feat: agregar soporte para configuración dinámica de SSH_PORT y PasswordAuthentication

Author: lechuga16

docker-compose.dev.yml

@@ -10,6 +10,7 @@ services:
     environment:
       - LGSM_PASSWORD=${LGSM_PASSWORD}
       - SSH_KEY=${SSH_KEY}
+      - SSH_PORT=${SSH_PORT}
       - KF2_GAME_PORT=${KF2_GAME_PORT:-7777}
       - KF2_QUERY_PORT=${KF2_QUERY_PORT:-27015}
       - KF2_WEBADMIN=${KF2_WEBADMIN:-false}

docker-scripts/post-install-config.sh

@@ -17,7 +17,7 @@ create_deferred_config_script() {
     echo "🔍 Buscando scripts de configuración en ${server_scripts_dir}"
 
     # Crear script que se ejecutará como usuario linuxgsm después del inicio
-    cat > "/data/run-server-config.sh" << 'EOF'
+    cat > "$HOME/run-server-config.sh" << 'EOF'
 #!/bin/bash
 # Script de configuración diferida - Se ejecuta como usuario linuxgsm
 
@@ -28,6 +28,7 @@ echo "Fecha: $(date)"
 # Esperar a que el sistema esté completamente iniciado
 sleep 10
 
+
 # Ejecutar scripts de configuración del servidor
 SERVER_SCRIPTS_DIR="/app/server-scripts"
 if [ -d "${SERVER_SCRIPTS_DIR}" ] && ls "${SERVER_SCRIPTS_DIR}"/*.sh 1> /dev/null 2>&1; then
@@ -36,14 +37,12 @@ if [ -d "${SERVER_SCRIPTS_DIR}" ] && ls "${SERVER_SCRIPTS_DIR}"/*.sh 1> /dev/nul
         echo ""
         echo "📝 Ejecutando: ${script_name}"
         echo "----------------------------------------"
-        
         # Pasar variables de entorno
         export KF2_GAME_PORT="${KF2_GAME_PORT}"
         export KF2_QUERY_PORT="${KF2_QUERY_PORT}"
         export KF2_WEBADMIN_PORT="${KF2_WEBADMIN_PORT}"
         export KF2_STEAM_PORT="${KF2_STEAM_PORT}"
         export KF2_NTP_PORT="${KF2_NTP_PORT}"
-        
         # Ejecutar el script
         bash "${script}"
         echo "✅ ${script_name} completado"
@@ -55,26 +54,26 @@ fi
 echo "🎯 Configuración post-instalación completada"
 
 # Auto-eliminar este script después de la ejecución
-rm -f "/data/run-server-config.sh"
+rm -f "$HOME/run-server-config.sh"
 EOF
 
     # Hacer el script ejecutable
-    chmod +x "/data/run-server-config.sh"
-    chown linuxgsm:linuxgsm "/data/run-server-config.sh"
+    chmod +x "$HOME/run-server-config.sh"
+    chown linuxgsm:linuxgsm "$HOME/run-server-config.sh"
 
-    echo "✅ Script de configuración diferida creado: /data/run-server-config.sh"
+    echo "✅ Script de configuración diferida creado: $HOME/run-server-config.sh"
 
     # Programar la ejecución del script en segundo plano
-    cat > "/data/start-config.sh" << 'EOF'
+    cat > "$HOME/start-config.sh" << 'EOF'
 #!/bin/bash
 # Ejecutar configuración en segundo plano después del inicio del usuario
-sleep 5 && /data/run-server-config.sh > /data/config-log.txt 2>&1 &
+sleep 5 && $HOME/run-server-config.sh > $HOME/config-log.txt 2>&1 &
 EOF
 
-    chmod +x "/data/start-config.sh"
-    chown linuxgsm:linuxgsm "/data/start-config.sh"
+    chmod +x "$HOME/start-config.sh"
+    chown linuxgsm:linuxgsm "$HOME/start-config.sh"
 
-    echo "✅ Script de inicio diferido creado: /data/start-config.sh"
+    echo "✅ Script de inicio diferido creado: $HOME/start-config.sh"
 }
 
 # Función principal

docker-scripts/setup-config-trigger.sh

@@ -1,41 +1,78 @@
 #!/bin/bash
 # Script: ssh.sh
 # Description: Configures the SSH service in the container, generates host keys (RSA, ECDSA, and ED25519),
-# and updates the SSH configuration to use a persistent directory (/data/ssh). It also enables or disables
+# and updates the SSH configuration to use a persistent directory ($HOME/ssh). It also enables or disables
 # password authentication based on the LGSM_PASSWORD variable.
 
