jeroenpeeters / docker-ssh Goto Github PK
View Code? Open in Web Editor NEWSSH Server for Docker containers ~ Because every container should be accessible
License: GNU General Public License v2.0
SSH Server for Docker containers ~ Because every container should be accessible
License: GNU General Public License v2.0
Hi,
First, thanks for this amazing tool.
Does publicKey authentication work for Web Terminal also? If yes, where/how will it pick up the client ssh key?
I tried to set this up, but the HTTP terminal logged in as it I selected noAuth as the mechanism.
Thanks!
Thanks for creating this Docker image. I'm trying to set it up with Docker Compose and have the following environment config for the container:
environment:
- FILTERS={\"name\":[\"^/staging$\"]}
- AUTH_MECHANISM=noAuth
However, when I try docker-compose up
, it fails with the following error message:
ERROR: Invalid interpolation format for "environment" option in service "staging-ssh": "FILTERS={"name":["^/staging$"]}"
Any idea what's up here? I also wonder whether the intricate filtering syntax is at all required in Docker Compose, where you can just reference other containers verbatim by name. Is there an alternative syntax or way to do this with Docker Compose?
Many images based on Alpine Linux etc do not contain bash, so docker-ssh does not work out of the box and error message is cryptic.
originator: #21
I'm trying to use a docker container as a jenkins slave, which pertains to the jenkins master connecting to the jenkins slave through ssh. I thought the method would be perfect for my use case, however i can't issue a remote command:
$ ssh -p 2222 sfo java -jar ~/slave.jar
'java -jar ~/slave.jar' is not (yet) supported by Docker-SSH
are there any support of remote commands coming up?
I try to put in prmpt color in the bashrc flke but it is not loaded automatically i.e. I have to call source ~/.bashrc
manually.
$ docker run -e CONTAINER=dd -e AUTH_MECHANISM=noAuth --name sshd-dd -p 2222:22 --rm -v /var/run/docker.sock:/var/run/docker.sock jeroenpeeters/docker-ssh
[email protected] start /src
./node_modules/forever/bin/forever -c ./node_modules/coffee-script/bin/coffee server.coffee | ./node_modules/bunyan/bin/bunyan
warn: --minUptime not set. Defaulting to: 1000ms
warn: --spinSleepTime not set. Your script will exit if it does not stay up for at least 1000ms
[2016-04-16T16:29:22.962Z] INFO: webserver/28 on 33d804fc9e2e: Listening (host=::, port=8022)
[2016-04-16T16:29:22.971Z] INFO: sshServer/28 on 33d804fc9e2e: Docker-SSH ~ Because every container should be accessible
[2016-04-16T16:29:22.973Z] INFO: sshServer/28 on 33d804fc9e2e: Listening (host=0.0.0.0, port=22)
[2016-04-16T16:29:30.700Z] INFO: sshServer/28 on 33d804fc9e2e: Client connected (clientIp=192.168.99.1)
[2016-04-16T16:29:30.824Z] ERROR: noAuthHandler/28 on 33d804fc9e2e: NoAuthentication handler is handling the authentication! This is INSECURE!
[2016-04-16T16:29:30.942Z] INFO: sessionHandler/28 on 33d804fc9e2e: Opening shell (container=dd)
/src/src/session-handler-factory.coffee:133
return exec.start({
^
TypeError: Cannot read property 'start' of null
at Object.callback (/src/src/session-handler-factory.coffee:69:15)
at /src/node_modules/dockerode/lib/container.js:283:26
at [object Object].Modem.buildPayload (/src/node_modules/dockerode/node_modules/docker-modem/lib/modem.js:225:19)
at ClientRequest. (/src/node_modules/dockerode/node_modules/docker-modem/lib/modem.js:210:10)
at emitOne (events.js:77:13)
at ClientRequest.emit (events.js:169:7)
at Socket.socketErrorListener (_http_client.js:258:9)
at emitOne (events.js:77:13)
at Socket.emit (events.js:169:7)
at emitErrorNT (net.js:1256:8)
at nextTickCallbackWith2Args (node.js:441:9)
at process._tickCallback (node.js:355:17)
error: Forever detected script exited with code: 1
error: Script restart attempt #1
Would be important to secure the login with pubkey or just user / password.
Feature is planned, but should be high priority.
can aby one suggest
error: Forever detected script exited with code: 1
Maybe a two steps file transfer (transfer file to the sshd container) and then using the docker cp
to copy the file from the sshd server to the target container
No matter what I do the web terminal does not work.
I run my flask container:
docker run -d -p 5000:5000 --name flask salirezav/simple-flask-app
and then I do this:
docker run -p 2222:22 -v /var/run/docker.sock:/var/run/docker.sock -e FILTERS={\"name\":[\"^/flask$\"]} -e AUTH_MECHANISM=noAuth -e HTTP_ENABLED=true -e HTTP_PORT=9999 jeroenpeeters/docker-ssh
then I open localhost:9999
and nothing.
this web terminal would really help me in my project. I really appreciate it if you could help me solve this problem.
