jeroenpeeters / docker-ssh Goto Github PK

View Code? Open in Web Editor NEW

636.0 25.0 89.0 233 KB

SSH Server for Docker containers ~ Because every container should be accessible

License: GNU General Public License v2.0

CoffeeScript 8.11% HTML 1.27% JavaScript 90.30% CSS 0.11% Shell 0.21%

docker ssh ssh-container web-terminal docker-terminal

docker-ssh's Introduction

Docker-SSH

SSH Server for Docker containers ~ Because every container should be accessible.

Want to SSH into your container right away? Here you go:

$ docker run -d -p 2222:22 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -e FILTERS={\"name\":[\"^/my-container$\"]} -e AUTH_MECHANISM=noAuth \
  jeroenpeeters/docker-ssh

$ ssh -p 2222 localhost

What is it?

Docker-SSH is an SSH server implementation that transparently bridges docker exec with the SSH session. It implements a regular SSH server, a web terminal and a web API.

Index

Features & Todo
Add SSH capabilities to any container!
Web Terminal
User Authentication
Server Identity and Security
Arguments
Container Requirements
Troubleshooting

Preamble

Many reasons exist to SSH to a process running inside a container. As containers SHOULD be limited to run one main/init process there is often no clean way to get access. One could of course SSH to a Docker host and access the container with docker exec. Another way is to start an SSH server as a secondary process. Not only does this defeat the idea of one process per container, it is also a cumbersome approach when using images from the Docker Hub since they often don't (and shouldn't) contain an SSH server.

Docker-SSH adds SSH capabilities to any container in a compositional way. It implements an SSH server that transparently bridges the SSH session with docker exec. The requirements for this to function properly are:

The container has a shell environment installed (e.g. bash or sh).
The Docker socket is mapped into the container, this lets the container access the Docker Engine.

Features & Todo

Below is a list of both implemented features and planned features. Send me a message if you whish to contribute to this project.

Add SSH capabilities to any container!

Let's assume you have a running container with name 'web-server1'. Run the following command to start Docker-SSH:

docker run -e FILTERS={\"name\":[\"^/web-server-1$\"]} -e AUTH_MECHANISM=noAuth \
  --name sshd-web-server1 -p 2222:22  --rm \
  -v /var/run/docker.sock:/var/run/docker.sock \
  jeroenpeeters/docker-ssh

The SSH server in this example is now running in its own container named 'sshd-web-server1' and exposes the SSH service on port 2222.

Now you can access the container through SSH by using your favorite client. The output will look similar to

ssh someuser@localhost -p 2222
someuser@localhost's password: <PASSWORD>

###############################################################
## Docker SSH ~ Because every container should be accessible ##
###############################################################
## container | web-server1                                   ##
###############################################################

/opt/nginx $

Web terminal

Docker-SSH also implements a web terminal for convenience. The web terminal allows you to connect to your shell using a browser. Below is a screenshot of the web terminal in action.

The web terminal is enabled by default, and exposed on port 8022. To disable the web terminal set -e HTTP_ENABLED=false.

Web API

The web terminal uses the web API to communicate with the shell session. The API can be used by third party application as well.

Starting a session

A new session can be obtained by calling the /api/v1/terminal/stream enpoint. This call creates a new session and returns a stream of HTML5 Server-Sent Events. There are two events: 1. connectionId, 2. data. The connectionId event contains a unique id for this session. This id must be used to send commands to the session. The data event contains serialized-string-escaped terminal data. When you close the stream, the session ends.

curl http://localhost:8022/api/v1/terminal/stream

Sending commands to a session

To send commands to a session you use the connectionId obtained when starting the session. Use the endpoint /api/v1/terminal/send/:sessionId to send commands to the terminal session. It must be a post request that does a form submit with a data parameter populated with the command you whish to execute. Don't forget to send an enter character, otherwise it would not execute. Remember, this is a terminal!

curl -X POST http://localhost:8022/api/v1/terminal/send/122dbd35-d51d-4bc3-80c8-787d82370bee -d $'data=ls -al\n'

Resizing a terminalId

The terminal can be resized by posting to endpoint /api/v1/terminal/resize-window/:terminalId. The endpoint accepts two parameters, rows and cols.

curl -X POST http://localhost:8022/api/v1/terminal/resize-window/2aaff6d2-b0e9-4e42-99c3-a80474b1c32f -d 'rows=10&cols=20'

User Authentication

Docker-SSH has support for multiple authentication mechanisms. The following table lists the implemented and planned authentication mechanisms

AUTH_MECHANISM	Implemented	Description
noAuth	yes	No authentication is performed, enter any user/password combination to logon
simpleAuth	yes	Authenticate a predefined user/password, supports one user
multiUser	yes	Authenticate a user according to a predefined lists of users and passwords
publicKey	yes	Public key authentication

noAuth

No authentication is performed. Any user/password combination is accepted by the server. Useful for testing, or in closed network environments such as corporate networks with separated VLAN's. This mechanism is nevertheless discouraged and should be used with care! The use of this authentication mechanism will create an error entry in the log.

simpleAuth

Supports the authentication of a single user with password. Set AUTH_MECHANISM=simpleAuth to enable this authentication mechanism. The username and password is configured by setting AUTH_USER and AUTH_PASSWORD.

$ docker run -d -p 2222:22 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -e FILTERS={\"name\":[\"^/my-container$\"]} -e AUTH_MECHANISM=simpleAuth \
  -e AUTH_USER=jeroen -e AUTH_PASSWORD=1234 \
  jeroenpeeters/docker-ssh

$ ssh -p 2222 jeroen@localhost
$ jeroen@localhost's password: ****

multiUser

Supports the authentication of a user against a list of user:password tuples. Set AUTH_MECHANISM=multiUser to enable this authentication mechanism. The username:password tuples are configured by setting AUTH_TUPLES. It is a single string with semicolon (;) separated user:password pairs.

$ docker run -d -p 2222:22 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -e FILTERS={\"name\":[\"^/my-container$\"]} -e AUTH_MECHANISM=multiUser \
  -e AUTH_TUPLES="jeroen:thefather;luke:theforce" \
  jeroenpeeters/docker-ssh

$ ssh -p 2222 luke@localhost
$ luke@localhost's password: ****

publicKey

Supports the authentication of a user against an authorized_keys file containing a list of public keys. Set AUTH_MECHANISM=publicKey to enable this authentication mechanism. The name of the authorized_keys file is configured by setting AUTHORIZED_KEYS.

$ cat ~/.ssh/id_rsa.pub > authorized_keys
$ docker run -d -p 2222:22 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v ./authorized_keys:/authorized_keys
  -e FILTERS={\"name\":[\"^/my-container$\"]} -e AUTH_MECHANISM=publicKey \
  -e AUTHORIZED_KEYS=/authorized_keys \
  jeroenpeeters/docker-ssh

$ ssh -p 2222 luke@localhost

SHELL_USER

SSH authentication is provided by Docker-SSH and runs independently from the container. Therefore the shell user and authentication user also operate independently. By default the shell user will be the user from the USER directive in the Docker Image. If you whish to override this you can specify SHELL_USER as an environment variable to Docker-SSH. Note: This user MUST already exist in the container, otherwise Docker-SSH will fail.