-if [ ! -d /data/ssh ]; then
-    mkdir -p /data/ssh
+SSH_PERSIST_DIR="$HOME/ssh"
+if [ ! -d "$SSH_PERSIST_DIR" ]; then
+    mkdir -p "$SSH_PERSIST_DIR"
 fi
 
-if [ ! -f /data/ssh/ssh_host_rsa_key ]; then
-    ssh-keygen -t rsa -b 4096 -f /data/ssh/ssh_host_rsa_key -N ''
+if [ ! -f "$SSH_PERSIST_DIR/ssh_host_rsa_key" ]; then
+    ssh-keygen -t rsa -b 4096 -f "$SSH_PERSIST_DIR/ssh_host_rsa_key" -N ''
 fi
 
-if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then
-    ssh-keygen -t ecdsa -f /data/ssh/ssh_host_ecdsa_key -N ''
+if [ ! -f "$SSH_PERSIST_DIR/ssh_host_ecdsa_key" ]; then
+    ssh-keygen -t ecdsa -f "$SSH_PERSIST_DIR/ssh_host_ecdsa_key" -N ''
 fi
 
-if [ ! -f /data/ssh/ssh_host_ed25519_key ]; then
-    ssh-keygen -t ed25519 -f /data/ssh/ssh_host_ed25519_key -N ''
+if [ ! -f "$SSH_PERSIST_DIR/ssh_host_ed25519_key" ]; then
+    ssh-keygen -t ed25519 -f "$SSH_PERSIST_DIR/ssh_host_ed25519_key" -N ''
 fi
 
-sed -i 's|#HostKey /etc/ssh/ssh_host_rsa_key|HostKey /data/ssh/ssh_host_rsa_key|' /etc/ssh/sshd_config
-sed -i 's|#HostKey /etc/ssh/ssh_host_ecdsa_key|HostKey /data/ssh/ssh_host_ecdsa_key|' /etc/ssh/sshd_config
-sed -i 's|#HostKey /etc/ssh/ssh_host_ed25519_key|HostKey /data/ssh/ssh_host_ed25519_key|' /etc/ssh/sshd_config
+sed -i "s|#HostKey /etc/ssh/ssh_host_rsa_key|HostKey $clear/ssh_host_rsa_key|" /etc/ssh/sshd_config
+sed -i "s|#HostKey /etc/ssh/ssh_host_ecdsa_key|HostKey $SSH_PERSIST_DIR/ssh_host_ecdsa_key|" /etc/ssh/sshd_config
+sed -i "s|#HostKey /etc/ssh/ssh_host_ed25519_key|HostKey $SSH_PERSIST_DIR/ssh_host_ed25519_key|" /etc/ssh/sshd_config
 
-# Configure password authentication based on the LGSM_PASSWORD variable:
-# If LGSM_PASSWORD has a value, enable PasswordAuthentication.
-# If it is empty, disable it.
-if [ -n "${LGSM_PASSWORD}" ]; then
-    sed -i 's|#PasswordAuthentication yes|PasswordAuthentication yes|' /etc/ssh/sshd_config
+
+# --- SOPORTE CAMBIO DINÁMICO DE PasswordAuthentication Y PUERTO SSH ---
+ssh_config_changed=0
+
+# PasswordAuthentication
+desired_auth="no"
+[ -n "${LGSM_PASSWORD}" ] && desired_auth="yes"
+current_auth=$(grep -E '^[# ]*PasswordAuthentication[ ]+(yes|no)' /etc/ssh/sshd_config | tail -1 | awk '{print $2}')
+if [ -n "$current_auth" ]; then
+    if [ "$current_auth" != "$desired_auth" ]; then
+        sed -i "/^[# ]*PasswordAuthentication[ ]\+/c\PasswordAuthentication ${desired_auth}" /etc/ssh/sshd_config
+        echo "[ssh.sh] PasswordAuthentication cambiado: $current_auth → $desired_auth"
+        ssh_config_changed=1
+    else
+        echo "[ssh.sh] PasswordAuthentication ya configurado en $desired_auth, sin cambios."
+    fi
 else
-    sed -i 's|#PasswordAuthentication yes|PasswordAuthentication no|' /etc/ssh/sshd_config
+    echo "PasswordAuthentication ${desired_auth}" >> /etc/ssh/sshd_config
+    echo "[ssh.sh] PasswordAuthentication agregado: $desired_auth"
+    ssh_config_changed=1
 fi
 