I have not looked into how this code works, as I don't personally use Docker for anything at the moment, but a friend mentioned this repository to me, and when I saw the id_rsa
file, I couldn't help myself but create an issue. I can imagine no scenario where having an RSA private key in the wild for something that someone may use for production is a good idea.
You mention in the readme:
The Docker-SSH container comes with a default RSA key that will be used.
Is that not bad security practice? I mean, in most situations when someone would use this, it's not going to be publicly accessible, but is that really a smart idea to have a default security key for anything in the first place? You even discourage people from setting up no authentication in the readme (and mention that it will log every event in that case):
This mechanism is nevertheless discouraged and should be used with care! The use of this authentication mechanism will create an error entry in the log.
Why not generate the key on setup; many systems have the required system packages in place.
Hi
I want to create a remote git repository on my container that is accessible via ssh public key
when i push something to it I get below erros:
fatal: protocol error: bad line length character: B� fatal: pack has bad object at offset 12: delta base offset is out of bound fatal: index-pack failed
Here Is my Docker FIle
SSH:
container_name: SSHD
image: jeroenpeeters/docker-ssh
restart: always
ports:
- "2222:22"
environment:
- HTTP_ENABLED=true
- FILTERS={\"name\":[\"^/Container-Nginx$$\"]}
- AUTH_MECHANISM=publicKey
- AUTHORIZED_KEYS=/authorized_keys
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./authorized_keys:/authorized_keys
networks:
-com-Network
Here is the log when i connect
SSH | [2018-05-23T06:28:49.519Z] INFO: sshServer/37 on 552beea9b467: Client connected (clientIp=172.18.0.1)
SSH | [2018-05-23T06:28:49.667Z] INFO: publicKeyAuth/37 on 552beea9b467: Checking public key against authorized keys (user=root)
SSH | [2018-05-23T06:28:49.669Z] INFO: publicKeyAuth/37 on 552beea9b467: Found authorized key matching client key at /authorized_keys:1
SSH | [2018-05-23T06:28:49.670Z] INFO: publicKeyAuth/37 on 552beea9b467: Public key auth succeeded (user=root)
SSH | [2018-05-23T06:28:49.757Z] INFO: sessionHandler/37 on 552beea9b467: Opening shell
SSH | /usr/src/app/src/session-handler-factory.coffee:21
SSH | for (i = j = 0, ref = length - text.length; 0 <= ref ? j <= ref : j >= ref; i = 0 <= ref ? ++j : --j) {
SSH | ^
SSH |
SSH | TypeError: Cannot read property 'length' of undefined
SSH | at /usr/src/app/src/session-handler-factory.coffee:7:41
SSH | at spaces (/usr/src/app/src/session-handler-factory.coffee:25:7)
SSH | at header (/usr/src/app/src/session-handler-factory.coffee:13:34)
SSH | at Session.<anonymous> (/usr/src/app/src/session-handler-factory.coffee:81:28)
SSH | at emitTwo (events.js:106:13)
SSH | at Session.emit (events.js:191:7)
SSH | at SSH2Stream.onREQUEST (/usr/src/app/node_modules/ssh2/lib/server.js:653:16)
SSH | at emitOne (events.js:96:13)
SSH | at SSH2Stream.emit (events.js:188:7)
SSH | at parse_CHANNEL_REQUEST (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:4356:8)
SSH | at parsePacket (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:3727:12)
SSH | at SSH2Stream._transform (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:551:13)
SSH | at SSH2Stream.Transform._read (_stream_transform.js:167:10)
SSH | at SSH2Stream._read (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:212:15)
SSH | at SSH2Stream.Transform._write (_stream_transform.js:155:12)
SSH | at doWrite (_stream_writable.js:331:12)
SSH | at writeOrBuffer (_stream_writable.js:317:5)
SSH | at SSH2Stream.Writable.write (_stream_writable.js:243:11)
SSH | at Socket.ondata (_stream_readable.js:555:20)
SSH | at emitOne (events.js:96:13)
SSH | at Socket.emit (events.js:188:7)
SSH | at readableAddChunk (_stream_readable.js:176:18)
SSH | at Socket.Readable.push (_stream_readable.js:134:10)
SSH | at TCP.onread (net.js:547:20)
As it is connecting but error is in /usr/src/app/src/session-handler-factory.coffee:21
I'm following the instructions and am receiving the following error when attempting to connect via SSH:
PTY allocation request failed on channel 0
shell request failed on channel 0
Unfortunately there ist no /var/run/docker.sock on Windows.
Can I use docker-ssh on Docker for Windows without mounting this as a volume?
Henry
i ran this command from the instance where docker resides:
sudo docker run -d -p 2222:22
-v /var/run/docker.sock:/var/run/docker.sock
-e CONTAINER=matt -e AUTH_MECHANISM=noAuth
jeroenpeeters/docker-ssh
i run the ssh command to the instance:
ssh -p 2222 -i <KEY_LOCATION> user@ipaddress
and get the following dialogue before it closes the connection immediately
###############################################################
###############################################################
###############################################################
Connection to XX.XXX.XX.XXX closed by remote host.
