SSH – Fix Host Key Pair Passphrase Causing ProFTPD to Fail

dockerproftpdssh-keys

I need to create a docker image with ProFTPD and use it as SFTP server.
Obviously I need SSH host keys for this to work but I don't want to create new keys every time I build the image.
If I create SSH host keys with:

ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa

inside a running container without providing passphrase works perfectly.
I can simply start my SFTP server with proftpd command.

However keys generated exactly the same way on my host and then copied to the docker image with COPY directive in Dockerfile cause the following error when trying to start ProFTPD in a container:

Wrong passphrase for this key.  Please try again.

Wrong passphrase for this key.  Please try again.

Wrong passphrase for this key.  Please try again.
2018-11-13 11:48:21,196 2771999b0891 proftpd[53924] 2771999b0891: mod_sftp/1.0.0: error reading passphrase for SFTPHostKey '/etc/ssh/ssh_host_rsa_key': (unknown)
2018-11-13 11:48:21,197 2771999b0891 proftpd[53924] 2771999b0891: mod_sftp/1.0.0: unable to use key in SFTPHostKey '/etc/ssh/ssh_host_rsa_key', exiting

What am I missing here?

EDIT: Dockerfile as requested:

FROM alpine:latest

COPY etc/apk/repositories /etc/apk/repositories

COPY etc/ssh/ /etc/ssh/

COPY etc/proftpd/ /etc/proftpd/

RUN apk upgrade --no-cache

RUN apk add --no-cache \
    proftpd \
    proftpd-mod_sql_postgres \
    proftpd-mod_sftp_sql

ENTRYPOINT proftpd

And the contents of /etc/ssh inside the container:

>>ls -la /etc/ssh
total 28
drwxr-xr-x    1 root     root          4096 Nov 13 13:47 .
drwxr-xr-x    1 root     root          4096 Nov 13 13:46 ..
-rw-------    1 root     root          1393 Nov 13 13:57 ssh_host_dsa_key
-rw-r--r--    1 root     root           609 Nov 13 10:11 ssh_host_dsa_key.pub
-rw-------    1 root     root          1831 Nov 13 13:57 ssh_host_rsa_key
-rw-r--r--    1 root     root           401 Nov 13 10:11 ssh_host_rsa_key.pub
-rw-r--r--    1 root     root          3177 Nov  7 18:21 sshd_config

Best Answer

I belive that it may be in the fact that the default encryption levels are differant. If you had declaired the bytes in all instances, I think the problem would not have arisen.

Like say:

ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa -b 1024
vs
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa -b 2048
vs
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa -b 4096
Related Topic