lightweight sshfs server on alpine (with fail2ban protection and private key authentication)
161
Description: Creates a basic sshfs container with fail2ban protection and private key authentication.
map a folder to /keys for storing the ssh keys (host and user)
map a folder to /data for the file share
the container listens on port 22, you can map it to another port or use macvlan
EMAIL environment variable is used to describe the ssh keys (defaults to john.doe@foo.com)
NET_ADMIN is needed to allow fail2ban to create iptables rules (bantime = 4h and maxretry = 3)
after starting the container, use "docker logs" to see the contents of the private key file or check the file /keys/id_rsa
list banned IPs
docker exec -ti sshfs fail2ban-client status sshfs
unban IP
docker exec -ti sshfs fail2ban-client set sshfs unbanip 8.8.8.8
stop fail2ban
docker exec -ti sshfs supervisorctl stop fail2ban
Windows clients
https://github.com/billziss-gh/winfsp/releases
https://github.com/billziss-gh/sshfs-win/releases/tag/v3.7.21011
https://github.com/evsar3/sshfs-win-manager/releases/latest
copy your private key file to C:\Users\<USERNAME>\.ssh\id_rsa
map a network drive to \\sshfs.kr\data@<A.B.C.D>!<P>\data
(replace <USERNAME> by your windows username, <A.B.C.D> by ip and <P> by port)
Mac clients
https://github.com/osxfuse/sshfs/releases/download/osxfuse-sshfs-2.5.0/sshfs-2.5.0.pkg
https://github.com/osxfuse/osxfuse/releases/download/macfuse-4.1.0/macfuse-4.1.0.dmg
Filezilla (or alternative SFTP browser)
use SFTP protocol, user 'data' and the private key file to connect
docker-compose example:
sshfs:
hostname: sshfs
container_name: sshfs
image: vtacquet/sshfs
restart: unless-stopped
volumes:
- /etc/localtime:/etc/localtime:ro
- /opt/docker/sshfs/keys:/keys
- /opt/docker/sshfs/data:/data
ports:
- "2222:22"
environment:
- TZ=Europe/Brussels
- EMAIL=someone@server.com
cap_add:
- NET_ADMIN
docker pull vtacquet/sshfs