Go to file

Christian Baer f27ca829bd Updated README		2023-01-28 14:31:12 +01:00
docker-compose.yml	First commit	2023-01-28 12:49:03 +01:00
Dockerfile	First commit	2023-01-28 12:49:03 +01:00
entrypoint.sh	Hardened SSH config	2023-01-28 13:51:01 +01:00
LICENSE	Initial commit	2023-01-28 12:44:59 +01:00
README.md	Updated README	2023-01-28 14:31:12 +01:00
sshd_config	Remove UsePAM option from SSH config	2023-01-28 13:52:27 +01:00

README.md

docker-ssh-jumphost

Dockerfile for building an image that runs an OpenSSH server that's configured to act as a ProxJump host only.

The server listens on püort 2222. The only user that is able ta connect is bastion. It is not possible to get a terminal on the host. It is only suitable to ProxyJump to other hosts.

At the first startup the host SSH keys will be created in /config as well as an authorized_keys file.

Just build the image, define a volume oder bindmount for /config and add your public key the authorized_keys file.

Expose port 2222 and you can connect as user bastion with your defined private key.

Sample config for docker-compose

version: "3"

services:
  ssh-jumphost:
    container_name: ssh-jumphost
    build:
      context: https://github.com/chrisb86/docker-ssh-jumphost.git
    volumes:
      - ./config:/config
    ports:
      - 2222:2222
    tmpfs:
      - /tmp
      - /run
      - /var/tmp
    read_only: true

In this example the whole conntainer is readonly and directories that have to be writable are mounted with tmpfs.

Just create the docker-compose.yml run docker-compose up -d --buildand you're done.