You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+28-3
Original file line number
Diff line number
Diff line change
@@ -6,15 +6,34 @@ Minimal Alpine Linux Docker image with `sshd` exposed and `rsync` installed.
6
6
7
7
Configure the container with the following environment variables or optionally mount a custom sshd config at `/etc/ssh/sshd_config`:
8
8
9
+
### General Options
10
+
9
11
-`SSH_USERS` list of user accounts and uids/gids to create. eg `SSH_USERS=www:48:48,admin:1000:1000`
10
12
-`SSH_ENABLE_ROOT` if "true" unlock the root account
11
13
-`SSH_ENABLE_PASSWORD_AUTH` if "true" enable password authentication (disabled by default)
12
14
-`MOTD` change the login message
13
-
-`SFTP_MODE` if "true" sshd will only accept sftp connections
14
-
-`SFTP_CHROOT` if in sftp only mode sftp will be chrooted to this directory. Default "/data"
15
+
16
+
### SSH Options
17
+
15
18
-`GATEWAY_PORTS` if "true" sshd will allow gateway ports
16
19
-`TCP_FORWARDING` if "true" sshd will allow TCP forwarding
17
20
21
+
The following three optional modes, SFTP, SCP and Rsync are mutually exclusive. Only one can be
22
+
enabled at a time:
23
+
24
+
### SFTP Only
25
+
26
+
-`SFTP_MODE` if "true" sshd will only accept sftp connections
27
+
-`SFTP_CHROOT` if in sftp only mode sftp will be chrooted to this directory. Default "/data"
28
+
29
+
### SCP Only
30
+
31
+
-`SCP_MODE` if "true" sshd will only accept scp connections (uses rssh)
32
+
33
+
### Rsync Only
34
+
35
+
-`RSYNC_MODE` if "true" sshd will only accept rsync connections (uses rssh)
36
+
18
37
## SSH Host Keys
19
38
20
39
SSH uses host keys to identify the server. To avoid receiving security warning the host keys should be mounted on an external volume.
@@ -34,10 +53,16 @@ uid/gid and user specified in `SSH_USERS`.
34
53
35
54
## SFTP mode
36
55
37
-
When in sftp only mode (activated by setting `SFTP_MODE=true` the container will only accept sftp connections. All sftp actions will be chrooted to the `SFTP_CHROOT` directory which defaults to "/data".
56
+
When in sftp only mode (activated by setting `SFTP_MODE=true`) the container will only accept sftp connections. All sftp actions will be chrooted to the `SFTP_CHROOT` directory which defaults to "/data".
38
57
39
58
Please note that all components of the pathname in the ChrootDirectory directive must be root-owned directories that are not writable by any other user or group (see `man 5 sshd_config`).
40
59
60
+
## SCP mode
61
+
62
+
When in scp only mode (activated by setting `SCP_MODE=true`) the container will only accept scp connections. No chroot provided.
63
+
64
+
This is provided using [rssh](http://www.pizzashack.org/rssh/) restricted shell.
65
+
41
66
## Custom Scripts
42
67
43
68
Executable shell scripts and binaries can be mounted or copied in to `/etc/entrypoint.d`. These will be run when the container is launched but before sshd is started. These can be used to customise the behaviour of the container.
0 commit comments