Public | Automated Build

Last pushed: 4 days ago
Short Description
simple docker container to build an ssh gateway or hopping station
Full Description

Introduction

This is a simple docker container to build an ssh gateway or
hopping station.

Usecases

Running this docker container you may support following use cases:

  • "forwarding only" gateway without login prompt and restrictions per user
    • mount /etc/user via external volume
    • set login shell to "/usr/local/bin/LoginSleep" for each user
    • write users firewall restrictions into users key file -- see
      sshd_config man page to get more information about
       o PermitOpen="ip:port"
       o no-pty
       o ...
      
    • set global variable "LoginSleep" to configure session timeout
  • run a "classic hopping station"
    • mount /data via external volume
    • set $HostKeys to "/data/host-keys"
      here the private ssh host keys are persisted - restrict access!
    • set $HomeBase to "/data/home"
      here the user home directories are persisted
    • set $UserDir to "/data/user"
      this structure defines which users have to be created at startup and how
  • use this container to build other stuff on top, e.g. a version control system
    • create users svn and git via Dockerfile
    • install needed software (git and subversion) and configure it
    • persist host keys and home base via external volume and set $HomeBase / $HostKeys
    • keep /etc/users empty (fast startup)

Important for all cases:

  • use variable SSHD_OPTS to change specific options
  • Startup takes more time the more users have to be created.
  • Startup time prolongs (and security is reduced) if ssh host key is not persistent -- so $HostKey is strongly recommended.
  • If you use persistent user homes it is strongly recommended to set their uids.

Configuration / features

You can control containers behaviour using following environment variables:

  • UserDir: this directory describes the user to create at startup time
      and their properties (see below) -- default is /etc/user
    
  • HomeBase: is the home directory for the created users -- default is /home
  • HostKeys: is the place/directory of ssh host keys (in order to make them
      persistent) -- default is /etc/ssh
    
  • LoginSleep: if login shell /usr/local/bin/LoginSleep is used for some users
      this variable sets the global session timeout -- default is 1 hour
    

$UserDir is used to define the users that have to be accessible via ssh and
their parameters - each of that in a separate file:

"$UserDir/<user>/key"        # key file (in openssh format)
"$UserDir/<user>/uid"        # uid of the user (only a number)
"$UserDir/<user>/shell"        # name of the login shell (has to exist)

Only the file "key" is (obviously) mandatory, uid and shell are optional.

Docker Pull Command
Owner
dtgilles
Source Repository