Docker Filter

Docker-SSH uses the filter argument of docker ps to target a specific container. You should make sure that the filter matches the intended target container. If the filter matches multiple containers, the first one will be used. See https://docs.docker.com/engine/api/v1.33/#operation/ContainerList. For backwards compatibility the CONTAINER environment variable passed to Docker-SSH is now implemented as a filter on container name.

Please note that the name filter does a partial match. You should use a regular expression to exactly match a container name. See one of the examples above for a demonstration of an exact name match using the Docker filters.

Server Identity and Security

The SSH server needs an RSA/EC private key in order to secure the connection and identify itself to clients. The Docker-SSH container comes with a default RSA key that will be used. If you want, you can provide your own key. Simply provide a key file as a volume to the container and set the KEYPATH argument of the container. Example: -v /path/to/my/key:/my_key -e KEYPATH=/my_key. It is also possible to overwrite the existing key file. In that case you can omit the KEYPATH argument. Example: -v /path/to/my/key:/usr/src/app/id_rsa.pub

Arguments

Arguments to Docker-SSH are passed as Docker environment variables. Docker-SSH needs at least the CONTAINER argument in order to know for which container to provide SSH. Mounting the Docker socket into the SSH container is mandatory since Docker-SSH internally uses docker exec to create a shell session.

Argument	Default	Description
FILTERS	None	Docker filter to target a container
CONTAINER	None	name of a running container. deprecated, use FILTER
CONTAINER_SHELL	bash	path to a shell.
AUTH_MECHANISM	None	name of the authentication mechanism, see User Authentication
KEYPATH	./id_rsa	path to a private key to use as server identity
PORT	22	ssh server listens on this port
HTTP_ENABLED	true	enable/disable the web terminal
HTTP_PORT	8022	web terminal listens on this port
SHELL_USER	root	Run commands as this user (Note: independent from authentication user)

Credits

I couldn't have created Docker-SSH without the following great Node packages! Many thanks go to the authors of:

docker-ssh's People

Contributors

Stargazers

Watchers

Forkers

hafeez3000 rrana xinity topgun82 asperling pboethig bixiyan naphthalene cool3663 pilgrim2go pythoncharmers leokhoa grivescorbett linearregression jk128 davidmilberg charafsalmi sharksevenro awesome oudalab tianya2010 miroadamy-forks bafdyce jordy25519 bingli-borland chawkins88 sleach raccoonrat jeremymarshall amitbmas90 cechu66 wookiist 01btc10 nickstinger binarymachines optionalg isarstyle patlegu luciany xllcheng creased mduser qinshulei fooway yaghiyah lpresence pwfoo joserolles danghieu90 virtimus vivek0tiwari neodize justforkin jungrafael alexanderqiu yuanfeng0905 enmk andaok ictu flouse ziplex ghcetraro afcarl hudk2000 gavrmike insrapperswil senwii jessica19921 shaunstoltz noyb34 getcaas teosoft123 sammyenigma freddykr aimtuxrage tsuboost ropman moayyaed bsx187 voxipbx sokratis1988 ineedpoopoo adejones sgnconnects arunjayakumar01 monter08 michealmueller bgmipp0

docker-ssh's Issues

How to get ~/.bashrc auto loaded when SSH session start?

I try to put in prmpt color in the bashrc flke but it is not loaded automatically i.e. I have to call source ~/.bashrc manually.

Terminal exited. Connection gets closed immediately.

This looks really promising but I just can't get it to work. Even if I more or less c&p your example:

Start something to ssh into later.

docker run -it --rm --name sshd-less debian tail -f /dev/null

Start the docker-ssh container:

docker run -e CONTAINER=sshd-less -e AUTH_MECHANISM=noAuth \
    --name sshd-php-debug-test -p 2222:22 -p 8022:8022  --rm \
    -v /var/run/docker.sock:/var/run/docker.sock -v $(which docker):/usr/bin/docker \
    jeroenpeeters/docker-ssh

The webinterface only gives me:

Connection established                                                                                                                                                                                                                                                                    

 ###############################################################                                                                                                                                                                                                                          
 ## Docker SSH ~ Because every container should be accessible ##                                                                                                                                                                                                                          
 ###############################################################                                                                                                                                                                                                                          
 ## container | php-debug-test2                               ##                                                                                                                                                                                                                          
 ###############################################################                                                                                                                                                                                                                          


Terminal exited.

Nothing like in your screenshot. Then trying to connect via ssh root@localhost -p 2222 results in the following:

 ###############################################################
 ## Docker SSH ~ Because every container should be accessible ##
 ###############################################################
 ## container | php-debug-test2                               ##
 ###############################################################

Connection to localhost closed.

Any idea? I'd be really interested in a minimal working example. Does the container I'd like to ssh into have to provide anything?

Why is container deprecated

Hi :-)

Thanks for this useful library.

I would like to ask why the container parameter is deprecated? It seems to make more sense to use "container" especially when using docker-compose. I don't see how adding json to an environment variable improves anything while the container property is straight forward, easy to use and works like a charm. The same can't be said about the filters property. When I try to use the value from the examples I get "Invalid interpolation format" errors. There should be a solution for it but still..... Container does give a headache. I am a big fan of "container".

Kind regards,
Daan

Execute commands/open shell as other user than root?

When using docker-ssh, the opened shell on the target container is for the root-user. Is it somehow possible to change this, so that we can specify a user which the shell should be run as?

need more help getting started

Hi, sadly I need more documentation to get started.
I get Received disconnect from ::1 port 2222:2:

Is there a sample container to connect to? It wont connect to mine.
Maybe even a shell script that wraps the command.

Forever detected script exited with code: 1 ?

hi. can you help me this?
i start the docker-ssh and i found no problem
but when i try to connect ssh
and it return [2016-11-16T16:29:44.752Z] INFO: sshServer/44 on 711da3200ebb: Listening (host=0.0.0.0, port=22)
[2016-11-16T16:29:45.108Z] INFO: sshServer/44 on 711da3200ebb: Client connected (clientIp=172.19.0.1)
[2016-11-16T16:29:45.175Z] ERROR: noAuthHandler/44 on 711da3200ebb: NoAuthentication handler is handling the authentication! This is INSECURE!
[2016-11-16T16:29:45.258Z] INFO: sessionHandler/44 on 711da3200ebb: Opening shell (container=test-ssh)
[2016-11-16T16:29:45.400Z] INFO: sessionHandler/44 on 711da3200ebb: Terminal exited (container=test-ssh)
[2016-11-16T16:29:45.405Z] INFO: sessionHandler/44 on 711da3200ebb: Channel exited (container=test-ssh)
[2016-11-16T16:29:45.407Z] INFO: sshServer/44 on 711da3200ebb: Client disconnected (clientIp=172.19.0.1)
/src/src/session-handler-factory.coffee:156
stream.on('data', function(data) {
^

TypeError: Cannot read property 'on' of null
at Object.callback (/src/src/session-handler-factory.coffee:79:19)
at /src/node_modules/dockerode/lib/exec.js:39:10
at Modem.buildPayload (/src/node_modules/docker-modem/lib/modem.js:225:19)
at ClientRequest. (/src/node_modules/docker-modem/lib/modem.js:210:10)
at emitOne (events.js:96:13)
at ClientRequest.emit (events.js:188:7)
at writeAfterEndNT (_http_outgoing.js:499:8)
at _combinedTickCallback (internal/process/next_tick.js:77:11)
at process._tickCallback (internal/process/next_tick.js:98:9)

error: Forever detected script exited with code: 1
error: Script restart attempt #2
AND DISCONNECT to the terminal
please help me

id_rsa is a private key...

