update

Author: Marcel Zapf

chart/templates/cm-entrypoint.yaml

@@ -23,26 +23,27 @@ data:
         ssh-keygen -t ed25519 -f /home/dev/ssh_keys/ssh_host_ed25519_key -N ''
     fi
 
-    # Correct permissions for SSH keys
     chmod 600 /home/dev/ssh_keys/ssh_host_*
+
     echo "Ensuring run directory exists at /home/dev/run."
     mkdir -p /home/dev/run
 
+    echo "Currently running sshd processes:"
+    ps aux | grep sshd
 
-    echo "Starting SSH service with host keys from /home/dev/ssh_keys on port 2222."
-    /usr/sbin/sshd -D -d -e -f /etc/ssh/sshd_config \
-        -o Port={{ .Values.service.targetPort }} \
-        -o HostKey=/home/dev/ssh_keys/ssh_host_rsa_key \
-        -o HostKey=/home/dev/ssh_keys/ssh_host_ecdsa_key \
-        -o HostKey=/home/dev/ssh_keys/ssh_host_ed25519_key \
-        -o PidFile=/home/dev/run/sshd.pid
+    echo "Killing any existing sshd processes..."
+    for pid in $(ps aux | grep sshd | grep -v grep | awk '{print $2}'); do
+    echo "Killing sshd pid $pid"
+    kill $pid
+    done
 
-    if [ $? -ne 0 ]; then
-        echo "Failed to start SSH service."
-    else
-        echo "SSH service started successfully."
-    fi
+    echo "Removing stale PID file if exists..."
+    rm -f /home/dev/run/sshd.pid
 
-    # Keep the container running if no command is provided
-    echo "No additional command provided, container will keep running."
-    tail -f /dev/null
+    echo "Starting SSH service..."
+    exec /usr/sbin/sshd -D -f /etc/ssh/sshd_config \
+    -o Port=2222 \
+    -o HostKey=/home/dev/ssh_keys/ssh_host_ed25519_key \
+    -o HostKey=/home/dev/ssh_keys/ssh_host_rsa_key \
+    -o HostKey=/home/dev/ssh_keys/ssh_host_ecdsa_key \
+    -o PidFile=/home/dev/run/sshd.pid

chart/templates/cm-pamconfig.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-pam-config
+data:
+  sshd: |
+    auth       sufficient   pam_pubkey_auth.so
+    auth       required     pam_permit.so
+    account    required     pam_permit.so
+    session    required     pam_permit.so

chart/templates/cm-sshconfig.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -6,7 +7,7 @@ data:
   sshd_config: |
     Port {{ .Values.service.targetPort }}
     PermitRootLogin no
-    PasswordAuthentication yes
+    PasswordAuthentication no
     ChallengeResponseAuthentication no
     UsePAM yes
     X11Forwarding yes
@@ -15,3 +16,4 @@ data:
     Subsystem sftp /usr/lib/openssh/sftp-server
     UseDNS no
     PidFile /home/dev/run/sshd.pid
+    PrintLastLog no

chart/templates/statefulset.yaml

@@ -49,6 +49,10 @@ spec:
           mountPath: /etc/ssh/sshd_config
           subPath: sshd_config
           readOnly: true
+        - name: pam-config-volume
+          mountPath: /etc/pam.d/sshd
+          subPath: sshd
+          readOnly: true
         resources: {{ toYaml .Values.resources | indent 10 }}
       volumes:
       - name: entrypoint-script
@@ -63,6 +67,10 @@ spec:
         configMap:
           name: {{ .Release.Name }}-sshd-config
           defaultMode: 0755
+      - name: pam-config-volume
+        configMap:
+          name: {{ .Release.Name }}-pam-config
+          defaultMode: 0755
   volumeClaimTemplates:
   - metadata:
       name: home-volume

chart/values.yaml

@@ -1,7 +1,7 @@
 replicaCount: 1
 
 image:
-  source: ghcr.io/syntax3rror404/k8s-devmachine@sha256:11aa5c10407d658c55c001ddde9b5f6c778f97c6e86b0f2d2b6a48971cf72cf5
+  source: ghcr.io/syntax3rror404/k8s-devmachine@sha256:b74d9fc455717bee5b6330ef892bc621c0cfccf3c2b95af5ea407624ed4cce95 
   pullPolicy: IfNotPresent
 
 service:
@@ -20,7 +20,6 @@ ssh:
   authorizedKeys: |
     # Place auth keys here ...
     # ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCu...
-    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjYNgOeBJ+f0koBLJg7JzT2U9agAGqd/c1gZbVvCZrK
 securityContext:
   runAsNonRoot: true
   runAsUser: 1001