Public | Automated Build

Last pushed: 6 months ago
Short Description
simple SSH tunneling image
Full Description


This is a simple ssh-tunnel container for easily connecting to other containers / servers elsewhere via a --link-ed
tunnel container. This tunnel will use your local SSH-agent to connect to the endpoint thus no need to push your ~/.ssh/ files into
the image.


The full syntax for starting an image from this container:

docker run -d --name [$your_tunnel_name] -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:[$exposed_port]:[$destination]:[$destination_port] [$user@][$server]

Mac support: Please be aware that with the launch of the Docker for Mac Beta this currently doesnt work on Mac. Please see this note


  • you would like to have a tunnel port 3306 on server locally exposed as 3306

    docker run -d --name tunnel_mysql -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:3306:localhost:3306

  • you would like to have a tunnel port 3306 on server locally exposed on the host as 3308

    docker run -d -p 3308:3306 --name tunnel_mysql -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:3306:localhost:3306

Using as an Ambassador

This method allows for using this image as an ambassador to other (secure) servers:

docker stop staging-mongo;
docker rm staging-mongo;
docker run -d --name staging-mongo -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:2222: tunnel-user@db.staging

docker stop production-mongo;
docker rm production-mongo;
docker run -d --name production-mongo -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:2222: tunnel-user@db.production

use the links in another container via exposed port 2222:

docker run --link staging-mongo:db.staging \
    --link production-mongo:db.production \
    my_app start


  • 2017-01-27

    • Update image to use the alpine:3.5
    • Use autossh instead of simple ssh for extra stability of the tunnel
    • Provided sample Makefile to automate the build process -- on
      unix-like systems you can use make command to build docker image and

      SSH_CMD="*:6379:localhost:6379 martin@" make build-container

    • The assumption is, that local ssh-agent holds the required identity
      files. Another solution may be to generate new ssh key (ssh-keygen)
      and use the ssh -i option to provide the identity directly.

  • 2016-09-13

    Thanks to @phlegx we now have a seperate tag for reversed tunnels (remote -> local)
    This adds the following tags to this repo:

    • kingsquare/tunnel:latest (the -L option)
    • kingsquare/tunnel:forward
    • kingsquare/tunnel:l

      and the reverse option: (the -R option)

    • kingsquare/tunnel:reverse
    • kingsquare/tunnel:r

      Thanks @ignar for bringing this container back to my attention :)

  • 2015-11-10

    Thanks to @ignar I took another look at the dockerfile and have updated it to use AlpineLinux
    This results in a much smaller image (<8mb) and is still just as fast and functional.
    Thanks @ignar for bringing this container back to my attention :)

Docker Pull Command
Source Repository

Comments (4)
a year ago

@christiaanuncinc this allows linking this container into another and utilizing the tunnel ...

a year ago

Why would you run this in a Docker container and not just via SSH itself?

2 years ago

@freiit It's no accident, thats exactly as intended :)

2 years ago

If the target port of the sshd is not 22, one can add -p PORT. (I'm not sure if this works by accident, but it works! :) ) Example:

docker run -d --name production-mongo -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:2222: -p 1234 tunnel-user@db.production