Perhaps you didn't mean to include this?

Disconnected: No supported authentication methods available (server sent: )

Hi - I received the following error messsage after entering a user name at the SSH shell prompt.

Disconnected: No supported authentication methods available (server sent: )

Here is the docker run command:
docker run -dit -e CONTAINER=test -e AUTH_MECHANISM=publicKey -e AUTHORIZED_KEYS=authorized_keys --name docker-ssh -p 2222:22 -v authorized_keys:/authorized_keys -v /var/run/docker.sock:/var/run/docker.sock jeroenpeeters/docker-ssh

I did copy my authorized_keys file to the docker volume.

btw: I assume the user has to be root with the default image?

[opc@dockerdb ~/docker-ssh]$ docker logs 0a

[email protected] start /src
./node_modules/forever/bin/forever -c ./node_modules/coffee-script/bin/coffee server.coffee | ./node_modules/bunyan/bin/bunyan

warn: --minUptime not set. Defaulting to: 1000ms
warn: --spinSleepTime not set. Your script will exit if it does not stay up for at least 1000ms
[2016-10-19T22:47:01.048Z] INFO: webserver/33 on 0a2199525555: Listening (host=::, port=8022)
[2016-10-19T22:47:01.050Z] INFO: sshServer/33 on 0a2199525555: Docker-SSH ~ Because every container should be accessible
[2016-10-19T22:47:01.051Z] INFO: sshServer/33 on 0a2199525555: Listening (host=0.0.0.0, port=22)
[2016-10-19T22:47:18.735Z] INFO: sshServer/33 on 0a2199525555: Client connected (clientIp=24.55.18.151)
events.js:160
throw er; // Unhandled 'error' event
^

Error: No supported authentication methods available
at onDISCONNECT (/src/node_modules/ssh2-streams/lib/ssh.js:2029:15)
at SSH2Stream. (/src/node_modules/ssh2-streams/lib/ssh.js:178:5)
at emitMany (events.js:127:13)
at SSH2Stream.emit (events.js:201:7)
at parsePacket (/src/node_modules/ssh2-streams/lib/ssh.js:3462:10)
at SSH2Stream._transform (/src/node_modules/ssh2-streams/lib/ssh.js:551:13)
at SSH2Stream.Transform._read (_stream_transform.js:167:10)
at SSH2Stream._read (/src/node_modules/ssh2-streams/lib/ssh.js:212:15)
at SSH2Stream.Transform._write (_stream_transform.js:155:12)
at doWrite (_stream_writable.js:307:12)
at writeOrBuffer (_stream_writable.js:293:5)
at SSH2Stream.Writable.write (_stream_writable.js:220:11)
at Socket.ondata (_stream_readable.js:555:20)
at emitOne (events.js:96:13)
at Socket.emit (events.js:188:7)
at readableAddChunk (_stream_readable.js:172:18)
at Socket.Readable.push (_stream_readable.js:130:10)
at TCP.onread (net.js:542:20)

error: Forever detected script exited with code: 1
error: Script restart attempt #1
[2016-10-19T22:47:23.399Z] INFO: webserver/39 on 0a2199525555: Listening (host=::, port=8022)
[2016-10-19T22:47:23.403Z] INFO: sshServer/39 on 0a2199525555: Docker-SSH ~ Because every container should be accessible
[2016-10-19T22:47:23.403Z] INFO: sshServer/39 on 0a2199525555: Listening (host=0.0.0.0, port=22)

remote command

I'm trying to use a docker container as a jenkins slave, which pertains to the jenkins master connecting to the jenkins slave through ssh. I thought the method would be perfect for my use case, however i can't issue a remote command:

$ ssh -p 2222 sfo java -jar ~/slave.jar
'java -jar ~/slave.jar' is not (yet) supported by Docker-SSH

are there any support of remote commands coming up?

Commented authorized_keys file bug

Hi,

As per man 8 sshd, we can put # commented lines or empty lines in a standard authorized_keys file :

AUTHORIZED_KEYS FILE FORMAT
AuthorizedKeysFile specifies the files containing public keys for public key authentication; if this option is not specified, the default is ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. Each line of the file contains one key (empty lines and lines
starting with a ‘#’ are ignored as comments).

But with docker-ssh, if I use a comment in this file :

me@somewhere:$ cat authorized_keys
# This is a regular comment
ssh-rsa AAAA_my_pretty _secret_key_here_kfjlkfjqlskfjzfzjb key comment

I get this error thrown :

[2018-08-10T17:18:23.221Z] INFO: publicKeyAuth/33 on 7e7ad76cb459: Checking public key against authorized keys (user=root)
/usr/src/app/node_modules/ssh2-streams/lib/utils.js:352
throw new Error('Missing data generated by parseKey()');
^

Error: Missing data generated by parseKey()
at Object.genPublicKey (/usr/src/app/node_modules/ssh2-streams/lib/utils.js:352:11)
at /usr/src/app/src/auth/publicKeyAuth.coffee:21:37
at Array.forEach (native)
at Client.module.exports (/usr/src/app/src/auth/publicKeyAuth.coffee:18:64)
at emitOne (events.js:96:13)
at Client.emit (events.js:188:7)
at SSH2Stream.onUSERAUTH_REQUEST (/usr/src/app/node_modules/ssh2/lib/server.js:240:12)
at emitMany (events.js:127:13)
at SSH2Stream.emit (events.js:201:7)
at parsePacket (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:3625:10)
at SSH2Stream._transform (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:551:13)
at SSH2Stream.Transform._read (_stream_transform.js:167:10)
at SSH2Stream._read (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:212:15)
at SSH2Stream.Transform._write (_stream_transform.js:155:12)
at doWrite (_stream_writable.js:331:12)
at writeOrBuffer (_stream_writable.js:317:5)
at SSH2Stream.Writable.write (_stream_writable.js:243:11)
at Socket.ondata (_stream_readable.js:555:20)
at emitOne (events.js:96:13)
at Socket.emit (events.js:188:7)
at readableAddChunk (_stream_readable.js:176:18)
at Socket.Readable.push (_stream_readable.js:134:10)
at TCP.onread (net.js:547:20)

error: Forever detected script exited with code: 1
error: Script restart attempt #1

Would you mind patching your code to accept comments and empty lines (I have not tested if an empty line is hitting the same bug, just to mention) ?

Thanx for your valuable software by the way and have a great day !

Fred.

Auth feature

Would be important to secure the login with pubkey or just user / password.
Feature is planned, but should be high priority.