Connection to XX.XXX.XX.XXX closed.
Hi, I'm trying to login with the following command which should open an interactive terminal but it just causes the terminal to completely lock up
ssh -p2223 -t localhost 'cd docroot; bash -l'
I'm running a Drupal website and this is a fairly standard command executed by its command line tool to give you a command. I'm running docker and docker compose on a Mac.
My docker compose config looks like this:
ssh:
image: jeroenpeeters/docker-ssh
environment:
AUTH_MECHANISM: noAuth
CONTAINER: php_1
HTTP_ENABLED: 'false'
ports:
# Use local port 2223 for SSH connections.
- '2223:22'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
This command works fine and gives me a shell which I can then type the commands in manually. Just wondering why the top command doesn't work.
ssh -p2223 -t localhost
I get this error message when launching the container
[centos@ip-10-234-131-224 docker-ssh]$ sudo docker run -ti --name sshd-web-server1 -e CONTAINER=matt -p 2222:22 \
-v /var/run/docker.sock:/var/run/docker.sock -v $(which docker):/usr/bin/docker
jeroenpeeters/docker-ssh
Usage of loopback devices is strongly discouraged for production use. Either use--storage-opt dm.thinpooldev
or use--storage-opt dm.no_warn_on_loop_devices=true
to suppress this warning.[email protected] start /src
./node_modules/forever/bin/forever -c ./node_modules/coffee-script/bin/coffee server.coffee | ./node_modules/bunyan/bin/bunyan
warn: --minUptime not set. Defaulting to: 1000ms
warn: --spinSleepTime not set. Your script will exit if it does not stay up for at least 1000ms
Configuration error: No AUTH_MECHANISM specified
error: Forever detected script exited with code: 1
The docker run command works just fine! But when I use it with compose (as below) the ssh connection always gets established/authenticated and then closed immediately......
api:
build api
etc....
ssh:
image: jeroenpeeters/docker-ssh
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- $(which docker):/usr/bin/docker
environment:
- CONTAINER=my_api_name
- AUTH_MECHANISM=noAuth
ports:
Am I missing sth obvious? (I'm just starting with docker). If needed I can post ssh -v output here..
Regards,
Thomas
I follow your readme file https://github.com/jeroenpeeters/docker-ssh#publickey and from there, we can get the SSH authorized by private key via extra params
-e AUTH_MECHANISM=publicKey \
-e AUTHORIZED_KEYS=/authorized_keys \
where authorized_keys file containing a list of public keys. Does it mean the value of param AUTHORIZED_KEYS
to be the path to a file on the host machine (i.e. NOT the container)?
p.s.
I also see in the next section at https://github.com/jeroenpeeters/docker-ssh#server-identity-and-security, you mentioned about -v /path/to/my/key:/my_key -e KEYPATH=/my_key - I guess this is where I define the private key for the SSH authentication, and put the public key to param AUTHORIZED_KEYS
above, right?
I have successfully shh connect to the container using your great tool docker-ssh image via RSA key authentication.
Though, I failed to rsync my files to upload them to the container as this sample rsync call
rsync -chazvPk -e "ssh -i /path/to/sshKey -p 122333" /path/to/files/source user@remoteip:/path/to/files/destination
Please help me to make a successful rsync command. Thank you!
Perhaps you didn't mean to include this?
i trying to use docker-ssh with an ubuntu docker container, but get this error:
invalid reference format: repository name must be lowercase.
my command:
docker run --name sshd-testsystem -p 1333:22 -v /var/run/docker.sock:/var/run/docker.sock -e AUTH_MECHANISM=noAuth -e FILTERS={\"name\":[\"^/mytestsystem$\"]} jeroenpeeters/docker-ssh
the error occures when i set the FILTERS paramter.
What i'am doing wrong?
This looks really promising but I just can't get it to work. Even if I more or less c&p your example:
Start something to ssh into later.
docker run -it --rm --name sshd-less debian tail -f /dev/null
Start the docker-ssh container:
docker run -e CONTAINER=sshd-less -e AUTH_MECHANISM=noAuth \
--name sshd-php-debug-test -p 2222:22 -p 8022:8022 --rm \
-v /var/run/docker.sock:/var/run/docker.sock -v $(which docker):/usr/bin/docker \
jeroenpeeters/docker-ssh
The webinterface only gives me:
Connection established
###############################################################
## Docker SSH ~ Because every container should be accessible ##
###############################################################
## container | php-debug-test2 ##
###############################################################
Terminal exited.
Nothing like in your screenshot. Then trying to connect via ssh root@localhost -p 2222
results in the following:
###############################################################
## Docker SSH ~ Because every container should be accessible ##
###############################################################
## container | php-debug-test2 ##
###############################################################
Connection to localhost closed.
Any idea? I'd be really interested in a minimal working example. Does the container I'd like to ssh into have to provide anything?
