Update for new openssh versions

build/Dockerfile

@@ -1,10 +1,11 @@
 FROM hermsi/alpine-sshd:latest
 
-RUN apk add --no-cache \
+RUN apk add --upgrade --no-cache \
+        openssh \
         openssh-server-pam \
         yubico-pam \
         google-authenticator \
     && \
     rm -rf /var/cache/apk/*
 
-COPY entrypoint.sh /
+COPY entrypoint.sh /

build/entrypoint.sh

@@ -43,7 +43,7 @@ ensure_mod() {
     G_ID="${4}"
 
     chmod "${MOD}" "${FILE}"
-    chown "${U_ID}"."${G_ID}" "${FILE}"
+    chown "${U_ID}":"${G_ID}" "${FILE}"
 }
 
 generate_passwd() {
@@ -212,10 +212,15 @@ fi
 # ADDED
 #############################################
 
-sed -i "s/#ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/" /etc/ssh/sshd_config
-sed -i "s/#UsePAM.*/UsePAM yes/" /etc/ssh/sshd_config
+if [[ -n "${YUBICO_API_ID}" ]]; then
+  sed -i "s/#ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/" /etc/ssh/sshd_config
+  sed -i "s/#UsePAM.*/UsePAM yes/" /etc/ssh/sshd_config
+
+  if ! grep -Fxq "auth sufficient pam_yubico.sh" /etc/pam.d/sshd; then
+    echo "auth [success=done default=bad] pam_yubico.so id=${YUBICO_API_ID} key=${YUBICO_API_KEY}" >> /etc/pam.d/sshd
+  fi
+fi
 
-echo "auth sufficient pam_yubico.so id=16 debug" >> /etc/pam.d/sshd
 
 #############################################
 # END OF ADDITION
@@ -224,4 +229,4 @@ echo "auth sufficient pam_yubico.so id=16 debug" >> /etc/pam.d/sshd
 echo ""
 
 # do not detach (-D), log to stderr (-e), passthrough other arguments
-exec /usr/sbin/sshd -D -e "$@"
+exec /usr/sbin/sshd.pam -D -e "$@"