PTY allocation request failed

I'm following the instructions and am receiving the following error when attempting to connect via SSH:

PTY allocation request failed on channel 0
shell request failed on channel 0

tcp forwarding is not allowed

I have created ssh tunnel:
ssh -v -L 1234:localhost:1234 -R 26162:localhost:26162 -p 2222 localhost -o "UserKnownHostsFile /dev/null"
When trying to use this tunnel

debug1: Connection to port 1234 forwarding to localhost port 1234 requested.
debug1: channel 3: new [direct-tcpip]
channel 3: open failed: administratively prohibited:
debug1: channel 3: free: direct-tcpip: listening port 1234 for localhost port 1234, connect from 127.0.0.1 port 51457 to 127.0.0.1 port 1234, nchannels 4

for me this looks like tcp forwarding in not allowed

Need more details on authentication via RSA key

I follow your readme file https://github.com/jeroenpeeters/docker-ssh#publickey and from there, we can get the SSH authorized by private key via extra params

  -e AUTH_MECHANISM=publicKey \
  -e AUTHORIZED_KEYS=/authorized_keys \

where authorized_keys file containing a list of public keys. Does it mean the value of param AUTHORIZED_KEYS to be the path to a file on the host machine (i.e. NOT the container)?

p.s.

I also see in the next section at https://github.com/jeroenpeeters/docker-ssh#server-identity-and-security, you mentioned about -v /path/to/my/key:/my_key -e KEYPATH=/my_key - I guess this is where I define the private key for the SSH authentication, and put the public key to param AUTHORIZED_KEYS above, right?

Connect with Visual Studio 2017

I know it's a long shot, but has anyone tried to connect to a container using the docker-ssh from Visual Studio 2017? From the VS2017 I can SSH to the host, from Putty I can SSH to container, but I cannot SSH to container from VS2017 - it times out and says to "check the machine name blabla".

Since I am able to SSH to the container with Putty, I assume the problem is with VS2017. I'm just wondering if anyone else stumbled upon this

TypeError: Cannot read property 'start' on exec

Hello,

I tried using it but I kept getting "Connection to my_container closed by remote host."

I looked up the log of docker-ssh and this is what I have:

[2016-03-11T10:01:42.522Z]  INFO: sshServer/29 on 1f88d6fb3bdf: Client connected (clientIp=172.17.0.10)
[2016-03-11T10:01:42.615Z] ERROR: noAuthHandler/29 on 1f88d6fb3bdf: NoAuthentication handler is handling the authentication! This is INSECURE!
[2016-03-11T10:01:42.696Z]  INFO: sessionHandler/29 on 1f88d6fb3bdf: Exec (container=my_container , command=my_command")
/src/src/session-handler-factory.coffee:77
                return exec.start({
                           ^
TypeError: Cannot read property 'start' of null
  at Object.callback (/src/src/session-handler-factory.coffee:41:15)
  at /src/node_modules/dockerode/lib/container.js:256:26
  at [object Object].Modem.buildPayload (/src/node_modules/dockerode/node_modules/docker-modem/lib/modem.js:225:19)
  at ClientRequest.<anonymous> (/src/node_modules/dockerode/node_modules/docker-modem/lib/modem.js:210:10)
  at emitOne (events.js:77:13)
  at ClientRequest.emit (events.js:169:7)
  at Socket.socketErrorListener (_http_client.js:259:9)
  at emitOne (events.js:77:13)
  at Socket.emit (events.js:169:7)
  at emitErrorNT (net.js:1257:8)
  at doNTCallback2 (node.js:441:9)
  at process._tickCallback (node.js:355:17)
error: Forever detected script exited with code: 1
error: Script restart attempt #1
[2016-03-11T10:01:44.096Z]  INFO: webserver/34 on 1f88d6fb3bdf: Listening (host=::, port=8022)

I can try things if you tell me :)

TypeError: Cannot read property 'length' of undefined

Here Is my Docker FIle

  SSH:
     container_name: SSHD
     image: jeroenpeeters/docker-ssh
     restart: always
     ports:
         - "2222:22"
     environment:
         - HTTP_ENABLED=true
         - FILTERS={\"name\":[\"^/Container-Nginx$$\"]}
         - AUTH_MECHANISM=publicKey
         - AUTHORIZED_KEYS=/authorized_keys
     volumes:
         - /var/run/docker.sock:/var/run/docker.sock
         - ./authorized_keys:/authorized_keys
     networks:
         -com-Network

Here is the log when i connect

SSH | [2018-05-23T06:28:49.519Z]  INFO: sshServer/37 on 552beea9b467: Client connected (clientIp=172.18.0.1)
SSH | [2018-05-23T06:28:49.667Z]  INFO: publicKeyAuth/37 on 552beea9b467: Checking public key against authorized keys (user=root)
SSH | [2018-05-23T06:28:49.669Z]  INFO: publicKeyAuth/37 on 552beea9b467: Found authorized key matching client key at /authorized_keys:1
SSH | [2018-05-23T06:28:49.670Z]  INFO: publicKeyAuth/37 on 552beea9b467: Public key auth succeeded (user=root)
SSH | [2018-05-23T06:28:49.757Z]  INFO: sessionHandler/37 on 552beea9b467: Opening shell
SSH | /usr/src/app/src/session-handler-factory.coffee:21
SSH |       for (i = j = 0, ref = length - text.length; 0 <= ref ? j <= ref : j >= ref; i = 0 <= ref ? ++j : --j) {
SSH |                                          ^
SSH |
SSH | TypeError: Cannot read property 'length' of undefined
SSH |   at /usr/src/app/src/session-handler-factory.coffee:7:41
SSH |   at spaces (/usr/src/app/src/session-handler-factory.coffee:25:7)
SSH |   at header (/usr/src/app/src/session-handler-factory.coffee:13:34)
SSH |   at Session.<anonymous> (/usr/src/app/src/session-handler-factory.coffee:81:28)
SSH |   at emitTwo (events.js:106:13)
SSH |   at Session.emit (events.js:191:7)
SSH |   at SSH2Stream.onREQUEST (/usr/src/app/node_modules/ssh2/lib/server.js:653:16)
SSH |   at emitOne (events.js:96:13)
SSH |   at SSH2Stream.emit (events.js:188:7)
SSH |   at parse_CHANNEL_REQUEST (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:4356:8)
SSH |   at parsePacket (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:3727:12)
SSH |   at SSH2Stream._transform (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:551:13)
SSH |   at SSH2Stream.Transform._read (_stream_transform.js:167:10)
SSH |   at SSH2Stream._read (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:212:15)
SSH |   at SSH2Stream.Transform._write (_stream_transform.js:155:12)
SSH |   at doWrite (_stream_writable.js:331:12)
SSH |   at writeOrBuffer (_stream_writable.js:317:5)
SSH |   at SSH2Stream.Writable.write (_stream_writable.js:243:11)
SSH |   at Socket.ondata (_stream_readable.js:555:20)
SSH |   at emitOne (events.js:96:13)
SSH |   at Socket.emit (events.js:188:7)
SSH |   at readableAddChunk (_stream_readable.js:176:18)
SSH |   at Socket.Readable.push (_stream_readable.js:134:10)
SSH |   at TCP.onread (net.js:547:20)

As it is connecting but error is in /usr/src/app/src/session-handler-factory.coffee:21

Git repo using ssh

Hi
I want to create a remote git repository on my container that is accessible via ssh public key
when i push something to it I get below erros:

fatal: protocol error: bad line length character: B� fatal: pack has bad object at offset 12: delta base offset is out of bound fatal: index-pack failed

Type error: resizeTerm is not a function

I'm trying to connect to my docker container through x2go remote desktop. So I use docker-ssh as a ssh server to help ssh into the container. However, after type into username and password, I got the following error:

Because it's reported by docker-ssh, I guess it may be some bug.

cannot connect when using docker-ssh with compose

The docker run command works just fine! But when I use it with compose (as below) the ssh connection always gets established/authenticated and then closed immediately......

api:
build api
etc....

ssh:
image: jeroenpeeters/docker-ssh
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- $(which docker):/usr/bin/docker
environment:
- CONTAINER=my_api_name
- AUTH_MECHANISM=noAuth
ports:

"2222:22"

Am I missing sth obvious? (I'm just starting with docker). If needed I can post ssh -v output here..