Will be nice to run this container once and be able to login to any other container. Container could be chosed by login (ssh [email protected]
) and also will be nice to configure permissions (what keys can acces what containers).
Hello,
I am new to GitHub, excuse me if this is somehow the wrong way to approach this.
I think I found a typo in your howto's, regarding public key auth.
$ docker run -d -p 2222:22
-v /var/run/docker.sock:/var/run/docker.sock
-v ./authorized_keys:/authorized_keys
-e CONTAINER=my-container -e AUTH_MECHANISM=publicKey
-e AUTHORIZED_KEYS="/authorized_keys"
jeroenpeeters/docker-ssh
This did not work until I changed the line
-e AUTHORIZED_KEYS="/authorized_keys"
to
-e AUTHORIZED_KEYS=/authorized_keys
Which is: remove the quotes to make it work. If I did it like in the first line, I would get an ENOENT error - no file or directory found.
Thank you for your project!
Kind regards.
I am using a docker-compose.yml
file in the project root folder as follows:
version: '3.7'
services:
ssh:
container_name: ssh
depends_on:
- my-container
image: jeroenpeeters/docker-ssh
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker
- shared_volume:/.ssh
environment:
- FILTERS={"name":["^/my-container$$"]}
- AUTH_MECHANISM=publicKey
- AUTHORIZED_KEYS=/.ssh/authorized_keys
ports:
- 2222:22
- 8022:8022
my-container:
container_name: my-container
build:
context: .
args:
SSH_PUBLIC_KEY: ${SSH_PUBLIC_KEY}
restart: always
volumes:
- shared_volume:/var/.ssh
volumes:
shared_volume:
I am also using a Dockerfile
file in the project root folder:
FROM IMAGE:VERSION
ARG SSH_PUBLIC_KEY
# declare a volume at location /var/.ssh
RUN mkdir /var/.ssh
RUN echo "$SSH_PUBLIC_KEY" > /var/.ssh/authorized_keys
VOLUME /var/.ssh
EXPOSE 22
CMD bash
I works when opening through the browser and URL rendering the following characters in the terminal within the browser:
Connection established
###############################################################
## Docker SSH ~ Because every container should be accessible ##
###############################################################
## container | /my-container ##
###############################################################
localhost:8022
:When connecting to port 8022 through browser it works but issues the following error within the ssh container:
TypeError: Cannot read property 'session:window-change' of undefined
at /usr/src/app/src/webserver.coffee:66:33
at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
at next (/usr/src/app/node_modules/express/lib/router/route.js:131:13)
at Route.dispatch (/usr/src/app/node_modules/express/lib/router/route.js:112:3)
at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
at /usr/src/app/node_modules/express/lib/router/index.js:277:22
at param (/usr/src/app/node_modules/express/lib/router/index.js:349:14)
at param (/usr/src/app/node_modules/express/lib/router/index.js:365:14)
at Function.process_params (/usr/src/app/node_modules/express/lib/router/index.js:410:3)
at next (/usr/src/app/node_modules/express/lib/router/index.js:271:10)
at /usr/src/app/node_modules/body-parser/lib/read.js:129:5
at invokeCallback (/usr/src/app/node_modules/raw-body/index.js:262:16)
at done (/usr/src/app/node_modules/raw-body/index.js:251:7)
at IncomingMessage.onEnd (/usr/src/app/node_modules/raw-body/index.js:307:7)
at emitNone (events.js:86:13)
at IncomingMessage.emit (events.js:185:7)
at endReadableNT (_stream_readable.js:974:12)
at _combinedTickCallback (internal/process/next_tick.js:80:11)
at process._tickCallback (internal/process/next_tick.js:104:9)
I am using the command ssh -oKexAlgorithms=+curve25519-sha256 -i ~/.ssh/id_ed25519 root@localhost -p 2222 -vvv
which results in:
Unable to negotiate with 127.0.0.1 port 2222: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
I'm trying to ssh from one container into another using docker-ssh.
Currently only ssh-ing from host to container works:
$ ssh -p 2222 localhost
###############################################################
## Docker SSH ~ Because every container should be accessible ##
###############################################################
## container | jenkinsdocker_dev_1 ##
###############################################################
/app $
From within the jenkins container connection is refused:
$ docker exec -it -u jenkins $(docker-compose ps -q jenkins) /bin/bash
jenkins@67eaa071cc04:/tmp/files$ ssh -p 2222 dev
ssh: connect to host dev port 2222: Connection refused
The containers are set up using docker-compose:
#######################################
# Jenkins CI Docker container
#######################################
jenkins:
build: docker/jenkins
links:
- dev
volumes:
- ./docker/jenkins/JENKINS_HOME/:/usr/share/jenkins/ref/
- ./docker/jenkins/plugins/:/usr/share/jenkins/ref/plugins/
- ./:/docker/
ports:
- "8080:8080"
- "9418:9418"
# cap and privileged needed for slowlog
cap_add:
- SYS_PTRACE
privileged: true
env_file:
- etc/environment.yml
- etc/environment.development.yml
######################################
# ssh service for dev container
######################################
sshdev:
image: jeroenpeeters/docker-ssh
environment:
#todo: replace jenkinsdocker with variable
- CONTAINER=jenkinsdocker_dev_1
- AUTH_MECHANISM=noAuth
ports:
- "2222:22"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /Applications/Docker.app/Contents/Resources/bin/docker:/usr/bin/docker
#######################################
# dev - mock dev server
#######################################
dev:
build: docker/web
volumes:
- ./app/dev/:/app/
- ./:/docker/
ports:
- "8081:80"
Do I miss something or is it impossible?
