From 0da2ed24bd44a4708e68f93adea2763c89b59dd2 Mon Sep 17 00:00:00 2001 From: Krzysztof Szumny Date: Sat, 22 Aug 2015 11:52:14 +0200 Subject: [PATCH] cleanning in /compose/debug --- .../compose/debug/.dockerignore | 3 - .../compose/debug/.gitignore | 1 - .../compose/debug/Dockerfile | 2 +- .../id_rsa | 0 .../id_rsa.pub | 0 .../compose/debug/sshd_config | 87 +++++++++--------- .../{compose/debug => docs}/README.md | 0 .../docs/docker_remote_debugging.rst | 2 +- .../pycharm_configuration/1.png | Bin .../pycharm_configuration/2.png | Bin .../pycharm_configuration/3.png | Bin .../pycharm_configuration/4.png | Bin .../pycharm_configuration/5.png | Bin 13 files changed, 45 insertions(+), 50 deletions(-) delete mode 100644 {{cookiecutter.repo_name}}/compose/debug/.dockerignore delete mode 100644 {{cookiecutter.repo_name}}/compose/debug/.gitignore rename {{cookiecutter.repo_name}}/compose/debug/{.ssh_keys_to_docker => keys_to_docker}/id_rsa (100%) rename {{cookiecutter.repo_name}}/compose/debug/{.ssh_keys_to_docker => keys_to_docker}/id_rsa.pub (100%) rename {{cookiecutter.repo_name}}/{compose/debug => docs}/README.md (100%) rename {{cookiecutter.repo_name}}/{compose/debug => docs}/pycharm_configuration/1.png (100%) rename {{cookiecutter.repo_name}}/{compose/debug => docs}/pycharm_configuration/2.png (100%) rename {{cookiecutter.repo_name}}/{compose/debug => docs}/pycharm_configuration/3.png (100%) rename {{cookiecutter.repo_name}}/{compose/debug => docs}/pycharm_configuration/4.png (100%) rename {{cookiecutter.repo_name}}/{compose/debug => docs}/pycharm_configuration/5.png (100%) diff --git a/{{cookiecutter.repo_name}}/compose/debug/.dockerignore b/{{cookiecutter.repo_name}}/compose/debug/.dockerignore deleted file mode 100644 index ea7761d6f..000000000 --- a/{{cookiecutter.repo_name}}/compose/debug/.dockerignore +++ /dev/null @@ -1,3 +0,0 @@ -.git -.gitignore -README.md \ No newline at end of file diff --git a/{{cookiecutter.repo_name}}/compose/debug/.gitignore b/{{cookiecutter.repo_name}}/compose/debug/.gitignore deleted file mode 100644 index 485dee64b..000000000 --- a/{{cookiecutter.repo_name}}/compose/debug/.gitignore +++ /dev/null @@ -1 +0,0 @@ -.idea diff --git a/{{cookiecutter.repo_name}}/compose/debug/Dockerfile b/{{cookiecutter.repo_name}}/compose/debug/Dockerfile index e827d1f92..ecf44a45d 100644 --- a/{{cookiecutter.repo_name}}/compose/debug/Dockerfile +++ b/{{cookiecutter.repo_name}}/compose/debug/Dockerfile @@ -15,7 +15,7 @@ RUN mkdir -p /var/run/sshd # Copy configuration and entrypoint script COPY sshd_config /etc/ssh/sshd_config -ADD .ssh_keys_to_docker/id_rsa.pub /ssh_id_rsa.pub +ADD keys_to_docker/id_rsa.pub /ssh_id_rsa.pub COPY entrypoint / diff --git a/{{cookiecutter.repo_name}}/compose/debug/.ssh_keys_to_docker/id_rsa b/{{cookiecutter.repo_name}}/compose/debug/keys_to_docker/id_rsa similarity index 100% rename from {{cookiecutter.repo_name}}/compose/debug/.ssh_keys_to_docker/id_rsa rename to {{cookiecutter.repo_name}}/compose/debug/keys_to_docker/id_rsa diff --git a/{{cookiecutter.repo_name}}/compose/debug/.ssh_keys_to_docker/id_rsa.pub b/{{cookiecutter.repo_name}}/compose/debug/keys_to_docker/id_rsa.pub similarity index 100% rename from {{cookiecutter.repo_name}}/compose/debug/.ssh_keys_to_docker/id_rsa.pub rename to {{cookiecutter.repo_name}}/compose/debug/keys_to_docker/id_rsa.pub diff --git a/{{cookiecutter.repo_name}}/compose/debug/sshd_config b/{{cookiecutter.repo_name}}/compose/debug/sshd_config index 2600a9a9e..fee6e169a 100644 --- a/{{cookiecutter.repo_name}}/compose/debug/sshd_config +++ b/{{cookiecutter.repo_name}}/compose/debug/sshd_config @@ -1,82 +1,81 @@ -# TODO: this could use some cleanup... - -# der Port auf dem der ssh Server auf Verbindungen "warten" soll +# What ports, IPs and protocols we listen for Port 22 -# Wenn AllowUsers definiert wurde, dann