1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
# This Dockerfile is a minimal example for a RHEL 8-based SSG test suite target container.
FROM registry.access.redhat.com/ubi8:8.1
ENV AUTH_KEYS=/root/.ssh/authorized_keys
ARG CLIENT_PUBLIC_KEY
ARG ADDITIONAL_PACKAGES
# Install Python so Ansible remediations can work
# Don't clean all, as the test scenario may require package install.
# disable repo in container since it doesn't contain openssh-server and it can cause
# conflict if the repo that comes from host contains different packages version since both
# openssh-server and openssh-clients have the save openssh dependency.
RUN sed -i "s/enabled\s*=\s*1/enabled = 0/g" /etc/yum.repos.d/*.repo
RUN true \
&& yum install -y openssh-clients openssh-server openscap-scanner \
python3 \
$ADDITIONAL_PACKAGES \
&& true
RUN true \
&& for key_type in rsa ecdsa; do ssh-keygen -N '' -t $key_type -f /etc/ssh/ssh_host_${key_type}_key; done \
&& mkdir -p /root/.ssh \
&& printf "%s\n" "$CLIENT_PUBLIC_KEY" >> "$AUTH_KEYS" \
&& chmod og-rw /root/.ssh "$AUTH_KEYS" \
&& sed -i '/session\s\+required\s\+pam_loginuid.so/d' /etc/pam.d/sshd \
&& true
|
