fix: Allow SSH server to start

Author: arcadien

baseline/setup.sh

@@ -17,7 +17,7 @@ DEBIAN_FRONTEND=noninteractive apt install -y nginx \
     php-fileinfo php-posix php-json php-iconv php-ctype php-zip php-sockets \
     python3-pygments nodejs ca-certificates \
     sudo subversion mercurial php-xmlwriter php-opcache imagemagick php-imagick \
-    postfix locales git python3-pip npm hostname php-apcu certbot supervisor mariadb-client cron
+    postfix locales git python3-pip npm hostname php-apcu certbot supervisor mariadb-client cron openssh-server
 
 # Do not start services automatically
 update-rc.d cron remove

docker-compose.yml.standalone

@@ -16,7 +16,8 @@ services:
     ports:
      - "1443:443"
      - "1080:80"
-     - "1022:22"
+     - "2222:2222"
+     - "24:24"
     #volumes:
     # - /home/docker/phab-stand/repos:/repos
     # - /home/docker/phab-stand/extensions:/srv/phabricator/phabricator/src/extensions

preflight/run-ssh.sh

@@ -13,21 +13,25 @@ if [ "$PHABRICATOR_HOST_KEYS_PATH" == "" ]; then
   exit 0
 fi
 
+# In case if not already present,
+# avoid 'Missing privilege separation directory: /run/sshd' error
+mkdir -p /run/sshd
+
 # Generate SSH host keys if they aren't already present
 if [ ! -f /baked ]; then
   if [ -d $PHABRICATOR_HOST_KEYS_PATH ]; then
     cp -v $PHABRICATOR_HOST_KEYS_PATH/* /etc/ssh/
     #ensure correct file modes of private keys
     chmod 600 /etc/ssh/ssh_host_{dsa_,ecdsa_,ed25519_,,rsa_}key
   fi
-    #generate missing keys --> sshd needs sometimes more keys for newer protocols
-    ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
-    ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
-    ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t ed25519
-
-    mkdir -pv $PHABRICATOR_HOST_KEYS_PATH
-    #copy only when the file does not exist
-    cp -vn /etc/ssh/ssh_host_{dsa_,ecdsa_,ed25519_,,rsa_}key{,.pub} $PHABRICATOR_HOST_KEYS_PATH/
+  #generate missing keys --> sshd needs sometimes more keys for newer protocols
+  if [ ! -f /etc/ssh/ssh_host_rsa_key     ]; then ssh-keygen -f /etc/ssh/ssh_host_rsa_key     -t rsa     -N ''; fi
+  if [ ! -f /etc/ssh/ssh_host_dsa_key     ]; then ssh-keygen -f /etc/ssh/ssh_host_dsa_key     -t dsa     -N ''; fi
+  if [ ! -f /etc/ssh/ssh_host_ed25519_key ]; then ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -t ed25519 -N ''; fi
+
+  mkdir -pv $PHABRICATOR_HOST_KEYS_PATH
+  #copy only when the file does not exist
+  cp -vn /etc/ssh/ssh_host_{dsa_,ecdsa_,ed25519_,,rsa_}key{,.pub} $PHABRICATOR_HOST_KEYS_PATH/
 fi
 
 if [ ! -f /is-baking ]; then

preflight/setup.sh

@@ -49,8 +49,8 @@ echo '' >> /etc/php/7.4/fpm/php-fpm.conf
 echo 'php_value[include_path] = "/srv/phabricator/PHPExcel/Classes"' >> /etc/php/7.4/fpm/php-fpm.conf
 
 # Move the default SSH to port 24
-echo "" >> /etc/ssh/sshd_config
-echo "Port 24" >> /etc/ssh/sshd_config
+mkdir -p /etc/ssh/sshd_config.d/
+echo "Port 24" >> /etc/ssh/sshd_config.d/phabricator_host_default.conf
 
 # Configure Phabricator SSH service
 chown root:root /etc/phabricator-ssh/*