Public | Automated Build

Last pushed: 21 hours ago
Short Description
simple SSH tunneling image
Full Description


This is a simple ssh-tunnel container for easily connecting to other containers / servers elsewhere via a --link-ed
tunnel container. This tunnel will use your local SSH-agent to connect to the endpoint thus no need to push your ~/.ssh/ files into
the image.


The full syntax for starting an image from this container:

docker run -d --name [$your_tunnel_name] -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:[$exposed_port]:[$destination]:[$destination_port] [$user@][$server]

Mac support: Please be aware that with the launch of the Docker for Mac Beta this currently doesnt work on Mac. Please see this note


  • you would like to have a tunnel port 3306 on server locally exposed as 3306

    docker run -d --name tunnel_mysql -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:3306:localhost:3306

  • you would like to have a tunnel port 3306 on server locally exposed on the host as 3308

    docker run -d -p 3308:3306 --name tunnel_mysql -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:3306:localhost:3306

Using as an Ambassador

This method allows for using this image as an ambassador to other (secure) servers:

docker stop staging-mongo;
docker rm staging-mongo;
docker run -d --name staging-mongo -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:2222: tunnel-user@db.staging

docker stop production-mongo;
docker rm production-mongo;
docker run -d --name production-mongo -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:2222: tunnel-user@db.production

use the links in another container via exposed port 2222:

docker run --link staging-mongo:db.staging \
    --link production-mongo:db.production \
    my_app start


  • 2017-01-27

    • Update image to use the alpine:3.5
    • Use autossh instead of simple ssh for extra stability of the tunnel
    • Provided sample Makefile to automate the build process -- on
      unix-like systems you can use make command to build docker image and

      SSH_CMD="*:6379:localhost:6379 martin@" make build-container

    • The assumption is, that local ssh-agent holds the required identity
      files. Another solution may be to generate new ssh key (ssh-keygen)
      and use the ssh -i option to provide the identity directly.

  • 2016-09-13

    Thanks to @phlegx we now have a seperate tag for reversed tunnels (remote -> local)
    This adds the following tags to this repo:

    • kingsquare/tunnel:latest (the -L option)
    • kingsquare/tunnel:forward
    • kingsquare/tunnel:l

      and the reverse option: (the -R option)

    • kingsquare/tunnel:reverse
    • kingsquare/tunnel:r

      Thanks @ignar for bringing this container back to my attention :)

  • 2015-11-10

    Thanks to @ignar I took another look at the dockerfile and have updated it to use AlpineLinux
    This results in a much smaller image (<8mb) and is still just as fast and functional.
    Thanks @ignar for bringing this container back to my attention :)

Docker Pull Command
Source Repository