add create sysadmin user and add to sudoers

amandayclee · amandayclee · commit 47380dd03a0b · 2024-07-18T23:11:33.000-07:00
diff --git a/bastion/Dockerfile b/bastion/Dockerfile
@@ -17,16 +17,40 @@ RUN apt-get update
 # Install git
 RUN apt-get install -y \
     git \
+    sed \
     ca-certificates \
+    openssh-client \
+    openssh-server \
     && update-ca-certificates
 
+# Clean up packages: Saves space by removing unnecessary package files and lists
+RUN apt-get clean
+RUN rm -rf /var/lib/apt/lists/*
+
+# Create sysadmin user and add to sudoers
+RUN useradd -m -s /bin/bash sysadmin && echo "sysadmin:sysadmin" | chpasswd && \
+    usermod -aG sudo sysadmin
+
+# Ensure SSH directory exists with correct permissions
+RUN mkdir -p /home/sysadmin/.ssh && \
+    chown sysadmin:sysadmin /home/sysadmin/.ssh && \
+    chmod 700 /home/sysadmin/.ssh
+
+# Create privilege separation directory for SSH
+RUN mkdir -p /run/sshd
+
 # Follows the instructions here:
 # https://ovh.github.io/the-bastion/installation/basic.html
 RUN git clone https://github.com/ovh/the-bastion /opt/bastion
 RUN git -C /opt/bastion checkout $(git -C /opt/bastion tag | tail -1)
-
 RUN /opt/bastion/bin/admin/packages-check.sh -i
-
 RUN /opt/bastion/bin/admin/install --new-install
 
-RUN /opt/bastion/bin/admin/setup-first-admin-account.sh sysadmin auto
+# Allow SSH jumping
+RUN sed -i 's/AllowTcpForwarding no/AllowTcpForwarding yes/' /etc/ssh/sshd_config
+
+# Expose SSH port
+EXPOSE 22
+
+# Start SSH service
+ENTRYPOINT ["/opt/bastion/docker/entrypoint.sh"]
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -101,7 +101,7 @@ services:
       - ./sysadmin-ssh-keys/rsa_sysadmin:/home/sysadmin/.ssh/id_rsa:ro
       - ./sysadmin-ssh-keys/rsa_sysadmin.pub:/home/sysadmin/.ssh/id_rsa.pub:ro
       - ./sysadmin-ssh-keys/rsa_sysadmin.pub:/home/sysadmin/.ssh/authorized_keys:ro
-      
+
 volumes:
   db-data:
     name: db-data