Regards,
Thomas

closed by remote host

docker run -d -p 2222:22
-v /var/run/docker.sock:/var/run/docker.sock
-e FILTERS={"name":["^/ufoym/deepo:all-py36-jupyter$"]}
-e AUTH_MECHANISM=simpleAuth
-e AUTH_USER=gumush -e AUTH_PASSWORD=1234
jeroenpeeters/docker-ssh

i've got this messages in no auth and simple auth with user mode too.

Connection to localhost closed by remote host.
Connection to localhost closed.

Does publicKey authentication work for Web Terminal also?

Hi,
First, thanks for this amazing tool.
Does publicKey authentication work for Web Terminal also? If yes, where/how will it pick up the client ssh key?
I tried to set this up, but the HTTP terminal logged in as it I selected noAuth as the mechanism.
Thanks!

Invalid interpolation format for environment option in Docker Compose

Thanks for creating this Docker image. I'm trying to set it up with Docker Compose and have the following environment config for the container:

environment:
  - FILTERS={\"name\":[\"^/staging$\"]}
  - AUTH_MECHANISM=noAuth

However, when I try docker-compose up, it fails with the following error message:

ERROR: Invalid interpolation format for "environment" option in service "staging-ssh": "FILTERS={"name":["^/staging$"]}"

Any idea what's up here? I also wonder whether the intricate filtering syntax is at all required in Docker Compose, where you can just reference other containers verbatim by name. Is there an alternative syntax or way to do this with Docker Compose?

Usage as a reverse ssh tunnel

Hi,
Firstly, thanks for making this.
I am trying to set up a solution such that my docker container can communicate with the host via ssh. I am trying to do this by connecting from the host to the docker container via ssh, and opening a reverse tunnel.

I have successfully connected to the container from the host via ssh using ssh -p 2022 localhost.

I have created a custom Dockerfile:

FROM jeorenpeeters/docker-ssh

EXPOSE 2222

in hope that the following command from the host would set up a reverse ssh tunnel: ssh -fNT -R 2222:localhost:22 -p 2022 localhost, however I get hit with the Warning: remote port forwarding failed for listen port 2222.

I also have port 2222 exposed on my main docker container, and netstat | grep 2222 shows that port 2222 is not busy.

Is what I am trying to do even possible? I have tried to docker exec -it docker-ssh-test sh into the docker container but I can not find any mention of ssh or sshd.

Any advice would be appreciated.

How to call rsync to the container?

I have successfully shh connect to the container using your great tool docker-ssh image via RSA key authentication.

Though, I failed to rsync my files to upload them to the container as this sample rsync call

rsync -chazvPk  -e "ssh -i /path/to/sshKey -p 122333" /path/to/files/source user@remoteip:/path/to/files/destination

Please help me to make a successful rsync command. Thank you!

Deal with file transfer (SCP)

Maybe a two steps file transfer (transfer file to the sshd container) and then using the docker cp to copy the file from the sshd server to the target container

ssh tunnel warning

Although I think it's a configuration server issue I'm posting it here anyway as I think it might be common case I'm looking to solve here:

Every time I try to ssh to the container through the remote host I'm getting the following warning:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
36:e1:fc:d8:be:10:8a:26:d9:d1:e6:1f:aa:78:cf:93.
Please contact your system administrator.
Add correct host key in /home/rico/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/rico/.ssh/known_hosts:31
remove with: ssh-keygen -f "/home/rico/.ssh/known_hosts" -R [163.172.171.82]:33
RSA host key for [163.172.171.82]:33 has changed and you have requested strict checking.
Host key verification failed.

I can't establish the ssh tunnel. Any advice?

Works but issues errors

Configuration

Docker-compose file

I am using a docker-compose.yml file in the project root folder as follows:

version: '3.7'

services:
    ssh:
      container_name: ssh
      depends_on:
        - my-container
      image: jeroenpeeters/docker-ssh
      volumes:
        - /var/run/docker.sock:/var/run/docker.sock
        - /usr/bin/docker:/usr/bin/docker
        - shared_volume:/.ssh
      environment:
        - FILTERS={"name":["^/my-container$$"]}
        - AUTH_MECHANISM=publicKey
        - AUTHORIZED_KEYS=/.ssh/authorized_keys
      ports:
        - 2222:22
        - 8022:8022
    my-container:
      container_name: my-container
      build:
        context: .
        args:
          SSH_PUBLIC_KEY: ${SSH_PUBLIC_KEY}
      restart: always
      volumes:
        - shared_volume:/var/.ssh
volumes:
    shared_volume:

Dockefile

I am also using a Dockerfile file in the project root folder:

FROM IMAGE:VERSION
ARG SSH_PUBLIC_KEY
# declare a volume at location /var/.ssh
RUN mkdir /var/.ssh
RUN echo "$SSH_PUBLIC_KEY" > /var/.ssh/authorized_keys
VOLUME /var/.ssh

EXPOSE 22
CMD bash

Behaviour

I works when opening through the browser and URL rendering the following characters in the terminal within the browser:

Connection established                                                                                           
                                                                                                                 
 ###############################################################                                                 
 ## Docker SSH ~ Because every container should be accessible ##                                                 
 ###############################################################                                                 
 ## container | /my-container                                 ##                                                 
 ###############################################################

The Errors

When accessing through the browser and URL `localhost:8022`:

When connecting to port 8022 through browser it works but issues the following error within the ssh container:

TypeError: Cannot read property 'session:window-change' of undefined
  at /usr/src/app/src/webserver.coffee:66:33
  at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
  at next (/usr/src/app/node_modules/express/lib/router/route.js:131:13)
  at Route.dispatch (/usr/src/app/node_modules/express/lib/router/route.js:112:3)
  at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
  at /usr/src/app/node_modules/express/lib/router/index.js:277:22
  at param (/usr/src/app/node_modules/express/lib/router/index.js:349:14)
  at param (/usr/src/app/node_modules/express/lib/router/index.js:365:14)
  at Function.process_params (/usr/src/app/node_modules/express/lib/router/index.js:410:3)
  at next (/usr/src/app/node_modules/express/lib/router/index.js:271:10)
  at /usr/src/app/node_modules/body-parser/lib/read.js:129:5
  at invokeCallback (/usr/src/app/node_modules/raw-body/index.js:262:16)
  at done (/usr/src/app/node_modules/raw-body/index.js:251:7)
  at IncomingMessage.onEnd (/usr/src/app/node_modules/raw-body/index.js:307:7)
  at emitNone (events.js:86:13)
  at IncomingMessage.emit (events.js:185:7)
  at endReadableNT (_stream_readable.js:974:12)
  at _combinedTickCallback (internal/process/next_tick.js:80:11)
  at process._tickCallback (internal/process/next_tick.js:104:9)

When trying to access through ssh:

I am using the command ssh -oKexAlgorithms=+curve25519-sha256 -i ~/.ssh/id_ed25519 root@localhost -p 2222 -vvv which results in:

Unable to negotiate with 127.0.0.1 port 2222: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

Does not work on Docker for Windows

Unfortunately there ist no /var/run/docker.sock on Windows.
Can I use docker-ssh on Docker for Windows without mounting this as a volume?

