diff --git a/images/docker-openssh-server.md b/images/docker-openssh-server.md index 86edca41e..a61f67472 100644 --- a/images/docker-openssh-server.md +++ b/images/docker-openssh-server.md @@ -51,6 +51,7 @@ services: - TZ=Europe/London - PUBLIC_KEY=yourpublickey #optional - PUBLIC_KEY_FILE=/path/to/file #optional + - PUBLIC_KEY_DIR=/path/to/directory/containing/_only_/pubkeys #optional - SUDO_ACCESS=false #optional - PASSWORD_ACCESS=false #optional - USER_PASSWORD=password #optional @@ -74,6 +75,7 @@ docker run -d \ -e TZ=Europe/London \ -e PUBLIC_KEY=yourpublickey `#optional` \ -e PUBLIC_KEY_FILE=/path/to/file `#optional` \ + -e PUBLIC_KEY_DIR=/path/to/directory/containing/_only_/pubkeys `#optional` \ -e SUDO_ACCESS=false `#optional` \ -e PASSWORD_ACCESS=false `#optional` \ -e USER_PASSWORD=password `#optional` \ @@ -106,6 +108,7 @@ Docker images are configured using parameters passed at runtime (such as those a | `TZ=Europe/London` | Specify a timezone to use EG Europe/London | | `PUBLIC_KEY=yourpublickey` | Optional ssh public key, which will automatically be added to authorized_keys. | | `PUBLIC_KEY_FILE=/path/to/file` | Optionally specify a file containing the public key (works with docker secrets). | +| `PUBLIC_KEY_DIR=/path/to/directory/containing/_only_/pubkeys` | Optionally specify a directory containing the public keys (works with docker secrets). | | `SUDO_ACCESS=false` | Set to `true` to allow `linuxserver.io`, the ssh user, sudo access. Without `USER_PASSWORD` set, this will allow passwordless sudo access. | | `PASSWORD_ACCESS=false` | Set to `true` to allow user/password ssh access. You will want to set `USER_PASSWORD` or `USER_PASSWORD_FILE` as well. | | `USER_PASSWORD=password` | Optionally set a sudo password for `linuxserver.io`, the ssh user. If this or `USER_PASSWORD_FILE` are not set but `SUDO_ACCESS` is set to true, the user will have passwordless sudo access. | @@ -157,8 +160,8 @@ In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as bel ## Application Setup -If `PUBLIC_KEY` or `PUBLIC_KEY_FILE` variables are set, they will automatically be added to `authorized_keys`. If not, the keys can manually be added to `/config/.ssh/authorized_keys` and the container should be restarted. -Removing `PUBLIC_KEY` or `PUBLIC_KEY_FILE` variables from docker run environment variables will not remove the keys from `authorized_keys`. `PUBLIC_KEY_FILE` can be used with docker secrets. +If `PUBLIC_KEY` or `PUBLIC_KEY_FILE`, or `PUBLIC_KEY_DIR' variables are set, the specified keys will automatically be added to `authorized_keys`. If not, the keys can manually be added to `/config/.ssh/authorized_keys` and the container should be restarted. +Removing `PUBLIC_KEY` or `PUBLIC_KEY_FILE` variables from docker run environment variables will not remove the keys from `authorized_keys`. `PUBLIC_KEY_FILE` and `PUBLIC_KEY_DIR' can be used with docker secrets. We provide the ability to set and allow password based access via the `PASSWORD_ACCESS` and `USER_PASSWORD` variables, though we as an organization discourage using password auth for public facing ssh endpoints.