+# Port
 if [ -n "${SSH_PORT}" ]; then
-    sed -i "s|#Port 22|Port ${SSH_PORT}|" /etc/ssh/sshd_config
+    current_port=$(grep -E '^[# ]*Port[ ]+[0-9]+' /etc/ssh/sshd_config | tail -1 | awk '{print $2}')
+    if [ -n "$current_port" ]; then
+        if [ "$current_port" != "$SSH_PORT" ]; then
+            sed -i "/^[# ]*Port[ ]\+/c\Port ${SSH_PORT}" /etc/ssh/sshd_config
+            echo "[ssh.sh] Puerto SSH cambiado: $current_port → $SSH_PORT"
+            ssh_config_changed=1
+        else
+            echo "[ssh.sh] Puerto SSH ya configurado en $SSH_PORT, sin cambios."
+        fi
+    else
+        echo "Port ${SSH_PORT}" >> /etc/ssh/sshd_config
+        echo "[ssh.sh] Puerto SSH agregado: $SSH_PORT"
+        ssh_config_changed=1
+    fi
+else
+    echo "[ssh.sh] SSH_PORT no definido, usando configuración por defecto."
 fi
 
-# Start the SSH service
-service ssh start
+# Recargar/reiniciar solo si hubo cambios
+if [ "$ssh_config_changed" = "1" ]; then
+    service ssh reload || service ssh restart
+fi
+
+# Start the SSH service si no está corriendo
+if ! pgrep -x "sshd" > /dev/null; then
+    service ssh start
+fi

docker-scripts/ssh.sh

@@ -51,7 +51,8 @@ export LGSM_SERVERFILES=${LGSM_SERVERFILES}
 export LGSM_DATADIR=${LGSM_DATADIR}
 export LGSM_CONFIG=${LGSM_CONFIG}
 
-# Export KF2 configuration variables
+export SSH_PORT=${SSH_PORT}
+
 export KF2_GAME_PORT=${KF2_GAME_PORT}
 export KF2_QUERY_PORT=${KF2_QUERY_PORT}
 export KF2_WEBADMIN_PORT=${KF2_WEBADMIN_PORT}
@@ -90,48 +91,6 @@ else
   echo -e "No .sh files found in /app/docker-scripts"
 fi
 
-echo -e ""
-echo -e "Config Profile"
-echo -e "================================="
-if [ ! -f $HOME/.bashrc ]; then
-  echo -e "Creating $HOME/.bashrc"
-  cp /etc/skel/.bashrc $HOME/.bashrc
-  echo -e "Setting ownership for $HOME/.bashrc"
-  chown "${USER}":"${USER}" $HOME/.bashrc
-else
-  echo -e "$HOME/.bashrc already exists"
-fi
-
-if [ ! -d $HOME/.ssh ]; then
-  echo -e "Creating $HOME/.ssh"
-  mkdir -p $HOME/.ssh
-  echo -e "Setting ownership and permissions for $HOME/.ssh"
-  chown "${USER}":"${USER}" $HOME/.ssh
-  chmod 700 $HOME/.ssh
-else 
-  echo -e "$HOME/.ssh already exists"
-fi
-
-if [ ! -f $HOME/.ssh/authorized_keys ]; then
-  echo -e "Creating authorized_keys"
-  touch $HOME/.ssh/authorized_keys
-  
-  if [ -n "${SSH_KEY}" ]; then
-    IFS=',' read -ra KEYS <<< "${SSH_KEY}"
-    for key in "${KEYS[@]}"; do
-      echo -e "${key}" >> $HOME/.ssh/authorized_keys
-    done
-  else
-    echo -e "SSH_KEY is empty, skipping..."
-  fi
-  
-  echo -e "Setting ownership and permissions for $HOME/.ssh/authorized_keys"
-  chown "${USER}":"${USER}" $HOME/.ssh/authorized_keys
-  chmod 600 $HOME/.ssh/authorized_keys
-else
-  echo -e "authorized_keys already exists"
-fi
-
 echo -e ""
 echo -e "Switch to user ${USER}"
 echo -e "================================="

entrypoint.sh

@@ -6,9 +6,9 @@
 echo "=== Configurando puertos personalizados KF2 ==="
 