Hi :-)
Thanks for this useful library.
I would like to ask why the container parameter is deprecated? It seems to make more sense to use "container" especially when using docker-compose. I don't see how adding json to an environment variable improves anything while the container property is straight forward, easy to use and works like a charm. The same can't be said about the filters property. When I try to use the value from the examples I get "Invalid interpolation format" errors. There should be a solution for it but still..... Container does give a headache. I am a big fan of "container".
Kind regards,
Daan
In the shell ssh user@localhost -p 2222 works fine. Using the PyCharm ssh client to start a session kills the docker-ssh container with docker logs output:
NoAuthentication handler is handling the authentication! This is INSECURE!
/usr/src/app/src/sessionHandler.coffee:97
return x = accept();
^
TypeError: undefined is not a function
at Session. (/usr/src/app/src/sessionHandler.coffee:79:11)
at Session.emit (events.js:118:17)
at SSH2Stream.onREQUEST (/usr/src/app/node_modules/ssh2/lib/server.js:596:16)
at SSH2Stream.emit (events.js:107:17)
at parse_CHANNEL_REQUEST (/usr/src/app/node_modules/ssh2/node_modules/ssh2-streams/lib/ssh.js:4361:8)
at parsePacket (/usr/src/app/node_modules/ssh2/node_modules/ssh2-streams/lib/ssh.js:3732:12)
at SSH2Stream._transform (/usr/src/app/node_modules/ssh2/node_modules/ssh2-streams/lib/ssh.js:555:13)
at SSH2Stream.Transform._read as __read
at SSH2Stream._read (/usr/src/app/node_modules/ssh2/node_modules/ssh2-streams/lib/ssh.js:213:15)
at SSH2Stream.Transform._write (_stream_transform.js:167:12)
at doWrite (_stream_writable.js:301:12)
at writeOrBuffer (_stream_writable.js:288:5)
at SSH2Stream.Writable.write (_stream_writable.js:217:11)
at Socket.ondata (_stream_readable.js:540:20)
at Socket.emit (events.js:107:17)
at readableAddChunk (_stream_readable.js:163:16)
at Socket.Readable.push (_stream_readable.js:126:10)
at TCP.onread (net.js:538:20)
npm ERR! Linux 3.16.0-43-generic
npm ERR! argv "node" "/usr/local/bin/npm" "start"
npm ERR! node v0.12.7
npm ERR! npm v2.14.1
npm ERR! code ELIFECYCLE
npm ERR! [email protected] start: ./node_modules/coffee-script/bin/coffee server.coffee
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] start script './node_modules/coffee-script/bin/coffee server.coffee'.
npm ERR! This is most likely a problem with the docker-ssh package,
npm ERR! not with npm itself.
npm ERR! Tell the author that this fails on your system:
npm ERR! ./node_modules/coffee-script/bin/coffee server.coffee
npm ERR! You can get their info via:
npm ERR! npm owner ls docker-ssh
npm ERR! There is likely additional logging output above.
