A tiny docker container that allows exposing directory access pretty safely via SSH*Rsync
21
A small container that allows exposing directories via SSH+rsync.
docker run \
-p 22:22/tcp \
-v "$(pwd)/test/data:/data:rw" \
-v "$(pwd)/test/config:/config:ro" \
ikskuh/sshfs
| Volume Mount Point | Access | Content |
|---|---|---|
/config | read-only | Must contain the authorized_keys files. |
/data | read-write | This directory is meant to be accessed via SSH. |
| Port | Protocol | Function |
|---|---|---|
| 22 | TCP | Exposes the SSH port. |
authorized_keysThis file is the authorized keys file for the OpenSSH daemon. The file structure should be configured like this:
command="/usr/bin/rrsync -munge -wo /data/folder_a" ssh-rsa ${sshkey_a}
command="/usr/bin/rrsync -munge -ro /data/folder_b" ssh-rsa ${sshkey_b}
Using rrsync -wo restricts rsync to only write to the provided folder, while rrsync -ro allows only fetching data from the folder.
See more in the rrsync documentation.
Using the script test.sh, you have to create three directories:
[user@host] rsync-dropbox $ mkdir -p test/config test/data
[user@host] rsync-dropbox $ touch test/config/authorized_keys
Then add your key + prefix to the authorized_keys file and start the container:
[user@host] rsync-dropbox $ docker build -t ikskuh/rsync-dropbox .
[user@host] rsync-dropbox $ docker run \
--rm \
-p 127.0.0.1:222:22/tcp \
-v "$(pwd)/test/data:/data:rw" \
-v "$(pwd)/test/config:/config:ro" \
ikskuh/rsync-dropbox
docker pull ikskuh/rsync-dropbox