diff --git a/runTests b/runTests index baa40ffdf..85e21ae3f 100755 --- a/runTests +++ b/runTests @@ -22,7 +22,7 @@ fi mkdir -p ${DATA_DIR} cd ${DATA_DIR} mkdir -p appsdata -mkdir -p boxdata/profileicons boxdata/appicons boxdata/mail boxdata/certs boxdata/mail/dkim/localhost boxdata/mail/dkim/foobar.com +mkdir -p boxdata/profileicons boxdata/appicons boxdata/mail boxdata/certs boxdata/mail/dkim/localhost boxdata/mail/dkim/foobar.com boxdata/sftp/ssh mkdir -p platformdata/addons/mail/banner platformdata/nginx/cert platformdata/nginx/applications platformdata/collectd/collectd.conf.d platformdata/addons platformdata/logrotate.d platformdata/backup platformdata/logs/tasks # translations @@ -33,6 +33,9 @@ cp -r ${source_dir}/../dashboard/dist/translation/* box/dashboard/dist/translati echo "=> Generating a localhost selfsigned cert" openssl req -x509 -newkey rsa:2048 -keyout platformdata/nginx/cert/host.key -out platformdata/nginx/cert/host.cert -days 3650 -subj '/CN=localhost' -nodes -config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:*.localhost")) +# generate legacy key format for sftp +ssh-keygen -m PEM -t rsa -f boxdata/sftp/ssh/ssh_host_rsa_key + # clear out any containers echo "=> Delete all docker containers first" docker ps -qa | xargs --no-run-if-empty docker rm -f diff --git a/setup/start.sh b/setup/start.sh index 8c83b2104..bd3553869 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -65,6 +65,7 @@ mkdir -p "${BOX_DATA_DIR}/certs" mkdir -p "${BOX_DATA_DIR}/acme" # acme keys mkdir -p "${BOX_DATA_DIR}/mail/dkim" mkdir -p "${BOX_DATA_DIR}/well-known" # .well-known documents +mkdir -p "${BOX_DATA_DIR}/sftp/ssh" # sftp keys # ensure backups folder exists and is writeable mkdir -p /var/backups @@ -220,6 +221,16 @@ else cp "${BOX_DATA_DIR}/dhparams.pem" "${PLATFORM_DATA_DIR}/addons/mail/dhparams.pem" fi +if [[ ! -f "${BOX_DATA_DIR}/sftp/ssh/ssh_host_rsa_key" ]]; then + # the key format in Ubuntu 20 changed, so we create keys in legacy format. for older ubuntu, just re-use the host keys + # see https://github.com/proftpd/proftpd/issues/793 + if [[ "${ubuntu_version}" == "20.04" ]]; then + ssh-keygen -m PEM -t rsa -f "${BOX_DATA_DIR}/sftp/ssh/ssh_host_rsa_key" -q -N "" + else + cp /etc/ssh/ssh_host_rsa_key* ${BOX_DATA_DIR}/sftp/ssh + fi +fi + # old installations used to create appdata//redis which is now part of old backups and prevents restore echo "==> Cleaning up stale redis directories" find "${APPS_DATA_DIR}" -maxdepth 2 -type d -name redis -exec rm -rf {} + diff --git a/src/paths.js b/src/paths.js index e649e0034..e11cfc8aa 100644 --- a/src/paths.js +++ b/src/paths.js @@ -43,6 +43,7 @@ exports = module.exports = { APP_ICONS_DIR: path.join(baseDir(), 'boxdata/appicons'), PROFILE_ICONS_DIR: path.join(baseDir(), 'boxdata/profileicons'), MAIL_DATA_DIR: path.join(baseDir(), 'boxdata/mail'), + SFTP_KEYS_DIR: path.join(baseDir(), 'boxdata/sftp/ssh'), ACME_ACCOUNT_KEY_FILE: path.join(baseDir(), 'boxdata/acme/acme.key'), APP_CERTS_DIR: path.join(baseDir(), 'boxdata/certs'), CLOUDRON_AVATAR_FILE: path.join(baseDir(), 'boxdata/avatar.png'), diff --git a/src/sftp.js b/src/sftp.js index eef7ec3f5..fddb4602e 100644 --- a/src/sftp.js +++ b/src/sftp.js @@ -11,6 +11,7 @@ var apps = require('./apps.js'), debug = require('debug')('box:sftp'), hat = require('./hat.js'), infra = require('./infra_version.js'), + paths = require('./paths.js'), safe = require('safetydance'), shell = require('./shell.js'), volumes = require('./volumes.js'), @@ -110,7 +111,7 @@ function rebuild(callback) { -p 222:22 \ ${mounts} \ -e CLOUDRON_SFTP_TOKEN="${cloudronToken}" \ - -v "/etc/ssh:/etc/ssh:ro" \ + -v "${paths.SFTP_KEYS_DIR}:/etc/ssh:ro" \ --label isCloudronManaged=true \ --read-only -v /tmp -v /run "${tag}"`;