Skip to content

Commit ab3fb5d

Browse files
adrysnadrysn
committed
add SFTP image Dockerfile for Ubuntu 24.04
Based on the existing ubuntu22.04 SFTP Dockerfile with the following changes: - Upgrade base image to ubuntu:24.04 - Change SFTP port from 22 to 22022 - Remove sshd_config.d drop-in configs to prevent override of hardened settings - Add LoginGraceTime 0 for additional security - Use mkdir -p for /var/run/sshd
1 parent 13146e3 commit ab3fb5d

1 file changed

Lines changed: 45 additions & 0 deletions

File tree

backendai/Dockerfile.sftp-ubuntu24.04

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
FROM ubuntu:24.04
2+
3+
# Install packages
4+
ENV DEBIAN_FRONTEND=noninteractive
5+
RUN apt-get update && \
6+
apt-get install -y --no-install-recommends \
7+
openssh-server rsync && \
8+
apt-get clean && rm -rf /var/lib/apt/lists/ && rm -rf /root/.cache && rm -rf /tmp/*
9+
10+
# Configure SSH server
11+
# NOTE: Ubuntu 24.04 uses Include /etc/ssh/sshd_config.d/*.conf by default,
12+
# which may override settings in sshd_config. Remove any drop-in configs to
13+
# ensure our settings take effect.
14+
RUN mkdir -p /var/run/sshd && \
15+
rm -f /etc/ssh/sshd_config.d/*.conf && \
16+
sed -i 's/#AllowAgentForwarding yes/AllowAgentForwarding no/' /etc/ssh/sshd_config && \
17+
sed -i 's/#AllowTcpForwarding yes/AllowTcpForwarding no/' /etc/ssh/sshd_config && \
18+
sed -i 's/#GatewayPorts no/GatewayPorts no/' /etc/ssh/sshd_config && \
19+
sed -i 's/X11Forwarding yes/X11Forwarding no/' /etc/ssh/sshd_config && \
20+
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config && \
21+
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config && \
22+
echo 'PermitRootLogin no' >> /etc/ssh/sshd_config && \
23+
echo 'Port 22022' >> /etc/ssh/sshd_config && \
24+
echo 'LoginGraceTime 0' >> /etc/ssh/sshd_config && \
25+
chmod 700 /usr/bin/ssh
26+
27+
# Copy the entrypoint script
28+
COPY ./bootstrap_sftp.sh /opt/container/bootstrap.sh
29+
30+
LABEL ai.backend.kernelspec="1" \
31+
ai.backend.envs.corecount="OPENBLAS_NUM_THREADS,OMP_NUM_THREADS,NPROC" \
32+
ai.backend.features="uid-match private" \
33+
ai.backend.role="SYSTEM" \
34+
ai.backend.base-distro="ubuntu24.04" \
35+
ai.backend.resource.min.cpu="1" \
36+
ai.backend.resource.min.mem="128m" \
37+
ai.backend.resource.max.mem="256m" \
38+
ai.backend.resource.preferred.shmem="64" \
39+
ai.backend.runtime-type="app" \
40+
ai.backend.runtime-path="/bin/false" \
41+
ai.backend.service-ports="sftpd:preopen:22022"
42+
43+
COPY policy.yml /etc/backend.ai/jail/policy.yml
44+
45+
WORKDIR /home/work

0 commit comments

Comments
 (0)