npm ERR! Please include the following file with any support request:
npm ERR! /usr/src/app/npm-debug.log
Hi
The connection closes immediately
command invoked:
docker run --rm -p 2222:22 -v /var/run/docker.sock:/var/run/docker.sock -v ./authorized_keys:/authorized_keys --name sshd-python-docker -e FILTERS={"name":["^/python-docker$"]} -e AUTH_MECHANISM=publicKey -e AUTHORIZED_KEYS=/authorized_keys jeroenpeeters/docker-ssh
I have tested NoAuth, multiUser, etc. and they all work fine but publicKey is not working
here is error log:
warn: --minUptime not set. Defaulting to: 1000ms
warn: --spinSleepTime not set. Your script will exit if it does not stay up for at least 1000ms
[2018-02-27T20:21:36.702Z] INFO: sshServer/32 on be42859d55fb: Docker filter (filter={"name":["^/python-docker$"]})
[2018-02-27T20:21:36.733Z] INFO: webserver/32 on be42859d55fb: Listening (host=::, port=8022)
[2018-02-27T20:21:36.734Z] INFO: sshServer/32 on be42859d55fb: Docker-SSH ~ Because every container should be accessible
[2018-02-27T20:21:36.734Z] INFO: sshServer/32 on be42859d55fb: Listening (host=0.0.0.0, port=22)
[2018-02-27T20:22:01.281Z] INFO: sshServer/32 on be42859d55fb: Client connected (clientIp=172.17.0.1)
[2018-02-27T20:22:01.414Z] INFO: publicKeyAuth/32 on be42859d55fb: Checking public key against authorized keys (user=mohan)
fs.js:732
var r = binding.read(fd, buffer, offset, length, position);
^
Error: EISDIR: illegal operation on a directory, read
at Error (native)
at Object.fs.readSync (fs.js:732:19)
at tryReadSync (fs.js:487:20)
at Object.fs.readFileSync (fs.js:535:19)
at Client.module.exports (/usr/src/app/src/auth/publicKeyAuth.coffee:18:8)
at emitOne (events.js:96:13)
at Client.emit (events.js:188:7)
at SSH2Stream.onUSERAUTH_REQUEST (/usr/src/app/node_modules/ssh2/lib/server.js:240:12)
at emitMany (events.js:127:13)
at SSH2Stream.emit (events.js:201:7)
at parsePacket (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:3625:10)
at SSH2Stream._transform (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:551:13)
at SSH2Stream.Transform._read (_stream_transform.js:167:10)
at SSH2Stream._read (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:212:15)
at SSH2Stream.Transform._write (_stream_transform.js:155:12)
at doWrite (_stream_writable.js:331:12)
at writeOrBuffer (_stream_writable.js:317:5)
at SSH2Stream.Writable.write (_stream_writable.js:243:11)
at Socket.ondata (_stream_readable.js:555:20)
at emitOne (events.js:96:13)
at Socket.emit (events.js:188:7)
at readableAddChunk (_stream_readable.js:176:18)
at Socket.Readable.push (_stream_readable.js:134:10)
at TCP.onread (net.js:547:20)
error: Forever detected script exited with code: 1
error: Script restart attempt #1
[2018-02-27T20:22:02.287Z] INFO: sshServer/38 on be42859d55fb: Docker filter (filter={"name":["^/python-docker$"]})
[2018-02-27T20:22:02.316Z] INFO: webserver/38 on be42859d55fb: Listening (host=::, port=8022)
[2018-02-27T20:22:02.317Z] INFO: sshServer/38 on be42859d55fb: Docker-SSH ~ Because every container should be accessible
[2018-02-27T20:22:02.318Z] INFO: sshServer/38 on be42859d55fb: Listening (host=0.0.0.0, port=22)
$ docker run -d --name alpine alpine:3.4 top
$ docker run -it -p 2222:22 -p 9999:8022 \
-v /var/run/docker.sock:/var/run/docker.sock \
-e CONTAINER=alpine -e AUTH_MECHANISM=noAuth \
jeroenpeeters/docker-ssh
[2016-11-24T19:14:22.497Z] INFO: webserver/64 on 30b08b7d3697: Listening (host=::, port=8022)
[2016-11-24T19:14:22.500Z] INFO: sshServer/64 on 30b08b7d3697: Docker-SSH ~ Because every container should be accessible
[2016-11-24T19:14:22.501Z] INFO: sshServer/64 on 30b08b7d3697: Listening (host=0.0.0.0, port=22)
[2016-11-24T19:15:06.021Z] INFO: sshServer/64 on 30b08b7d3697: Client connected (clientIp=172.17.0.1)
[2016-11-24T19:15:06.099Z] ERROR: noAuthHandler/64 on 30b08b7d3697: NoAuthentication handler is handling the authentication! This is INSECURE!
[2016-11-24T19:15:06.184Z] INFO: sessionHandler/64 on 30b08b7d3697: Opening shell (container=alpine)
[2016-11-24T19:15:06.332Z] INFO: sessionHandler/64 on 30b08b7d3697: Terminal exited (container=alpine)
[2016-11-24T19:15:06.340Z] INFO: sessionHandler/64 on 30b08b7d3697: Channel exited (container=alpine)
[2016-11-24T19:15:06.341Z] INFO: sshServer/64 on 30b08b7d3697: Client disconnected (clientIp=172.17.0.1)
/src/src/session-handler-factory.coffee:156
stream.on('data', function(data) {
^
TypeError: Cannot read property 'on' of null
at Object.callback (/src/src/session-handler-factory.coffee:79:19)
at /src/node_modules/dockerode/lib/exec.js:39:10
at Modem.buildPayload (/src/node_modules/docker-modem/lib/modem.js:225:19)
at ClientRequest.<anonymous> (/src/node_modules/docker-modem/lib/modem.js:210:10)
at emitOne (events.js:96:13)
at ClientRequest.emit (events.js:188:7)
at writeAfterEndNT (_http_outgoing.js:486:8)
at _combinedTickCallback (internal/process/next_tick.js:77:11)
at process._tickCallback (internal/process/next_tick.js:98:9)
error: Forever detected script exited with code: 1
error: Script restart attempt #5
[2016-11-24T19:15:07.413Z] INFO: webserver/70 on 30b08b7d3697: Listening (host=::, port=8022)
[2016-11-24T19:15:07.415Z] INFO: sshServer/70 on 30b08b7d3697: Docker-SSH ~ Because every container should be accessible
[2016-11-24T19:15:07.416Z] INFO: sshServer/70 on 30b08b7d3697: Listening (host=0.0.0.0, port=22)
Hi,
This works great with ubuntu but I can't get it to work with Centos or Alpine images. E.g.
https://hub.docker.com/_/alpine/
https://hub.docker.com/_/centos/
Any suggestions?
