docker-ssh-googleauth/Dockerfile at master · lor00x/docker-ssh-googleauth · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
FROM debian:latest

# Install base services: supervisor, sshd and some tools (vim, ps, ifconfig...)
RUN apt-get update
RUN apt-get install -y procps vim supervisor net-tools ssh wget unzip bzip2

# dpkg-dev is required to use the command dpkg-source
# to install manually the package libpam-google-athenticator
RUN apt-get update && \
apt-get install -y dpkg-dev debian-keyring libpam0g-dev && \
wget --quiet http://ftp.de.debian.org/debian/pool/main/g/google-authenticator/google-authenticator_20130529-2.dsc && \
wget --quiet http://ftp.de.debian.org/debian/pool/main/g/google-authenticator/google-authenticator_20130529.orig.tar.gz && \
wget --quiet http://ftp.de.debian.org/debian/pool/main/g/google-authenticator/google-authenticator_20130529-2.debian.tar.gz && \
dpkg-source -x google-authenticator_20130529-2.dsc && \
rm google-authenticator_2013* && \
cd google-authenticator-20130529 && \
make && \
cd libpam && \
make install && \
cd / && \
rm -R google-authenticator-20130529

# Update the PAM config
RUN echo "\
auth    required    pam_google_authenticator.so nullok" >> /etc/pam.d/sshd

# Update the SSHD config
RUN sed -i 's/^\(ChallengeResponseAuthentication\s\+\)no/\1yes/' /etc/ssh/sshd_config

# Configure SSH
RUN echo root:root | chpasswd
ADD supervisor_sshd.conf /etc/supervisor/conf.d/sshd.conf
RUN service ssh start
ADD root.profile /root/.profile
RUN chown root:root /root/.profile

# Generate token for google authenticator
RUN echo "NOW LOGIN AS root/root AND LAUNCH google-authenticator (Ex: google-authenticator -t -r 3 -R 30 -d -f -W)"

# On container run, launch supervisor
CMD ["/usr/bin/supervisord", "--nodaemon"]