Skip to content
/ Docker-SSH-Port-Forward-Server Public

Dockerized SSH server that allows TCP local and remote port forwarding

License

ISC license
6 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

David-Lor/Docker-SSH-Port-Forward-Server

BranchesTags

Repository files navigation

Docker SSH Port Forward Server

Docker Hub Docker Image Size (latest by date)

Dockerized SSH server that only allows TCP local and remote port forwarding. Image based on python:3-alpine. The ssh-port-forward-client image can be used for connecting to the server.

This image is experimental and might have undesirable effects. Use it under your responsability!

Getting started

Assuming you have a public key file sshkey.pub within the current working directory:

docker run -d --name=ssh-portforwarding-server -p 2222:2222 -v "$(pwd)/sshkey.pub:/ssh_pubkey:ro" davidlor/ssh-port-forward-server:dev

Keep in mind that this image:

  • Runs the SSH server in port 2222 by default
  • Expects a public ssh key in container path /ssh_pubkey by default
  • Does not allow root login; must use the ssh user to connect
  • Does not allow interactive/shell connections; must use the -N option on the ssh client
  • "latest" image tag version corresponds with the main branch, while "dev" tag version corresponds with the develop branch
  • Builds are available for linux/amd64 and linux/arm/v7. If you encounter problems running a container on armv7, take a look at this issue.

Example

Diagram

An example with all the steps involving a complete deployment of a SSH port forwarding server, client, upstream server and downstream client are available on the test script.

You can connect locally to a deployed SSH server, without a Docker client container, with the following command:

ssh -N -L <local port>:<target host>:<target port> ssh@<ssh server host> -i <private key> -p 2222

Configuration

Currently, the settings are provided through environment variables, which are the following:

  • SSH_PORT: SSH server port (default: 2222)
  • SSH_PUBKEYS_LOCATION: path of the file where public keys are read from (default: /ssh_pubkey)
  • ALLOW_MAPPING: any variable whose name starts with "ALLOW_MAPPING" can be used for restricting which host:port can be forwarded through the server. Multiple mappings can be defined on a single variable splitting them with ; (spaces ignored). If any of these variables are defined, all forwardings are allowed.

The files required for the server to work are:

  • SSH Public key/s: multiple public keys can be provided (one per line), on a file mounted in /ssh_pubkey by default.

TODO

  • Allow providing ssh public key/s through environment variable
  • Allow providing custom sshd_config file, disabling auto-generation of it
  • Allow setting and/or persisting server host keys

About

Dockerized SSH server that allows TCP local and remote port forwarding

Topics

docker ssh dockerfile docker-container docker-image ssh-server ssh-forwarding

Resources

Readme

License

ISC license
Activity

Stars

6 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

3 tags

Packages

No packages published

Languages