I'm thinking for Centos probably a firewall issue?
For Alpine I'm thinking maybe it doesn't come with ssh installed?
Hi,
Firstly, thanks for making this.
I am trying to set up a solution such that my docker container can communicate with the host via ssh. I am trying to do this by connecting from the host to the docker container via ssh, and opening a reverse tunnel.
I have successfully connected to the container from the host via ssh using ssh -p 2022 localhost
.
I have created a custom Dockerfile:
FROM jeorenpeeters/docker-ssh
EXPOSE 2222
in hope that the following command from the host would set up a reverse ssh tunnel: ssh -fNT -R 2222:localhost:22 -p 2022 localhost
, however I get hit with the Warning: remote port forwarding failed for listen port 2222
.
I also have port 2222 exposed on my main docker container, and netstat | grep 2222
shows that port 2222 is not busy.
Is what I am trying to do even possible? I have tried to docker exec -it docker-ssh-test sh
into the docker container but I can not find any mention of ssh or sshd.
Any advice would be appreciated.
Although I think it's a configuration server issue I'm posting it here anyway as I think it might be common case I'm looking to solve here:
Every time I try to ssh to the container through the remote host I'm getting the following warning:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
36:e1:fc:d8:be:10:8a:26:d9:d1:e6:1f:aa:78:cf:93.
Please contact your system administrator.
Add correct host key in /home/rico/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/rico/.ssh/known_hosts:31
remove with: ssh-keygen -f "/home/rico/.ssh/known_hosts" -R [163.172.171.82]:33
RSA host key for [163.172.171.82]:33 has changed and you have requested strict checking.
Host key verification failed.
I can't establish the ssh tunnel. Any advice?
Currently Docker-SSH comes with an HTTP API and a web client. This invalidates the 'single-responsibility' concept. Docker-SSH does not only bridge the ssh session with a shell started through docker exec, but implements an HTTP API that exposes the shell over an unsecured channel.
Furthermore, the authentication mechanisms implemented for SSH do not apply to the HTTP API. The API, when enabled, simply by-passes these security settings. This makes this channel very insecure.
I propose to remove the HTTP API and the web client from docker-ssh and re-implement it on top of Docker-SSH. This ensures that ssh security is respected and will not be by-passed when configured.
The API and the web client need to implement the appropriate authentication and security measures.
I have created ssh tunnel:
ssh -v -L 1234:localhost:1234 -R 26162:localhost:26162 -p 2222 localhost -o "UserKnownHostsFile /dev/null"
When trying to use this tunnel
debug1: Connection to port 1234 forwarding to localhost port 1234 requested.
debug1: channel 3: new [direct-tcpip]
channel 3: open failed: administratively prohibited:
debug1: channel 3: free: direct-tcpip: listening port 1234 for localhost port 1234, connect from 127.0.0.1 port 51457 to 127.0.0.1 port 1234, nchannels 4
for me this looks like tcp forwarding in not allowed
Hello,
I tried using it but I kept getting "Connection to my_container closed by remote host."
I looked up the log of docker-ssh and this is what I have:
[2016-03-11T10:01:42.522Z] INFO: sshServer/29 on 1f88d6fb3bdf: Client connected (clientIp=172.17.0.10)
[2016-03-11T10:01:42.615Z] ERROR: noAuthHandler/29 on 1f88d6fb3bdf: NoAuthentication handler is handling the authentication! This is INSECURE!
[2016-03-11T10:01:42.696Z] INFO: sessionHandler/29 on 1f88d6fb3bdf: Exec (container=my_container , command=my_command")
/src/src/session-handler-factory.coffee:77
return exec.start({
^
TypeError: Cannot read property 'start' of null
at Object.callback (/src/src/session-handler-factory.coffee:41:15)
at /src/node_modules/dockerode/lib/container.js:256:26
at [object Object].Modem.buildPayload (/src/node_modules/dockerode/node_modules/docker-modem/lib/modem.js:225:19)
at ClientRequest.<anonymous> (/src/node_modules/dockerode/node_modules/docker-modem/lib/modem.js:210:10)
at emitOne (events.js:77:13)
at ClientRequest.emit (events.js:169:7)
at Socket.socketErrorListener (_http_client.js:259:9)
at emitOne (events.js:77:13)
at Socket.emit (events.js:169:7)
at emitErrorNT (net.js:1257:8)
at doNTCallback2 (node.js:441:9)
at process._tickCallback (node.js:355:17)
error: Forever detected script exited with code: 1
error: Script restart attempt #1
[2016-03-11T10:01:44.096Z] INFO: webserver/34 on 1f88d6fb3bdf: Listening (host=::, port=8022)
I can try things if you tell me :)
Hi - I received the following error messsage after entering a user name at the SSH shell prompt.
