update bastion/dockerfile and dockercomose

Author: Shafiya-Heena

bastion/Dockerfile

@@ -16,12 +16,10 @@ RUN apt-get update
 
 # Install git
 RUN apt-get install -y \
-    git \
     sed \
-    ca-certificates \
     openssh-client \
     openssh-server \
-    && update-ca-certificates
+    vim
 
 # Clean up packages: Saves space by removing unnecessary package files and lists
 RUN apt-get clean
@@ -42,18 +40,15 @@ RUN mkdir -p /home/sysadmin/.ssh && \
 # Create privilege separation directory for SSH
 RUN mkdir -p /run/sshd
 
-# Follows the instructions here:
-# https://ovh.github.io/the-bastion/installation/basic.html
-RUN git clone https://github.com/ovh/the-bastion /opt/bastion
-RUN git -C /opt/bastion checkout $(git -C /opt/bastion tag | tail -1)
-RUN /opt/bastion/bin/admin/packages-check.sh -i
-RUN /opt/bastion/bin/admin/install --new-install
+# Update SSH configuration to disable password authentication
+RUN sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config && \
+    sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config && \
+    echo "AllowTcpForwarding yes" >> /etc/ssh/sshd_config && \
+    echo "GatewayPorts yes" >> /etc/ssh/sshd_config
 
-# Allow SSH jumping
-RUN sed -i 's/AllowTcpForwarding no/AllowTcpForwarding yes/' /etc/ssh/sshd_config
 
 # Expose SSH port
 EXPOSE 22
 
-# Start SSH service
-ENTRYPOINT ["/opt/bastion/docker/entrypoint.sh"]
+# Start the SSH daemon
+CMD ["/usr/sbin/sshd", "-D"]

docker-compose.yml

@@ -102,6 +102,8 @@ services:
       - ./sysadmin-ssh-keys/rsa_sysadmin.pub:/home/sysadmin/.ssh/id_rsa.pub:ro
       - ./sysadmin-ssh-keys/rsa_sysadmin.pub:/home/sysadmin/.ssh/authorized_keys:ro
       - ./bastion/etc-bastion-config/config:/home/sysadmin/.ssh/config:ro
+
+
 volumes:
   db-data:
     name: db-data
@@ -111,5 +113,7 @@ volumes:
 networks:
   dev-backend:
     name: dev-backend
+    driver: bridge
+
   dev-frontend:
     name: dev-frontend