Home

Awesome

<p align="center"> <img src="https://raw.githubusercontent.com/serversideup/docker-ssh/main/.github/header.png" width="1200" alt="Docker Images Logo"> </p> <p align="center"> <a href="https://actions-badge.atrox.dev/serversideup/docker-ssh/goto?ref=main"><img alt="Build Status" src="https://img.shields.io/endpoint.svg?url=https%3A%2F%2Factions-badge.atrox.dev%2Fserversideup%2Fdocker-ssh%2Fbadge%3Fref%3Dmain&style=flat" /></a> <a href="https://github.com/serversideup/docker-ssh/blob/main/LICENSE" target="_blank"><img src="https://badgen.net/github/license/serversideup/docker-ssh" alt="License"></a> <a href="https://github.com/sponsors/serversideup"><img src="https://badgen.net/badge/icon/Support%20Us?label=GitHub%20Sponsors&color=orange" alt="Support us"></a> <a href="https://community.serversideup.net"><img alt="Discourse users" src="https://img.shields.io/discourse/users?color=blue&server=https%3A%2F%2Fcommunity.serversideup.net"></a> <a href="https://serversideup.net/discord"><img alt="Discord" src="https://img.shields.io/discord/910287105714954251?color=blueviolet"></a> </p>

Hi! We're Dan and Jay. We're a two person team with a passion for open source products. We created Server Side Up to help share what we learn.

Find us at:

Our Sponsors

All of our software is free an open to the world. None of this can be brought to you without the financial backing of our sponsors.

<p align="center"><a href="https://github.com/sponsors/serversideup"><img src="https://521public.s3.amazonaws.com/serversideup/sponsors/sponsor-box.png" alt="Sponsors"></a></p>

Individual Supporters

<!-- supporters --><a href="https://github.com/deligoez"><img src="https://github.com/deligoez.png" width="40px" alt="deligoez" /></a>&nbsp;&nbsp;<a href="https://github.com/alexjustesen"><img src="https://github.com/alexjustesen.png" width="40px" alt="alexjustesen" /></a>&nbsp;&nbsp;<a href="https://github.com/jeremykenedy"><img src="https://github.com/jeremykenedy.png" width="40px" alt="jeremykenedy" /></a>&nbsp;&nbsp;<!-- supporters -->

About this project

This is a super simple SSHD container based on Ubuntu 20.04. It works great if you need to create a secure tunnel into your cluster.

Available Docker Images

This is a list of the docker images this repository creates:

🏷ī¸ Tagℹī¸ Description
latestUse the latest version
release (example: v2.0.0)Lock into a specific release (tagged by the GitHub release)

What this image does

It does one thing very well:

Usage instructions

All variables are documented here:

🔀 Variable Name📚 Description#ī¸âƒŖ Default Value
PUIDUser ID the SSH user should run as.9999
PGIDGroup ID the SSH user should run as.9999
DEBUG_MODEDisplay a bunch of helpful content for debugging.false
SSH_USERUsername for the SSH user that other users will connect into as.tunnel
SSH_GROUPGroup name used for our SSH user.tunnelgroup
SSH_USER_HOMEHome location of the SSH user./home/$SSH_USER
SSH_PORTListening port for SSH server (on container only. You'll still need to publish this port).2222
SSH_HOST_KEY_DIRLocation of where the SSH host keys should be stored./etc/ssh/ssh_host_keys/
AUTHORIZED_KEYS🚨 <b>Required to be set by you.</b> Content of your authorized keys file (see below)
ALLOWED_IPS🚨 <b>Required to be set by you.</b> Content of allowed IP addresses (see below)

1. Set your AUTHORIZED_KEYS environment variable or provide a /authorized_keys file

You can provide multiple keys by loading the contents of a file into an environment variable.

AUTHORIZED_KEYS="$(cat .ssh/my_many_ssh_public_keys_in_one_file.txt)"

Or you can provide the authorized_keys file via a volume. Ensure the volume references matches the path of /authorized_keys. The image will automatically take the file from /authorized_keys and configure it for use with your selected user.

ℹī¸ NOTE: If both a file and variable are provided, the image will respect the value of the variable over the file.

2. Set your ALLOWED_IPS environment variable

Set this in the same context of AllowUsersThis example shows a few scenarios you can do:

ALLOWED_IPS="AllowUsers *@192.168.1.0/24 *@172.16.0.1 *@10.0.*.1"

3. Forward your external port to 2222 on the container

You can see I'm forwarding 12345 to 2222.

docker run --rm --name=ssh --network=web -p 12345:2222 localhost/ssh

This means I would connect with:

ssh -p 12345 tunnel@myserver.test

Working example with MariaDB + SSH + Docker Swarm

Here's a perfect example how you can use it with MariaDB. This allows you to use Sequel Pro or TablePlus to connect securely into your database server đŸĨŗ

Example using ALLOWED_IPS variable:

version: '3.9'

services:
  mariadb:
    image: mariadb:10.6
    networks:
      - database
    environment:
        MYSQL_ROOT_PASSWORD: "myrootpassword"

  ssh:
    image: serversideup/docker-ssh
    #Publish the 12345 port to the 2222 port on the container
    ports:
      - target: 2222
        published: 12345
        mode: host
    # Set the Authorized Keys of who can connect
    environment:
      AUTHORIZED_KEYS: >
        "# Start Keys
         ssh-ed25519 1234567890abcdefghijklmnoqrstuvwxyz user-a
         ssh-ed25519 abcdefghijklmnoqrstuvwxyz1234567890 user-b
         # End Keys"
      # Lock down the access to certain IP addresses
      ALLOWED_IPS: "AllowUsers tunnel@1.2.3.4"
    networks:
        - database

networks:
  database:

Example using $SSH_USER_HOME/.ssh/authorized_keys file:

version: '3.9'

services:
  mariadb:
    image: mariadb:10.6
    networks:
      - database
    environment:
        MYSQL_ROOT_PASSWORD: "myrootpassword"

  ssh:
    image: serversideup/docker-ssh
    #Publish the 12345 port to the 2222 port on the container
    ports:
      - target: 2222
        published: 12345
        mode: host
    # Set the Authorized Keys of who can connect
    environment:
      # Lock down the access to certain IP addresses
      ALLOWED_IPS: "AllowUsers tunnel@1.2.3.4"
    configs:
      - source: ssh_authorized_keys
        # Mount the file to "/authorized_keys". The image will handle everything else
        target: /authorized_keys
        mode: 0600
    networks:
        - database

# Define the config to be used
configs:
  ssh_authorized_keys:
    file: ./authorized_keys

networks:
  database:

Submitting issues and pull requests

Since there are a lot of dependencies on these images, please understand that it can make it complicated on merging your pull request.

We'd love to have your help, but it might be best to explain your intentions first before contributing.

Like we said -- we're always learning

If you find a critical security flaw, please open an issue or learn more about our responsible disclosure policy.