 # Rutas de archivos de configuración
-KF2_CONFIG_FILE="/data/serverfiles/KFGame/Config/kf2server/LinuxServer-KFEngine.ini"
-LGSM_CONFIG_FILE="/data/config-lgsm/kf2server/kf2server.cfg"
-WEBADMIN_CONFIG_FILE="/data/serverfiles/KFGame/Config/kf2server/KFWeb.ini"
+KF2_CONFIG_FILE="$HOME/serverfiles/KFGame/Config/kf2server/LinuxServer-KFEngine.ini"
+LGSM_CONFIG_FILE="$HOME/config-lgsm/kf2server/kf2server.cfg"
+WEBADMIN_CONFIG_FILE="$HOME/serverfiles/KFGame/Config/kf2server/KFWeb.ini"
 
 # Función para verificar archivos de configuración
 check_config_files() {

server-scripts/configure-kf2-ports.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+# Script: manage-authorized-keys.sh
+# Descripción: Gestiona el archivo authorized_keys del usuario linuxgsm según la variable SSH_KEY
+
+set -e
+
+
+SSH_DIR="$HOME/.ssh"
+AUTH_KEYS="$SSH_DIR/authorized_keys"
+
+# Crear el directorio si no existe (migrado desde entrypoint.sh)
+if [ ! -d "$SSH_DIR" ]; then
+    echo "[manage-authorized-keys.sh] Creando $SSH_DIR"
+    mkdir -p "$SSH_DIR"
+    echo "[manage-authorized-keys.sh] Asignando permisos y propietario a $SSH_DIR"
+    chown linuxgsm:linuxgsm "$SSH_DIR"
+    chmod 700 "$SSH_DIR"
+else
+    echo "[manage-authorized-keys.sh] $SSH_DIR ya existe"
+fi
+
+# Si SSH_KEY está vacío, eliminar authorized_keys
+if [ -z "$SSH_KEY" ]; then
+    echo "[manage-authorized-keys.sh] SSH_KEY vacío. Eliminando $AUTH_KEYS si existe."
+    rm -f "$AUTH_KEYS"
+    exit 0
+fi
+
+# Procesar claves separadas por coma
+IFS=',' read -ra KEYS <<< "$SSH_KEY"
+unset SSH_KEY  # Elimina la variable tan pronto como se procesa
+echo "[manage-authorized-keys.sh] Escribiendo claves en $AUTH_KEYS:"
+> "$AUTH_KEYS"
+for key in "${KEYS[@]}"; do
+    key_trimmed="$(echo -e "$key" | xargs)"
+    if [ -n "$key_trimmed" ]; then
+        echo "$key_trimmed" >> "$AUTH_KEYS"
+        # Mostrar solo tipo y fingerprint parcial, no la clave completa
+        tipo=$(echo "$key_trimmed" | awk '{print $1}')
+        fingerprint=$(echo "$key_trimmed" | awk '{print $2}' | cut -c1-8)
+        echo "  - $tipo $fingerprint..."
+    fi
+done
+unset KEYS  # Elimina el array de claves
+
+chown linuxgsm:linuxgsm "$AUTH_KEYS"
+chmod 600 "$AUTH_KEYS"
+echo "[manage-authorized-keys.sh] Operación completada."

server-scripts/manage-authorized-keys.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+# Script: manage-bashrc.sh
+# Descripción: Gestiona la existencia y permisos de .bashrc para el usuario linuxgsm
+
+
+BASHRC="$HOME/.bashrc"
+
+if [ ! -f "$BASHRC" ]; then
+    echo "[manage-bashrc.sh] Creando $BASHRC"
+    cp /etc/skel/.bashrc "$BASHRC"
+    echo "[manage-bashrc.sh] Asignando propietario a $BASHRC"
+    chown linuxgsm:linuxgsm "$BASHRC"
+else
+    echo "[manage-bashrc.sh] $BASHRC ya existe"
+fi