Go to file
2023-01-29 09:15:13 +01:00
docker-compose.yml First commit 2023-01-28 12:49:03 +01:00
Dockerfile First commit 2023-01-28 12:49:03 +01:00
entrypoint.sh Hardened SSH config 2023-01-28 13:51:01 +01:00
LICENSE Initial commit 2023-01-28 12:44:59 +01:00
README.md Fixes typos in README 2023-01-29 09:15:13 +01:00
sshd_config Remove UsePAM option from SSH config 2023-01-28 13:52:27 +01:00

docker-ssh-jumphost

Dockerfile for building an image that runs an OpenSSH server that's configured to act as a ProxJump host only.

The server listens on port 2222. The only user that is able ta connect is bastion. It is not possible to get a terminal on the host. It is only suitable to ProxyJump to other hosts.

At the first startup the host SSH keys will be created in /config as well as an authorized_keys file.

Just build the image, define a volume oder bind mount for /config and add your public key to the authorized_keys file.

Expose port 2222 and you can connect as user bastion with your defined private key.

Sample config for docker-compose

version: "3"

services:
  ssh-jumphost:
    container_name: ssh-jumphost
    build:
      context: https://github.com/chrisb86/docker-ssh-jumphost.git
    volumes:
      - ./config:/config
    ports:
      - 2222:2222
    tmpfs:
      - /tmp
      - /run
      - /var/tmp
    read_only: true

In this example the whole container is readonly and directories that have to be writable are mounted with tmpfs.

Just create the docker-compose.yml run docker-compose up -d --buildand you're done.