Go to file

Marko Oldenburg c616bac4d7 sshd_config aktualisiert		2023-10-11 12:19:27 +02:00
Dockerfile	Dockerfile aktualisiert	2023-10-11 11:35:36 +02:00
LICENSE	Initial commit	2023-01-28 12:44:59 +01:00
README.md	Fixes typos in README	2023-01-29 09:15:13 +01:00
docker-compose.yml	First commit	2023-01-28 12:49:03 +01:00
entrypoint.sh	entrypoint.sh aktualisiert	2023-10-11 11:36:16 +02:00
sshd_config	sshd_config aktualisiert	2023-10-11 12:19:27 +02:00

README.md

docker-ssh-jumphost

Dockerfile for building an image that runs an OpenSSH server that's configured to act as a ProxJump host only.

The server listens on port 2222. The only user that is able ta connect is bastion. It is not possible to get a terminal on the host. It is only suitable to ProxyJump to other hosts.

At the first startup the host SSH keys will be created in /config as well as an authorized_keys file.

Just build the image, define a volume oder bind mount for /config and add your public key to the authorized_keys file.

Expose port 2222 and you can connect as user bastion with your defined private key.

Sample config for docker-compose

version: "3"

services:
  ssh-jumphost:
    container_name: ssh-jumphost
    build:
      context: https://github.com/chrisb86/docker-ssh-jumphost.git
    volumes:
      - ./config:/config
    ports:
      - 2222:2222
    tmpfs:
      - /tmp
      - /run
      - /var/tmp
    read_only: true

In this example the whole container is readonly and directories that have to be writable are mounted with tmpfs.

Just create the docker-compose.yml run docker-compose up -d --buildand you're done.