First commit
This commit is contained in:
parent
85668d302c
commit
6bef7d8ad8
16
Dockerfile
Executable file
16
Dockerfile
Executable file
@ -0,0 +1,16 @@
|
|||||||
|
FROM alpine
|
||||||
|
|
||||||
|
RUN apk add --update openssh
|
||||||
|
|
||||||
|
COPY sshd_config /etc/ssh/sshd_bastion_config
|
||||||
|
RUN echo "Include /etc/ssh/sshd_bastion_config" >> /etc/ssh/sshd_config
|
||||||
|
|
||||||
|
RUN adduser -D -s /bin/sh -H bastion
|
||||||
|
RUN passwd -u -d bastion
|
||||||
|
|
||||||
|
EXPOSE 2222
|
||||||
|
|
||||||
|
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
|
||||||
|
RUN chmod +x /usr/local/bin/entrypoint.sh
|
||||||
|
|
||||||
|
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
|
16
docker-compose.yml
Executable file
16
docker-compose.yml
Executable file
@ -0,0 +1,16 @@
|
|||||||
|
version: "3"
|
||||||
|
|
||||||
|
services:
|
||||||
|
ssh-jumphost:
|
||||||
|
container_name: ssh-jumphost
|
||||||
|
build:
|
||||||
|
context: https://github.com/chrisb86/docker-ssh-jumphost.git
|
||||||
|
volumes:
|
||||||
|
- ./config:/config
|
||||||
|
ports:
|
||||||
|
- 2222:2222
|
||||||
|
tmpfs:
|
||||||
|
- /tmp
|
||||||
|
- /run
|
||||||
|
- /var/tmp
|
||||||
|
read_only: true
|
26
entrypoint.sh
Executable file
26
entrypoint.sh
Executable file
@ -0,0 +1,26 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
|
||||||
|
CONFIG_DIR="/config"
|
||||||
|
USER="bastion"
|
||||||
|
PORT="2222"
|
||||||
|
|
||||||
|
## Ensure host ssh keys
|
||||||
|
if [ ! -f "/config/ssh_host_rsa_key" ]; then
|
||||||
|
ssh-keygen -t rsa -b 4096 -f /config/ssh_host_rsa_key -N ""
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f "/config/ssh_host_ed25519_key" ]; then
|
||||||
|
ssh-keygen -t ed25519 -f /config/ssh_host_ed25519_key -N ""
|
||||||
|
fi
|
||||||
|
|
||||||
|
## Ensure authorized_keys file and link it to user's home
|
||||||
|
touch ${CONFIG_DIR}/authorized_keys
|
||||||
|
|
||||||
|
chown -R ${USER}:${USER} /config
|
||||||
|
|
||||||
|
set -xv
|
||||||
|
|
||||||
|
/usr/sbin/sshd -D -e -4 \
|
||||||
|
-o "HostKey=${CONFIG_DIR}/ssh_host_rsa_key" \
|
||||||
|
-o "HostKey=${CONFIG_DIR}/ssh_host_ed25519_key" \
|
||||||
|
-o "Port=${PORT}" \
|
8
sshd_config
Executable file
8
sshd_config
Executable file
@ -0,0 +1,8 @@
|
|||||||
|
PermitTTY no
|
||||||
|
X11Forwarding no
|
||||||
|
PermitTunnel no
|
||||||
|
GatewayPorts no
|
||||||
|
ForceCommand /sbin/nologin
|
||||||
|
Match User bastion
|
||||||
|
AllowTcpForwarding yes
|
||||||
|
AuthorizedKeysFile /config/authorized_keys
|
Loading…
Reference in New Issue
Block a user