ist das anmelden auf dem SSH Server nur diesen Usern erlaubt. -# Man kann mehrere User angeben. Sie werden dann durch Leerzeichen getrennt. -#AllowUsers SystemUsername +# The option AllowUsers specifies and controls which users can access ssh +# services. Multiple users can be specified, separated by spaces. +#AllowUsers SystemUsername/ -# Mit der aktuellen Version ist nur noch SSH2 erlaubt, aber bei älteren Versionen wäre auch SSH1 möglich. -# Mit der Angabe von Protocol 2 beschränkt man es aber auf SSH2. Protocol 2 -# Mit ListenAddress kann man angeben an welchen Interfaces der sshd lauschen soll. -# Der Standard 0.0.0.0 lauscht an alles verfügbaren Interfaces. -# Man sollte es auf 1 Interface beschränken. +# The option ListenAddress specifies the IP address of the interface network +# on which the ssh daemon server socket is bind. The default is 0.0.0.0; to +# improve security you may specify only the required ones to limit possible +# addresses. ListenAddress 0.0.0.0 -# Der Pfad zum private Key +# The option HostKey specifies the location containing the private host key. HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key -# Logging +# The option SyslogFacility specifies the facility code used when logging +# messages from sshd. The facility specifies the subsystem that produced the +# message--in our case, AUTH. SyslogFacility AUTH + +# The option LogLevel specifies the level that is used when logging messages +# from sshd.INFO is a good choice. See the man page for sshd for more +# information on other possibilities. LogLevel INFO -# Wenn aktiviert, dann wird eine eingehende Verbindung vom Hauptprozess getrennt. -# Außerdem läuft sie dann unter den Rechten das angemeldeten Users. -# Default ist yes und so sollte es auch bleiben. UsePrivilegeSeparation yes -# Nach den hier angegebenen Sekunden wird die Verbindung getrennt -# wenn der User sich nicht erfolgreich angemeldet hat +# The option LoginGraceTime specifies how long in seconds after a connection +# request the server will wait before disconnecting if the user has not +# successfully logged in. LoginGraceTime 120 -# Mit PermitRootLogin kann man dem User root verbieten sich per SSH anzumelden. -# Auch das ist eine Sicherheitseinstellung die Bruteforce Attacken auf den root User verhindern soll. -# no = keine Rootanmeldung per SSH erlaubt | yes = root kann sich anmelden +# The option PermitRootLogin specifies whether root can log in using ssh. +# Never say yes to this option. PermitRootLogin no -# Überprüft die Besitzrechte der Userdateien und des Homedirs bevor sich ein User anmelden kann +# The option StrictModes specifies whether ssh should check user's permissions +# in their home directory and rhosts files before accepting login. This option +# must always be set to yes because sometimes users may accidentally leave +# their directory or files world-writable. StrictModes yes -# Erlaubt Public Key Authentification -# Default ist yes, wenn man es nicht benutzt kann man es auch abschalten PubkeyAuthentication yes - -# Erlaubt die Anmeldung mit Passwörtern. Bevor man dies abschaltet, sollte man einen anderen Weg haben! PasswordAuthentication yes - -# Da es nur Protocol Version 1 betrifft ist es nicht wichtig zu setzen. -# Am besten man setzt es trotzdem, aber dann auf no! RSAAuthentication no - -# Es sollen keine ~/.rhosts und ~/.shosts Dateien im Homedir geladen werden -IgnoreRhosts yes - -# Auch ein Überbleibsel von SSH1. No ist richtig! -RhostsRSAAuthentication no - -# Eine vergleichbare Funktion von RhostsRSAAuthentication, aber für SSH2. -# Hab ich noch nie gebraucht. HostbasedAuthentication no -# Wenn man es auch yes setzt, kann man sich mit leeren Passwörtern anmelden. -# Da sagt der gesunde Menschenverstand schon etwas anderes. +# The option IgnoreRhosts specifies whether rhosts or shosts files should