Henry

SSH locks up when trying to execute bash command

Hi, I'm trying to login with the following command which should open an interactive terminal but it just causes the terminal to completely lock up

ssh -p2223 -t localhost 'cd docroot; bash -l'

I'm running a Drupal website and this is a fairly standard command executed by its command line tool to give you a command. I'm running docker and docker compose on a Mac.

My docker compose config looks like this:

  ssh:
    image: jeroenpeeters/docker-ssh
    environment:
      AUTH_MECHANISM: noAuth
      CONTAINER: php_1
      HTTP_ENABLED: 'false'
    ports:
      # Use local port 2223 for SSH connections.
      - '2223:22'
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

This command works fine and gives me a shell which I can then type the commands in manually. Just wondering why the top command doesn't work.

ssh -p2223 -t localhost

ssh into container immediately closes the connection

i ran this command from the instance where docker resides:
sudo docker run -d -p 2222:22
-v /var/run/docker.sock:/var/run/docker.sock
-e CONTAINER=matt -e AUTH_MECHANISM=noAuth
jeroenpeeters/docker-ssh

i run the ssh command to the instance:
ssh -p 2222 -i <KEY_LOCATION> user@ipaddress

and get the following dialogue before it closes the connection immediately

###############################################################

Docker SSH ~ Because every container should be accessible

###############################################################

container | matt

###############################################################

Connection to XX.XXX.XX.XXX closed by remote host.
Connection to XX.XXX.XX.XXX closed.

Webconsole timeout

The web console seems to disconnect the session very quickly after inactivity. Is there a timer value to change this?

Malformed packet error with x2goclient

I'm using docker-ssh to allow x2goclient to connect into a container. However, after typing in the username and password, the server reports the following error.

And in the client, a blank diag occurred, it's title is Authentication Failed. I'm sure the password is correct.

Why is there a private RSA key in this repository?

I have not looked into how this code works, as I don't personally use Docker for anything at the moment, but a friend mentioned this repository to me, and when I saw the id_rsa file, I couldn't help myself but create an issue. I can imagine no scenario where having an RSA private key in the wild for something that someone may use for production is a good idea.

You mention in the readme:

The Docker-SSH container comes with a default RSA key that will be used.

Is that not bad security practice? I mean, in most situations when someone would use this, it's not going to be publicly accessible, but is that really a smart idea to have a default security key for anything in the first place? You even discourage people from setting up no authentication in the readme (and mention that it will log every event in that case):

This mechanism is nevertheless discouraged and should be used with care! The use of this authentication mechanism will create an error entry in the log.

Why not generate the key on setup; many systems have the required system packages in place.

error: Forever detected script exited with code: 1

can aby one suggest
error: Forever detected script exited with code: 1

error when launching container

I get this error message when launching the container

[centos@ip-10-234-131-224 docker-ssh]$ sudo docker run -ti --name sshd-web-server1 -e CONTAINER=matt -p 2222:22 \

-v /var/run/docker.sock:/var/run/docker.sock -v $(which docker):/usr/bin/docker
jeroenpeeters/docker-ssh
Usage of loopback devices is strongly discouraged for production use. Either use --storage-opt dm.thinpooldev or use --storage-opt dm.no_warn_on_loop_devices=true to suppress this warning.

[email protected] start /src
./node_modules/forever/bin/forever -c ./node_modules/coffee-script/bin/coffee server.coffee | ./node_modules/bunyan/bin/bunyan

warn: --minUptime not set. Defaulting to: 1000ms
warn: --spinSleepTime not set. Your script will exit if it does not stay up for at least 1000ms
Configuration error: No AUTH_MECHANISM specified
error: Forever detected script exited with code: 1

invalid reference format: repository name must be lowercase

i trying to use docker-ssh with an ubuntu docker container, but get this error:
invalid reference format: repository name must be lowercase.

my command:
docker run --name sshd-testsystem -p 1333:22 -v /var/run/docker.sock:/var/run/docker.sock -e AUTH_MECHANISM=noAuth -e FILTERS={\"name\":[\"^/mytestsystem$\"]} jeroenpeeters/docker-ssh

the error occures when i set the FILTERS paramter.
What i'am doing wrong?

HTTP API should be split off from Docker-SSH

Currently Docker-SSH comes with an HTTP API and a web client. This invalidates the 'single-responsibility' concept. Docker-SSH does not only bridge the ssh session with a shell started through docker exec, but implements an HTTP API that exposes the shell over an unsecured channel.

Furthermore, the authentication mechanisms implemented for SSH do not apply to the HTTP API. The API, when enabled, simply by-passes these security settings. This makes this channel very insecure.

I propose to remove the HTTP API and the web client from docker-ssh and re-implement it on top of Docker-SSH. This ensures that ssh security is respected and will not be by-passed when configured.
The API and the web client need to implement the appropriate authentication and security measures.

docker for mac (?) issue

$ docker run -d --name alpine alpine:3.4 top
$ docker run -it -p 2222:22 -p 9999:8022 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -e CONTAINER=alpine -e AUTH_MECHANISM=noAuth \
jeroenpeeters/docker-ssh

[2016-11-24T19:14:22.497Z]  INFO: webserver/64 on 30b08b7d3697: Listening (host=::, port=8022)
[2016-11-24T19:14:22.500Z]  INFO: sshServer/64 on 30b08b7d3697: Docker-SSH ~ Because every container should be accessible
[2016-11-24T19:14:22.501Z]  INFO: sshServer/64 on 30b08b7d3697: Listening (host=0.0.0.0, port=22)
[2016-11-24T19:15:06.021Z]  INFO: sshServer/64 on 30b08b7d3697: Client connected (clientIp=172.17.0.1)
[2016-11-24T19:15:06.099Z] ERROR: noAuthHandler/64 on 30b08b7d3697: NoAuthentication handler is handling the authentication! This is INSECURE!
[2016-11-24T19:15:06.184Z]  INFO: sessionHandler/64 on 30b08b7d3697: Opening shell (container=alpine)
[2016-11-24T19:15:06.332Z]  INFO: sessionHandler/64 on 30b08b7d3697: Terminal exited (container=alpine)
[2016-11-24T19:15:06.340Z]  INFO: sessionHandler/64 on 30b08b7d3697: Channel exited (container=alpine)
[2016-11-24T19:15:06.341Z]  INFO: sshServer/64 on 30b08b7d3697: Client disconnected (clientIp=172.17.0.1)
/src/src/session-handler-factory.coffee:156
                  stream.on('data', function(data) {
                        ^

TypeError: Cannot read property 'on' of null
  at Object.callback (/src/src/session-handler-factory.coffee:79:19)
  at /src/node_modules/dockerode/lib/exec.js:39:10
  at Modem.buildPayload (/src/node_modules/docker-modem/lib/modem.js:225:19)
  at ClientRequest.<anonymous> (/src/node_modules/docker-modem/lib/modem.js:210:10)
  at emitOne (events.js:96:13)
  at ClientRequest.emit (events.js:188:7)
  at writeAfterEndNT (_http_outgoing.js:486:8)
  at _combinedTickCallback (internal/process/next_tick.js:77:11)
  at process._tickCallback (internal/process/next_tick.js:98:9)

error: Forever detected script exited with code: 1
error: Script restart attempt #5
[2016-11-24T19:15:07.413Z]  INFO: webserver/70 on 30b08b7d3697: Listening (host=::, port=8022)
[2016-11-24T19:15:07.415Z]  INFO: sshServer/70 on 30b08b7d3697: Docker-SSH ~ Because every container should be accessible
[2016-11-24T19:15:07.416Z]  INFO: sshServer/70 on 30b08b7d3697: Listening (host=0.0.0.0, port=22)

[Typo] Change AUTHORIZED KEYS quotes

Hello,

I am new to GitHub, excuse me if this is somehow the wrong way to approach this.

