ssh/sshd_config
 ---> fff6767ff5a9
Removing intermediate container bfdd2fab237b
Step 9/13 : RUN addgroup sftp
 ---> Running in dce7ae5d9aea
 ---> 52a151c5290b
Removing intermediate container dce7ae5d9aea
Step 10/13 : ENV TZ "Europe/Paris" LANG "C.UTF-8"
 ---> Running in 7282a1c2e5b2
 ---> 3d3ffb134795
Removing intermediate container 7282a1c2e5b2
Step 11/13 : EXPOSE 22
 ---> Running in d2256bac8220
 ---> 997b749abd8f
Removing intermediate container d2256bac8220
Step 12/13 : ENTRYPOINT /docker-entrypoint.sh
 ---> Running in 30cdac007d8b
 ---> c9b6341f9d78
Removing intermediate container 30cdac007d8b
Step 13/13 : CMD /usr/sbin/sshd -D -e
 ---> Running in ed6f776a5351
 ---> add30260e370
Removing intermediate container ed6f776a5351
Successfully built add30260e370
Successfully tagged mickaelperrin/sshd-server:latest
WARNING: Image for service sshd was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Creating dockersshdserver_app_1 ... 
Creating dockersshdserver_app_1 ... done
Creating dockersshdserver_sshd_1 ... 
Creating dockersshdserver_sshd_1 ... done
Attaching to dockersshdserver_app_1, dockersshdserver_sshd_1
sshd_1  | Generating public/private rsa key pair.
sshd_1  | Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
sshd_1  | Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
sshd_1  | The key fingerprint is:
sshd_1  | SHA256:5wmylsBvrHfGasmCxzgXlrGqIENafap76D9Dx+vQkr8 root@060293ef2944
sshd_1  | The key's randomart image is:
sshd_1  | +---[RSA 2048]----+
sshd_1  | |                 |
sshd_1  | |                 |
sshd_1  | |                 |
sshd_1  | |   o.            |
sshd_1  | | .. +=o S .      |
sshd_1  | |o.  *Oo+ + .     |
sshd_1  | |=  O=+O+  o      |
sshd_1  | |o.*.OB* +        |
sshd_1  | |.o+BoBE=         |
sshd_1  | +----[SHA256]-----+
sshd_1  | Generating public/private dsa key pair.
sshd_1  | Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
sshd_1  | Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
sshd_1  | The key fingerprint is:
sshd_1  | SHA256:93Rlcbqc1/W0SA7pu1kVbYdoXZm6znO2UJTaZweS8eQ root@060293ef2944
sshd_1  | The key's randomart image is:
sshd_1  | +---[DSA 1024]----+
sshd_1  | |            . ..=|
sshd_1  | |            .O *=|
sshd_1  | |           o=.E+O|
sshd_1  | |          ..++=OB|
sshd_1  | |        S ...+*=B|
sshd_1  | |         . o.oooo|
sshd_1  | |           .+o   |
sshd_1  | |            ++.o |
sshd_1  | |           o  +..|
sshd_1  | +----[SHA256]-----+
sshd_1  | Generating public/private ecdsa key pair.
sshd_1  | Your identification has been saved in /etc/ssh/ssh_host_ecdsa_key.
sshd_1  | Your public key has been saved in /etc/ssh/ssh_host_ecdsa_key.pub.
sshd_1  | The key fingerprint is:
sshd_1  | SHA256:AgrIFraXn+er97pM9RDO3KdzQK1AafeqNdm12bGcpqo root@060293ef2944
sshd_1  | The key's randomart image is:
sshd_1  | +---[ECDSA 256]---+
sshd_1  | | o       ..      |
sshd_1  | |+ o .   .o ..    |
sshd_1  | |o+ o.   .o....   |
sshd_1  | |....... + = .. o |
sshd_1  | |  .  o..S* ++.o B|
sshd_1  | |      o.. o=+. B.|
sshd_1  | |       o  o+..o  |
sshd_1  | |      o...  o.   |
sshd_1  | |     .o=+E...    |
sshd_1  | +----[SHA256]-----+
sshd_1  | BusyBox v1.26.2 (2017-06-11 06:38:32 GMT) multi-call binary.
sshd_1  | 
sshd_1  | Usage: grep [-HhnlLoqvsriwFE] [-m N] [-A/B/C N] PATTERN/-e PATTERN.../-f FILE [FILE]...
sshd_1  | 
sshd_1  | Search for PATTERN in FILEs (or stdin)
sshd_1  | 
sshd_1  |   -H  Add 'filename:' prefix
sshd_1  |   -h  Do not add 'filename:' prefix
sshd_1  |   -n  Add 'line_no:' prefix
sshd_1  |   -l  Show only names of files that match
sshd_1  |   -L  Show only names of files that don't match
sshd_1  |   -c  Show only count of matching lines
sshd_1  |   -o  Show only the matching part of line
sshd_1  |   -q  Quiet. Return 0 if PATTERN is found, 1 otherwise
sshd_1  |   -v  Select non-matching lines
sshd_1  |   -s  Suppress open and read errors
sshd_1  |   -r  Recurse
sshd_1  |   -i  Ignore case
sshd_1  |   -w  Match whole words only
sshd_1  |   -x  Match whole lines only
sshd_1  |   -F  PATTERN is a literal (not regexp)
sshd_1  |   -E  PATTERN is an extended regexp
sshd_1  |   -m N    Match up to N times per file
sshd_1  |   -A N    Print N lines of trailing context
sshd_1  |   -B N    Print N lines of leading context
sshd_1  |   -C N    Same as '-A N -B N'
sshd_1  |   -e PTRN Pattern to match
sshd_1  |   -f FILE Read pattern from file
sshd_1  | no user has uid 
sshd_1  | no user has name sftp
sshd_1  | useradd: invalid user ID '-M'
dockersshdserver_sshd_1 exited with code 3
CrimsonGlory commented 6 years ago

Ugly fix: Edit docker-compose.yml file. Chage user sftp for sftp2. Also add a line with OWNER_ID with a random number (has to be an ONWER_ID that does not exist)

    environment:
      - USERNAME=sftp2
      - PASSWORD=my_password_here
      # Should be the same as the volume mapping of app container
      - FOLDER=/data
      # Optional: chroot
      - CHROOT=1
      - OWNER_ID=340

now docker-compose rm and docker-compose up

Now fix the permissions of the data folder:

docker exec -ti dockersshdserver_sshd_1 chown sftp2:sftp2 /data/

and it now works..