not +# be used in authentication. For security reasons it is recommended to no use +# rhosts or shosts files for authentication. +IgnoreRhosts yes + +# The option RhostsRSAAuthentication specifies whether to try rhosts +# authentication in concert with RSA host authentication. +RhostsRSAAuthentication no + +# The option PermitEmptyPasswords specifies whether the server allows logging +# in to accounts with a null password. If you intend to use the scp utility +# to make automatic backups over the network, you must set this option to yes PermitEmptyPasswords no -# Ist ein Brutforce Schutz, der die maximalen unautorisierten Verbindungen steuert. +# Specifies the maximum number of concurrent unauthenticated connections to +# the SSH daemon. Additional connections will be dropped until authentication +# succeeds or the LoginGraceTime expires for a connection. MaxStartups 10:30:60 -# Aktiviert das Subsystem sftp #Subsystem sftp /usr/lib/openssh/sftp-server Subsystem sftp internal-sftp -# Wenn man dies auf yes setzt wird einem User die /etc/motd angezeigt wenn er sich verbindet. +# The option PrintMotd specifies whether the ssh daemon should print the +# contents of the /etc/motd file when a user logs in interactively. The +# /etc/motd file is also known as the message of the day. PrintMotd no -# Diese Settings sollten selbsterklärend sein. KeepAlive yes PrintLastLog yes UsePAM yes diff --git a/{{cookiecutter.repo_name}}/compose/debug/README.md b/{{cookiecutter.repo_name}}/docs/README.md similarity index 100% rename from {{cookiecutter.repo_name}}/compose/debug/README.md rename to {{cookiecutter.repo_name}}/docs/README.md diff --git a/{{cookiecutter.repo_name}}/docs/docker_remote_debugging.rst b/{{cookiecutter.repo_name}}/docs/docker_remote_debugging.rst index d809e805a..82541b14b 100644 --- a/{{cookiecutter.repo_name}}/docs/docker_remote_debugging.rst +++ b/{{cookiecutter.repo_name}}/docs/docker_remote_debugging.rst @@ -35,7 +35,7 @@ You can test ssh conection using password *docker*, by:: or you can also use ssh-key:: - ssh -i compose/debug/.ssh_keys_to_docker/id_rsa docker_{{ cookiecutter.repo_name }}@localhost -p 2222 + ssh -i compose/debug/keys_to_docker/id_rsa docker_{{ cookiecutter.repo_name }}@localhost -p 2222 PyCharm diff --git a/{{cookiecutter.repo_name}}/compose/debug/pycharm_configuration/1.png b/{{cookiecutter.repo_name}}/docs/pycharm_configuration/1.png similarity index 100% rename from {{cookiecutter.repo_name}}/compose/debug/pycharm_configuration/1.png rename to {{cookiecutter.repo_name}}/docs/pycharm_configuration/1.png diff --git a/{{cookiecutter.repo_name}}/compose/debug/pycharm_configuration/2.png b/{{cookiecutter.repo_name}}/docs/pycharm_configuration/2.png similarity index 100% rename from {{cookiecutter.repo_name}}/compose/debug/pycharm_configuration/2.png rename to {{cookiecutter.repo_name}}/docs/pycharm_configuration/2.png diff --git a/{{cookiecutter.repo_name}}/compose/debug/pycharm_configuration/3.png b/{{cookiecutter.repo_name}}/docs/pycharm_configuration/3.png similarity index 100% rename from {{cookiecutter.repo_name}}/compose/debug/pycharm_configuration/3.png rename to {{cookiecutter.repo_name}}/docs/pycharm_configuration/3.png diff --git a/{{cookiecutter.repo_name}}/compose/debug/pycharm_configuration/4.png b/{{cookiecutter.repo_name}}/docs/pycharm_configuration/4.png similarity index 100% rename from {{cookiecutter.repo_name}}/compose/debug/pycharm_configuration/4.png rename to {{cookiecutter.repo_name}}/docs/pycharm_configuration/4.png diff --git a/{{cookiecutter.repo_name}}/compose/debug/pycharm_configuration/5.png b/{{cookiecutter.repo_name}}/docs/pycharm_configuration/5.png similarity index 100% rename from {{cookiecutter.repo_name}}/compose/debug/pycharm_configuration/5.png rename to {{cookiecutter.repo_name}}/docs/pycharm_configuration/5.png