From 6bef7d8ad85960f0bede8f232b035851b115c4f8 Mon Sep 17 00:00:00 2001
From: Christian Baer <chris@debilux.org>
Date: Sat, 28 Jan 2023 12:49:03 +0100
Subject: [PATCH] First commit

---
 Dockerfile         | 16 ++++++++++++++++
 docker-compose.yml | 16 ++++++++++++++++
 entrypoint.sh      | 26 ++++++++++++++++++++++++++
 sshd_config        |  8 ++++++++
 4 files changed, 66 insertions(+)
 create mode 100755 Dockerfile
 create mode 100755 docker-compose.yml
 create mode 100755 entrypoint.sh
 create mode 100755 sshd_config

diff --git a/Dockerfile b/Dockerfile
new file mode 100755
index 0000000..77d46e9
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,16 @@
+FROM alpine
+
+RUN apk add --update openssh
+
+COPY sshd_config /etc/ssh/sshd_bastion_config
+RUN echo "Include /etc/ssh/sshd_bastion_config" >> /etc/ssh/sshd_config
+
+RUN adduser -D -s /bin/sh -H bastion
+RUN passwd -u -d bastion
+
+EXPOSE 2222
+
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100755
index 0000000..844b8ae
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,16 @@
+version: "3"
+
+services:
+  ssh-jumphost:
+    container_name: ssh-jumphost
+    build:
+      context: https://github.com/chrisb86/docker-ssh-jumphost.git
+    volumes:
+      - ./config:/config
+    ports:
+      - 2222:2222
+    tmpfs:
+      - /tmp
+      - /run
+      - /var/tmp
+    read_only: true
\ No newline at end of file
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100755
index 0000000..78f71c7
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,26 @@
+#! /bin/sh
+
+CONFIG_DIR="/config"
+USER="bastion"
+PORT="2222"
+
+## Ensure host ssh keys
+if [ ! -f "/config/ssh_host_rsa_key" ]; then
+    ssh-keygen -t rsa -b 4096 -f /config/ssh_host_rsa_key -N ""
+fi
+
+if [ ! -f "/config/ssh_host_ed25519_key" ]; then
+    ssh-keygen -t ed25519 -f /config/ssh_host_ed25519_key -N ""
+fi
+
+## Ensure authorized_keys file and link it to user's home
+touch ${CONFIG_DIR}/authorized_keys
+
+chown -R ${USER}:${USER} /config
+
+set -xv
+
+/usr/sbin/sshd -D -e -4 \
+    -o "HostKey=${CONFIG_DIR}/ssh_host_rsa_key" \
+    -o "HostKey=${CONFIG_DIR}/ssh_host_ed25519_key" \
+    -o "Port=${PORT}" \
diff --git a/sshd_config b/sshd_config
new file mode 100755
index 0000000..f96dd1e
--- /dev/null
+++ b/sshd_config
@@ -0,0 +1,8 @@
+PermitTTY no
+X11Forwarding no
+PermitTunnel no
+GatewayPorts no
+ForceCommand /sbin/nologin
+Match User bastion
+    AllowTcpForwarding yes
+    AuthorizedKeysFile  /config/authorized_keys