init

.gitignore

@@ -0,0 +1,6 @@
+/*
+
+!/Dockerfile
+!/.gitignore
+!/entry.sh
+!/gen.lua

Dockerfile

@@ -0,0 +1,12 @@
+FROM alpine
+
+VOLUME [ "/config" ]
+VOLUME [ "/data" ]
+EXPOSE 22
+
+RUN apk add --no-cache openssh lua
+
+COPY entry.sh gen.lua /
+RUN chmod +x entry.sh
+
+CMD [ "/entry.sh" ]

entry.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+lua5.4 gen.lua /config /etc/ssh/sshd_config.d/mappings.conf
+
+if [ ! -f /data/ssh_host_ecdsa_key ]; then
+	ssh-keygen -A
+	cp /etc/ssh/ssh_host_* /data/
+else
+	cp /data/* /etc/ssh/
+fi
+
+/usr/sbin/sshd -D -E /dev/stderr 2> /dev/stdout

gen.lua

@@ -0,0 +1,34 @@
+local conf, out = ...;
+local f = assert(io.open(out, "w"));
+local passwd = assert(io.open("/etc/passwd", "a"));
+local shadow = assert(io.open("/etc/shadow", "a"));
+
+local i = 0;
+local uid = 1100;
+
+for l in io.lines(conf) do
+	i = i + 1;
+
+	l = l:match "^(.-)#" or l;
+	l = l:match "^%s*(.-)%s*$";
+
+	if l ~= "" then
+		local user, params = l:match "^([%a_]+)%s+=%s+(.*)$";
+		if not user then
+			error(conf .. ":" .. i .. ": invalid syntax", 0);
+		end
+
+		passwd:write(user, ":x:", uid, ":", uid, "::/dev/null:/bin/sh\n");
+		shadow:write(user, ":::0:::::\n");
+
+		f:write("Match User ", user);
+		f:write("\n\tForceCommand ssh -A ", params);
+		f:write("\n\tPubkeyAuthentication no");
+		f:write("\n\tPasswordAuthentication yes");
+		f:write("\n\tPermitEmptyPasswords yes");
+		f:write("\n\tAllowAgentForwarding yes\n");
+	end
+end
+
+passwd:close();
+f:close();