openclaw/docker-entrypoint.sh
Harry Winkler 1d29f772a6 Add optional SSH debug access and stale lock cleanup
- Add CLAWDBOT_ENABLE_SSH build arg to optionally install OpenSSH server
- Add SSH_AUTHORIZED_KEYS build arg to configure authorized keys
- Add docker-entrypoint.sh that clears stale session locks on startup
- Install gosu for secure privilege dropping (runs as node user)
- SSH access uses key-based auth only, no root login, only node user allowed

To build with SSH enabled:
docker build --build-arg CLAWDBOT_ENABLE_SSH=true \
  --build-arg SSH_AUTHORIZED_KEYS="ssh-ed25519 AAAA... user@host" .

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-26 11:03:31 -05:00

24 lines
671 B
Bash

#!/bin/bash
set -e
# Clear stale session locks on startup (handles both root and node ownership)
rm -f /data/agents/main/sessions/*.lock 2>/dev/null || true
# Start SSH daemon if installed and running as root
if [ "$(id -u)" = "0" ] && [ -f /usr/sbin/sshd ]; then
echo "Starting SSH daemon..."
/usr/sbin/sshd
fi
# If running as root and gosu is available, drop to node user for main process
if [ "$(id -u)" = "0" ] && command -v gosu > /dev/null 2>&1; then
# Ensure node user owns the data directory
if [ -d /data ]; then
chown -R node:node /data 2>/dev/null || true
fi
exec gosu node "$@"
fi
# Otherwise run as current user
exec "$@"