I think I found a typo in your howto's, regarding public key auth.

$ docker run -d -p 2222:22
-v /var/run/docker.sock:/var/run/docker.sock
-v ./authorized_keys:/authorized_keys
-e CONTAINER=my-container -e AUTH_MECHANISM=publicKey
-e AUTHORIZED_KEYS="/authorized_keys"
jeroenpeeters/docker-ssh

This did not work until I changed the line

-e AUTHORIZED_KEYS="/authorized_keys"

-e AUTHORIZED_KEYS=/authorized_keys

Which is: remove the quotes to make it work. If I did it like in the first line, I would get an ENOENT error - no file or directory found.

Thank you for your project!

Kind regards.

publicKey option not working.

The connection closes immediately

command invoked:
docker run --rm -p 2222:22 -v /var/run/docker.sock:/var/run/docker.sock -v ./authorized_keys:/authorized_keys --name sshd-python-docker -e FILTERS={"name":["^/python-docker$"]} -e AUTH_MECHANISM=publicKey -e AUTHORIZED_KEYS=/authorized_keys jeroenpeeters/docker-ssh

I have tested NoAuth, multiUser, etc. and they all work fine but publicKey is not working

here is error log:
warn: --minUptime not set. Defaulting to: 1000ms
warn: --spinSleepTime not set. Your script will exit if it does not stay up for at least 1000ms
[2018-02-27T20:21:36.702Z] INFO: sshServer/32 on be42859d55fb: Docker filter (filter={"name":["^/python-docker$"]})
[2018-02-27T20:21:36.733Z] INFO: webserver/32 on be42859d55fb: Listening (host=::, port=8022)
[2018-02-27T20:21:36.734Z] INFO: sshServer/32 on be42859d55fb: Docker-SSH ~ Because every container should be accessible
[2018-02-27T20:21:36.734Z] INFO: sshServer/32 on be42859d55fb: Listening (host=0.0.0.0, port=22)
[2018-02-27T20:22:01.281Z] INFO: sshServer/32 on be42859d55fb: Client connected (clientIp=172.17.0.1)
[2018-02-27T20:22:01.414Z] INFO: publicKeyAuth/32 on be42859d55fb: Checking public key against authorized keys (user=mohan)
fs.js:732
var r = binding.read(fd, buffer, offset, length, position);
^

Error: EISDIR: illegal operation on a directory, read
at Error (native)
at Object.fs.readSync (fs.js:732:19)
at tryReadSync (fs.js:487:20)
at Object.fs.readFileSync (fs.js:535:19)
at Client.module.exports (/usr/src/app/src/auth/publicKeyAuth.coffee:18:8)
at emitOne (events.js:96:13)
at Client.emit (events.js:188:7)
at SSH2Stream.onUSERAUTH_REQUEST (/usr/src/app/node_modules/ssh2/lib/server.js:240:12)
at emitMany (events.js:127:13)
at SSH2Stream.emit (events.js:201:7)
at parsePacket (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:3625:10)
at SSH2Stream._transform (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:551:13)
at SSH2Stream.Transform._read (_stream_transform.js:167:10)
at SSH2Stream._read (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:212:15)
at SSH2Stream.Transform._write (_stream_transform.js:155:12)
at doWrite (_stream_writable.js:331:12)
at writeOrBuffer (_stream_writable.js:317:5)
at SSH2Stream.Writable.write (_stream_writable.js:243:11)
at Socket.ondata (_stream_readable.js:555:20)
at emitOne (events.js:96:13)
at Socket.emit (events.js:188:7)
at readableAddChunk (_stream_readable.js:176:18)
at Socket.Readable.push (_stream_readable.js:134:10)
at TCP.onread (net.js:547:20)

error: Forever detected script exited with code: 1
error: Script restart attempt #1
[2018-02-27T20:22:02.287Z] INFO: sshServer/38 on be42859d55fb: Docker filter (filter={"name":["^/python-docker$"]})
[2018-02-27T20:22:02.316Z] INFO: webserver/38 on be42859d55fb: Listening (host=::, port=8022)
[2018-02-27T20:22:02.317Z] INFO: sshServer/38 on be42859d55fb: Docker-SSH ~ Because every container should be accessible
[2018-02-27T20:22:02.318Z] INFO: sshServer/38 on be42859d55fb: Listening (host=0.0.0.0, port=22)

closed by remote host

$ docker run -e CONTAINER=dd -e AUTH_MECHANISM=noAuth --name sshd-dd -p 2222:22 --rm -v /var/run/docker.sock:/var/run/docker.sock jeroenpeeters/docker-ssh

[email protected] start /src
./node_modules/forever/bin/forever -c ./node_modules/coffee-script/bin/coffee server.coffee | ./node_modules/bunyan/bin/bunyan

warn: --minUptime not set. Defaulting to: 1000ms
warn: --spinSleepTime not set. Your script will exit if it does not stay up for at least 1000ms
[2016-04-16T16:29:22.962Z] INFO: webserver/28 on 33d804fc9e2e: Listening (host=::, port=8022)
[2016-04-16T16:29:22.971Z] INFO: sshServer/28 on 33d804fc9e2e: Docker-SSH ~ Because every container should be accessible
[2016-04-16T16:29:22.973Z] INFO: sshServer/28 on 33d804fc9e2e: Listening (host=0.0.0.0, port=22)
[2016-04-16T16:29:30.700Z] INFO: sshServer/28 on 33d804fc9e2e: Client connected (clientIp=192.168.99.1)
[2016-04-16T16:29:30.824Z] ERROR: noAuthHandler/28 on 33d804fc9e2e: NoAuthentication handler is handling the authentication! This is INSECURE!
[2016-04-16T16:29:30.942Z] INFO: sessionHandler/28 on 33d804fc9e2e: Opening shell (container=dd)
/src/src/session-handler-factory.coffee:133
return exec.start({
^

TypeError: Cannot read property 'start' of null
at Object.callback (/src/src/session-handler-factory.coffee:69:15)
at /src/node_modules/dockerode/lib/container.js:283:26
at [object Object].Modem.buildPayload (/src/node_modules/dockerode/node_modules/docker-modem/lib/modem.js:225:19)
at ClientRequest. (/src/node_modules/dockerode/node_modules/docker-modem/lib/modem.js:210:10)
at emitOne (events.js:77:13)
at ClientRequest.emit (events.js:169:7)
at Socket.socketErrorListener (_http_client.js:258:9)
at emitOne (events.js:77:13)
at Socket.emit (events.js:169:7)
at emitErrorNT (net.js:1256:8)
at nextTickCallbackWith2Args (node.js:441:9)
at process._tickCallback (node.js:355:17)

error: Forever detected script exited with code: 1
error: Script restart attempt #1

Web terminal not working

No matter what I do the web terminal does not work.

