serversideup/docker-ssh
Simple SSH container. Great for secure connections into clusters.
10K+
serversideup/docker-ssh
is a hardened SSH server container based on Debian. It works great if you need to create a secure tunnel into your cluster.
AUTHORIZED_KEYS
environment variableALLOWED_IPS
environment variableThis is a list of the docker images this repository creates:
All variables are documented here:
🔀 Variable Name | 📚 Description | #️⃣ Default Value |
---|---|---|
ALLOWED_IPS | Content of allowed IP addresses (see below) | AllowUsers tunnel (allow the tunnel user from any IP) |
AUTHORIZED_KEYS | 🚨 Required to be set by you. Content of your authorized keys file (see below) | |
DEBUG | Display a bunch of helpful content for debugging. | false |
PGID | Group ID the SSH user should run as. | 9999 |
PUID | User ID the SSH user should run as. | 9999 |
SSH_GROUP | Group name used for our SSH user. | tunnelgroup |
SSH_HOST_KEY_DIR | Location of where the SSH host keys should be stored. | /etc/ssh/ssh_host_keys/ |
SSH_PORT | Listening port for SSH server (on container only. You'll still need to publish this port). | 2222 |
SSH_USER | Username for the SSH user that other users will connect into as. | tunnel |
AUTHORIZED_KEYS
environment variable or provide a /authorized_keys
fileYou can provide multiple keys by loading the contents of a file into an environment variable.
AUTHORIZED_KEYS="$(cat .ssh/my_many_ssh_public_keys_in_one_file.txt)"
Or you can provide the authorized_keys
file via a volume. Ensure the volume references matches the path of /authorized_keys
. The image will automatically take the file from /authorized_keys
and configure it for use with your selected user.
ℹ️ NOTE: If both a file and variable are provided, the image will respect the value of the variable over the file.
ALLOWED_IPS
environment variableSet this in the same context of AllowUsersThis example shows a few scenarios you can do:
ALLOWED_IPS="AllowUsers *@192.168.1.0/24 *@172.16.0.1 *@10.0.*.1"
2222
on the containerYou can see I'm forwarding 12345
to 2222
.
docker run --rm --name=ssh --network=web -p 12345:2222 localhost/ssh
This means I would connect with:
ssh -p 12345 tunnel@myserver.test
Here's a perfect example how you can use it with MariaDB. This allows you to use Sequel Pro or TablePlus to connect securely into your database server 🥳
ALLOWED_IPS
variable:services:
mariadb:
image: mariadb:10.11
networks:
- database
environment:
MARIADB_ROOT_PASSWORD: "myrootpassword"
ssh:
image: serversideup/docker-ssh
ports:
- target: 2222
published: 2222
mode: host
# Set the Authorized Keys of who can connect
environment:
AUTHORIZED_KEYS: >
"# Start Keys
ssh-ed25519 1234567890abcdefghijklmnoqrstuvwxyz user-a
ssh-ed25519 abcdefghijklmnoqrstuvwxyz1234567890 user-b
# End Keys"
# Lock down the access to certain IP addresses
ALLOWED_IPS: "AllowUsers tunnel@1.2.3.4"
networks:
- database
networks:
database:
$SSH_USER_HOME/.ssh/authorized_keys
file:services:
mariadb:
image: mariadb:10.11
networks:
- database
environment:
MARIADB_ROOT_PASSWORD: "myrootpassword"
ssh:
image: serversideup/docker-ssh
ports:
- target: 2222
published: 2222
mode: host
# Set the Authorized Keys of who can connect
environment:
# Lock down the access to certain IP addresses
ALLOWED_IPS: "AllowUsers tunnel@1.2.3.4"
configs:
- source: ssh_authorized_keys
# Mount the file to "/authorized_keys". The image will handle everything else
target: /authorized_keys
mode: 0600
networks:
- database
# Define the config to be used
configs:
ssh_authorized_keys:
file: ./authorized_keys
networks:
database:
As an open-source project, we strive for transparency and collaboration in our development process. We greatly appreciate any contributions members of our community can provide. Whether you're fixing bugs, proposing features, improving documentation, or spreading awareness - your involvement strengthens the project. Please review our code of conduct to understand how we work together respectfully.
Need help getting started? Join our Discord community and we'll help you out!
All of our software is free an open to the world. None of this can be brought to you without the financial backing of our sponsors.
Bronze Sponsors
Individual Supporters
We're Dan and Jay - a two person team with a passion for open source products. We created Server Side Up to help share what we learn.
If you appreciate this project, be sure to check out our other projects.
docker pull serversideup/docker-ssh