dis: Display initial statistics

internal/wisski/ingredient/barrel/barrel/wisskiutils/ssh/keys.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+cat /var/www/.ssh/authorized_keys /var/www/.ssh/global_authorized_keys 2> /dev/null || exit 0

internal/wisski/ingredient/barrel/barrel/wisskiutils/ssh/sshd_config

@@ -0,0 +1,27 @@
+# sshd_config file for distillery ssh server
+
+# listen on port 22
+Port 22
+ListenAddress 0.0.0.0
+
+# Use hostkeys from /ssh/hostkeys
+HostKey /ssh/hostkeys/ssh_host_rsa_key
+HostKey /ssh/hostkeys/ssh_host_ecdsa_key
+HostKey /ssh/hostkeys/ssh_host_ed25519_key
+
+# Disable forwarding and motd
+X11Forwarding no
+PrintMotd no
+
+# allow sftp
+Subsystem       sftp    /usr/lib/openssh/sftp-server
+
+# allow only www-data to login
+AllowUsers www-data
+
+# allow only public keys using /ssh/keys.sh
+PubkeyAuthentication yes     
+AuthenticationMethods publickey
+AuthorizedKeysFile none
+AuthorizedKeysCommand /ssh/keys.sh
+AuthorizedKeysCommandUser root

internal/wisski/ingredient/barrel/barrel/wisskiutils/ssh/start.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# create the sshd directory
+if [ ! -d /run/sshd ]; then
+   mkdir /run/sshd
+   chmod 0755 /run/sshd
+fi
+
+# regenerate key files if they do not yet exist
+[[ -f "/ssh/hostkeys/ssh_host_rsa_key" ]] || ssh-keygen -q -N "" -t dsa -f /ssh/hostkeys/ssh_host_rsa_key
+[[ -f "/ssh/hostkeys/ssh_host_ecdsa_key" ]] || ssh-keygen -q -N "" -t ecdsa -f /ssh/hostkeys/ssh_host_ecdsa_key
+[[ -f "/ssh/hostkeys/ssh_host_ed25519_key" ]] || ssh-keygen -q -N "" -t ed25519 -f /ssh/hostkeys/ssh_host_ed25519_key
+
+/usr/sbin/sshd -e -D -f /ssh/sshd_config