I run my flask container:
docker run -d -p 5000:5000 --name flask salirezav/simple-flask-app
and then I do this:
docker run -p 2222:22 -v /var/run/docker.sock:/var/run/docker.sock -e FILTERS={\"name\":[\"^/flask$\"]} -e AUTH_MECHANISM=noAuth -e HTTP_ENABLED=true -e HTTP_PORT=9999 jeroenpeeters/docker-ssh

then I open localhost:9999 and nothing.
this web terminal would really help me in my project. I really appreciate it if you could help me solve this problem.

Is there a Fork which has evolved further?

There are currently quite many forks: https://github.com/jeroenpeeters/docker-ssh/network/members

Maybe some of them have progressed further and added functionality & squashed bugs?

They could be listed here as it's clear this repo is not active anymore.

RPI build

hello i tried to build an arm docker container of this project but failed. please can you make a
Dockerfile.armhf for it. i think it nice to have for raspberry pi. it appears light and sleek

docker-ssh crashes when using pycharm ssh client

In the shell ssh user@localhost -p 2222 works fine. Using the PyCharm ssh client to start a session kills the docker-ssh container with docker logs output:

NoAuthentication handler is handling the authentication! This is INSECURE!
/usr/src/app/src/sessionHandler.coffee:97
return x = accept();
^
TypeError: undefined is not a function
at Session. (/usr/src/app/src/sessionHandler.coffee:79:11)
at Session.emit (events.js:118:17)
at SSH2Stream.onREQUEST (/usr/src/app/node_modules/ssh2/lib/server.js:596:16)
at SSH2Stream.emit (events.js:107:17)
at parse_CHANNEL_REQUEST (/usr/src/app/node_modules/ssh2/node_modules/ssh2-streams/lib/ssh.js:4361:8)
at parsePacket (/usr/src/app/node_modules/ssh2/node_modules/ssh2-streams/lib/ssh.js:3732:12)
at SSH2Stream._transform (/usr/src/app/node_modules/ssh2/node_modules/ssh2-streams/lib/ssh.js:555:13)
at SSH2Stream.Transform._read as __read
at SSH2Stream._read (/usr/src/app/node_modules/ssh2/node_modules/ssh2-streams/lib/ssh.js:213:15)
at SSH2Stream.Transform._write (_stream_transform.js:167:12)
at doWrite (_stream_writable.js:301:12)
at writeOrBuffer (_stream_writable.js:288:5)
at SSH2Stream.Writable.write (_stream_writable.js:217:11)
at Socket.ondata (_stream_readable.js:540:20)
at Socket.emit (events.js:107:17)
at readableAddChunk (_stream_readable.js:163:16)
at Socket.Readable.push (_stream_readable.js:126:10)
at TCP.onread (net.js:538:20)

npm ERR! Linux 3.16.0-43-generic
npm ERR! argv "node" "/usr/local/bin/npm" "start"
npm ERR! node v0.12.7
npm ERR! npm v2.14.1
npm ERR! code ELIFECYCLE
npm ERR! [email protected] start: ./node_modules/coffee-script/bin/coffee server.coffee
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] start script './node_modules/coffee-script/bin/coffee server.coffee'.
npm ERR! This is most likely a problem with the docker-ssh package,
npm ERR! not with npm itself.
npm ERR! Tell the author that this fails on your system:
npm ERR! ./node_modules/coffee-script/bin/coffee server.coffee
npm ERR! You can get their info via:
npm ERR! npm owner ls docker-ssh
npm ERR! There is likely additional logging output above.

npm ERR! Please include the following file with any support request:
npm ERR! /usr/src/app/npm-debug.log

Feature request: Multiple containers

Will be nice to run this container once and be able to login to any other container. Container could be chosed by login (ssh [email protected]) and also will be nice to configure permissions (what keys can acces what containers).

Is it possible to connect from one container to another?

I'm trying to ssh from one container into another using docker-ssh.

Currently only ssh-ing from host to container works:

$ ssh -p 2222 localhost

 ###############################################################
 ## Docker SSH ~ Because every container should be accessible ##
 ###############################################################
 ## container | jenkinsdocker_dev_1                           ##
 ###############################################################

/app $

From within the jenkins container connection is refused:

$ docker exec -it -u jenkins $(docker-compose ps -q jenkins) /bin/bash
jenkins@67eaa071cc04:/tmp/files$ ssh -p 2222 dev
ssh: connect to host dev port 2222: Connection refused

The containers are set up using docker-compose:

#######################################
# Jenkins CI Docker container
#######################################
jenkins:
  build: docker/jenkins
  links:
    - dev
  volumes:
    - ./docker/jenkins/JENKINS_HOME/:/usr/share/jenkins/ref/
    - ./docker/jenkins/plugins/:/usr/share/jenkins/ref/plugins/
    - ./:/docker/
  ports:
    - "8080:8080"
    - "9418:9418"
  # cap and privileged needed for slowlog
  cap_add:
    - SYS_PTRACE
  privileged: true
  env_file:
    - etc/environment.yml
    - etc/environment.development.yml
######################################
# ssh service for dev container
######################################
sshdev:
  image: jeroenpeeters/docker-ssh
  environment:
    #todo: replace jenkinsdocker with variable
    - CONTAINER=jenkinsdocker_dev_1
    - AUTH_MECHANISM=noAuth
  ports:
    - "2222:22"
  volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - /Applications/Docker.app/Contents/Resources/bin/docker:/usr/bin/docker
#######################################
# dev - mock dev server
#######################################
dev:
  build: docker/web
  volumes:
    - ./app/dev/:/app/
    - ./:/docker/
  ports:
    - "8081:80"

Do I miss something or is it impossible?

Fallback to sh as CONTAINER_SHELL if bash is not available

Many images based on Alpine Linux etc do not contain bash, so docker-ssh does not work out of the box and error message is cryptic.

originator: #21

How to get this to work with latest Alpine image?

Hi,

This works great with ubuntu but I can't get it to work with Centos or Alpine images. E.g.
https://hub.docker.com/_/alpine/
https://hub.docker.com/_/centos/

Any suggestions?

I'm thinking for Centos probably a firewall issue?
For Alpine I'm thinking maybe it doesn't come with ssh installed?

jeroenpeeters / docker-ssh Goto Github PK

docker-ssh's Introduction

Docker-SSH

What is it?

Index

Preamble

Features & Todo

Add SSH capabilities to any container!

Web terminal

Web API

Starting a session

Sending commands to a session

Resizing a terminalId

User Authentication

noAuth

simpleAuth

multiUser

publicKey

SHELL_USER

Docker Filter

Server Identity and Security

Arguments

Credits

docker-ssh's People

Contributors

Stargazers

Watchers

Forkers

docker-ssh's Issues

Configuration

Docker-compose file

Dockefile

Behaviour

The Errors

When accessing through the browser and URL localhost:8022:

When trying to access through ssh:

Docker SSH ~ Because every container should be accessible

container | matt

Recommend Projects

Recommend Topics

Recommend Org

When accessing through the browser and URL `localhost:8022`: