openssh-server: trusted-ca Initial commit

[Koalab99]

---

• I have read the contributing guideline and understand that I have made the correct modifications

---

Description:

Add Trusted User Certificate Authority support. It adds a wrapper around TrustedUserCAKeys, just like PUBLIC_KEY.

Benefits of this PR and context:

It would allow user certificate authentication.

How Has This Been Tested?

# Create temp directory and cd there
cd $(mktemp -d)

# Generate key pairs (x and x.pub)
ssh-keygen -b 4096 -t ed25519 -f ca
ssh-keygen -b 4096 -t ed25519 -f linuxserverio
ssh-keygen -b 4096 -t ed25519 -f inexistant

# Sign users pubkeys (x-cert.pub)
ssh-keygen -s ca -I linuxio_key -n linuxserver.io linuxserverio.pub  
ssh-keygen -s ca -I inexistant_key -n inexistant inexistant.pub  

# Avoid using docker:
git clone -b openssh-server-trusted-ca https://github.com/Koalab99/docker-mods.git
tar cvf ./openssh-server-trusted-ca.tar -C docker-mods/root .

# Start ssh server with ca certificate
CA=$(cat ca.pub)
docker run -d --rm \
    --name test-ca-auth \
    -e PUID=1000 \
    -e PGID=1000 \
    -e TZ=UTC \
    -e TRUSTED_CA="$CA" \
    -e DOCKER_MODS="openssh-server-trusted-ca" \
    -e DOCKER_MODS_SIDELOAD=true \
    -v ./openssh-server-trusted-ca.tar:/mods/openssh-server-trusted-ca.tar:ro,z \
    -p 2223:2222 \
    linuxserver/openssh-server

# Test authentication
ssh -p 2223 -i linuxserverio linuxserver.io@127.0.0.1 # Works
ssh -p 2223 -i inexistant inexistant@127.0.0.1 # Permission denied

# Clean container
docker stop test-ca-auth

Source / References:

Tried pushing to openssh-server first: linuxserver/docker-openssh-server#122

[LinuxServer-CI]

PR build pushed to ghcr.io/linuxserver/mods:pull_request_1137