Merge pull request #55 from cron-eu/import-pub-keys

Add IMPORT_PUB_KEYS setting to add misc ssh pub keys

Author: baschny

README.md

@@ -149,6 +149,7 @@ Application root is `/app`. Application runs as user `application` (uid=1000).
 | `IMPORT_GITLAB_SERVER`                 | ssh      | git.cron.eu | Gitlab instance to import SSH key from                                                                                                   |
 | `IMPORT_GITLAB_PUB_KEYS`               | ssh      |             | Gitlab user to import SSH keys from                                                                                                      |
 | `IMPORT_GITHUB_PUB_KEYS`               | ssh      |             | GitHub user to import SSH keys from                                                                                                      |
+| `IMPORT_PUB_KEYS`                      | ssh      |             | Additional SSH public keys to load, comma separated                                                                                      |
 | `SSH_CONFIG`                           | ssh      |             | The whole content of the `.ssh/config` file                                                                                              |
 | `SSH_KNOWN_HOSTS`                      | ssh      |             | The whole content of the `.ssh/known_hosts` file                                                                                         |
 | `SSH_PRIVATE_KEY`                      | ssh      |             | A SSH private key to load in an `ssh-agent`, useful if you run a SSH container with commands                                             |                                                    |

example-app/.env.example

@@ -8,6 +8,8 @@
 #IMPORT_GITLAB_SERVER=
 #IMPORT_GITLAB_PUB_KEYS=
 #IMPORT_GITHUB_PUB_KEYS=
+# Comma separated list of SSH public keys
+#IMPORT_PUB_KEYS=ssh-ed25519 ...
 
 # -----------------------------------------
 # For your application itself

files/ssh/entrypoint.sh

@@ -24,8 +24,8 @@ fi
 # Make sure 'application' home directory exists...
 mkdir -p $APP_USER_HOME && chown $APP_USER $APP_USER_HOME
 
-if [[ "$IS_RUN" == "false" ]] && [[ -z "${IMPORT_GITLAB_PUB_KEYS}" ]] && [[ -z "${IMPORT_GITHUB_PUB_KEYS}" ]]; then
-  echo "WARNING: env variable \$IMPORT_GITHUB_PUB_KEYS or IMPORT_GITLAB_PUB_KEYS is not set. Please set it to have access to this container via SSH."
+if [[ "$IS_RUN" == "false" ]] && [[ -z "${IMPORT_GITLAB_PUB_KEYS}" ]] && [[ -z "${IMPORT_GITHUB_PUB_KEYS}" ]] && [[ -z "${IMPORT_PUB_KEYS}" ]] ; then
+  echo "WARNING: env variable \$IMPORT_GITHUB_PUB_KEYS, \$IMPORT_GITLAB_PUB_KEYS and \$IMPORT_PUB_KEYS are not set. Please set it one of it have access to this container via SSH."
 fi
 
 # -------------------------------------------------------------------------
@@ -62,6 +62,23 @@ if [[ ! -z "${IMPORT_GITHUB_PUB_KEYS}" && "$IS_RUN" == "false" ]]; then
   done
 fi
 
+# -------------------------------------------------------------------------
+# Import SSH keys from IMPORT_PUB_KEYS
+
+if [[ ! -z "${IMPORT_PUB_KEYS}" && "$IS_RUN" == "false" ]]; then
+  echo "* importing SSH keys from \$IMPORT_PUB_KEYS:"
+  mkdir -p $APP_USER_HOME/.ssh
+  echo "# Keys from \$IMPORT_PUB_KEYS:" >> $APP_USER_HOME/.ssh/authorized_keys
+  IFS=',' read -ra keys <<< "$IMPORT_PUB_KEYS"
+  for key in "${keys[@]}"; do
+    trimmed=$(echo "$key" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
+    echo " - $trimmed"
+    echo "$trimmed" >> $APP_USER_HOME/.ssh/authorized_keys
+  done
+  chmod 600 $APP_USER_HOME/.ssh/authorized_keys
+  chown ${APP_USER}: $APP_USER_HOME/.ssh/authorized_keys
+fi
+
 # -------------------------------------------------------------------------
 # Import SSH user settings from env