From 852b8e2d819f6fdb11b374acce83d7eb83cbe0d3 Mon Sep 17 00:00:00 2001
From: jpellegrini <j_p@aleph0.info>
Date: Thu, 5 Sep 2019 17:20:55 -0300
Subject: [PATCH] Make AllowedUsers configurable in sshd_config (#8094)

docker/root/usr/bin/entrypoint already allows for the specification
of USER, USER_UID, USER_GID. But since AllowedUsers is hardcoded in
sshd_config, one cannot log in as a user different ftom git.
This change substitutes ${USER} for git in the sshd_config template.

Signed-off-by: Jeronimo Pellegrini <j_p@aleph0.info>
---
 docker/root/etc/templates/sshd_config | 2 +-
 docker/root/usr/bin/entrypoint        | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/docker/root/etc/templates/sshd_config b/docker/root/etc/templates/sshd_config
index ba92e236e1..bf0b936d7c 100644
--- a/docker/root/etc/templates/sshd_config
+++ b/docker/root/etc/templates/sshd_config
@@ -25,7 +25,7 @@ ChallengeResponseAuthentication no
 PasswordAuthentication no
 PermitEmptyPasswords no
 
-AllowUsers git
+AllowUsers ${USER}
 
 Banner none
 Subsystem sftp /usr/lib/ssh/sftp-server
diff --git a/docker/root/usr/bin/entrypoint b/docker/root/usr/bin/entrypoint
index d8e68b9404..a3c03ecff3 100755
--- a/docker/root/usr/bin/entrypoint
+++ b/docker/root/usr/bin/entrypoint
@@ -3,8 +3,6 @@
 if [ "${USER}" != "git" ]; then
     # rename user
     sed -i -e "s/^git\:/${USER}\:/g" /etc/passwd
-    # switch sshd config to different user
-    sed -i -e "s/AllowUsers git$/AllowUsers ${USER}/g" /etc/ssh/sshd_config
 fi
 
 if [ -z "${USER_GID}" ]; then