sshd+tmux+weechat in docker

.env

LOCALE=en_GB.UTF-8
SSH_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA151ak/oQeooHn7TGqzELD+X84eoakFznQEFdz5YlqP8n2PC7KxK07oQ5N9ZDOE3nxqKSLvdG5UkzKSGVBDh7E6TnulHDK4Qu8+M2J/+IqHx1WQrMVrM47avHjpfTQuL8ON44pOPn2weQsvZPPK7DEM4FUlmjIWdvBwN3axNZhY0= robot101@theta"
TZ=Europe/London

docker-compose.yml

version: '3'

volumes:
  ssh:
  weechat:

services:
  weechat:
    build: .
    container_name: weechat
    hostname: weechat
    restart: on-failure
    environment:
      - LOCALE=${LOCALE}
      - SSH_KEY=${SSH_KEY}
      - TZ=${TZ}
    cap_add:
      - AUDIT_WRITE
    ports:
      - '2222:22'
      - '60000-60010:60000-60010/udp'
    volumes:
      - 'ssh:/etc/ssh'
      - 'weechat:/home/weechat/.weechat'
    networks:
      nginx-proxy:

networks:
  nginx-proxy:
    external: true

Dockerfile

FROM debian:bookworm

RUN set -ex; \
    export DEBIAN_FRONTEND=noninteractive; \
    apt-get update; \
    apt-get upgrade -y; \
    touch /etc/locale.gen; \
    apt-get install --no-install-recommends -y \
      locales \
      mosh \
      openssh-server \
      tmux \
      weechat-curses \
      weechat-matrix \
      weechat-plugins \
      weechat-python \
      weechat-scripts; \
    \
    apt-get clean; \
    rm -rf /var/lib/apt/lists

ADD run.sh /run.sh

RUN set -ex; \
    \
    rm -f /etc/ssh/ssh_host*; \
    mv /etc/ssh /etc/ssh~; \
    \
    adduser \
      --disabled-password \
      --gecos "WeeChat User" \
      weechat; \
    \
    chmod +x /run.sh

VOLUME ["/etc/ssh", "/home/weechat/.weechat"]

EXPOSE 22 60000-60010/udp

CMD ["/run.sh"]

run.sh

#!/bin/bash

# loosely inspired by https://github.com/krlmlr/debian-ssh/

set -e

if [ -z "${SSH_KEY}" ]; then
	echo "=> Please pass your public key in the SSH_KEY environment variable"
	exit 1
fi

if [ -n "${LOCALE}" ]; then
	CHARSET="${LOCALE#*.}"
	echo "${LOCALE} ${CHARSET}" >/etc/locale.gen
	locale-gen
fi

WEEHOME=/home/weechat
mkdir -p ${WEEHOME}/.ssh
chmod 700 ${WEEHOME}/.ssh
echo "${SSH_KEY}" > ${WEEHOME}/.ssh/authorized_keys
chmod 600 ${WEEHOME}/.ssh/authorized_keys
chown weechat:weechat ${WEEHOME}/.ssh ${WEEHOME}/.ssh/authorized_keys ${WEEHOME}/.weechat

su -c "tmux new -d -s weechat weechat" weechat

cp -a /etc/ssh~/* /etc/ssh
DEBIAN_FRONTEND=noninteractive dpkg-reconfigure openssh-server

mkdir -p /run/sshd
exec /usr/sbin/sshd -De

weechat | debug1: Server will not fork when running in debugging mode.

Looks rather suspicious, have you tried running sshd without -d?

@andrunko OMG thank you. 🤦 🤦 🤦

     -d      Debug mode.  The server sends verbose debug output to standard error, and does
             not put itself in the background. The server also will not fork and will only process
             one connection.  This option is only intended for debugging for the server.
             Multiple -d options increase the debugging level.  Maximum is 3.

I saw -d in https://bugzilla.redhat.com/show_bug.cgi?id=1923728 when figuring out the need for CAP_AUDIT, and thought "sure debugging why not"... haha.