Docker: Set pam_loginuid to optional
In an unprivileged container, /etc/pam.d/sshd needs to have pam_loginuid.so set to optional in order for SSH to work (see discussion here). For now, I'm tweaking this by hand, but it would be nice to have it baked into the image proper.
According to the official Docker docs, the following needs to be present in the Dockerfile:
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
Without this change, any attempt to clone via SSH gives the error fatal: protocol error: bad line length character: Welc