Disconnected: No supported authentication methods available (server sent: )
Here is the docker run command:
docker run -dit -e CONTAINER=test -e AUTH_MECHANISM=publicKey -e AUTHORIZED_KEYS=authorized_keys --name docker-ssh -p 2222:22 -v authorized_keys:/authorized_keys -v /var/run/docker.sock:/var/run/docker.sock jeroenpeeters/docker-ssh
I did copy my authorized_keys file to the docker volume.
btw: I assume the user has to be root with the default image?
[opc@dockerdb ~/docker-ssh]$ docker logs 0a
[email protected] start /src
./node_modules/forever/bin/forever -c ./node_modules/coffee-script/bin/coffee server.coffee | ./node_modules/bunyan/bin/bunyan
warn: --minUptime not set. Defaulting to: 1000ms
warn: --spinSleepTime not set. Your script will exit if it does not stay up for at least 1000ms
[2016-10-19T22:47:01.048Z] INFO: webserver/33 on 0a2199525555: Listening (host=::, port=8022)
[2016-10-19T22:47:01.050Z] INFO: sshServer/33 on 0a2199525555: Docker-SSH ~ Because every container should be accessible
[2016-10-19T22:47:01.051Z] INFO: sshServer/33 on 0a2199525555: Listening (host=0.0.0.0, port=22)
[2016-10-19T22:47:18.735Z] INFO: sshServer/33 on 0a2199525555: Client connected (clientIp=24.55.18.151)
events.js:160
throw er; // Unhandled 'error' event
^
Error: No supported authentication methods available
at onDISCONNECT (/src/node_modules/ssh2-streams/lib/ssh.js:2029:15)
at SSH2Stream. (/src/node_modules/ssh2-streams/lib/ssh.js:178:5)
at emitMany (events.js:127:13)
at SSH2Stream.emit (events.js:201:7)
at parsePacket (/src/node_modules/ssh2-streams/lib/ssh.js:3462:10)
at SSH2Stream._transform (/src/node_modules/ssh2-streams/lib/ssh.js:551:13)
at SSH2Stream.Transform._read (_stream_transform.js:167:10)
at SSH2Stream._read (/src/node_modules/ssh2-streams/lib/ssh.js:212:15)
at SSH2Stream.Transform._write (_stream_transform.js:155:12)
at doWrite (_stream_writable.js:307:12)
at writeOrBuffer (_stream_writable.js:293:5)
at SSH2Stream.Writable.write (_stream_writable.js:220:11)
at Socket.ondata (_stream_readable.js:555:20)
at emitOne (events.js:96:13)
at Socket.emit (events.js:188:7)
at readableAddChunk (_stream_readable.js:172:18)
at Socket.Readable.push (_stream_readable.js:130:10)
at TCP.onread (net.js:542:20)
error: Forever detected script exited with code: 1
error: Script restart attempt #1
[2016-10-19T22:47:23.399Z] INFO: webserver/39 on 0a2199525555: Listening (host=::, port=8022)
[2016-10-19T22:47:23.403Z] INFO: sshServer/39 on 0a2199525555: Docker-SSH ~ Because every container should be accessible
[2016-10-19T22:47:23.403Z] INFO: sshServer/39 on 0a2199525555: Listening (host=0.0.0.0, port=22)
I know it's a long shot, but has anyone tried to connect to a container using the docker-ssh from Visual Studio 2017? From the VS2017 I can SSH to the host, from Putty I can SSH to container, but I cannot SSH to container from VS2017 - it times out and says to "check the machine name blabla".
Since I am able to SSH to the container with Putty, I assume the problem is with VS2017. I'm just wondering if anyone else stumbled upon this
There are currently quite many forks: https://github.com/jeroenpeeters/docker-ssh/network/members
Maybe some of them have progressed further and added functionality & squashed bugs?
They could be listed here as it's clear this repo is not active anymore.
Hi,
As per man 8 sshd, we can put # commented lines or empty lines in a standard authorized_keys file :
AUTHORIZED_KEYS FILE FORMAT
AuthorizedKeysFile specifies the files containing public keys for public key authentication; if this option is not specified, the default is ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. Each line of the file contains one key (empty lines and lines
starting with a ‘#’ are ignored as comments).
But with docker-ssh, if I use a comment in this file :
me@somewhere:$ cat authorized_keys
# This is a regular comment
ssh-rsa AAAA_my_pretty _secret_key_here_kfjlkfjqlskfjzfzjb key comment
I get this error thrown :
[2018-08-10T17:18:23.221Z] INFO: publicKeyAuth/33 on 7e7ad76cb459: Checking public key against authorized keys (user=root)
/usr/src/app/node_modules/ssh2-streams/lib/utils.js:352
throw new Error('Missing data generated by parseKey()');
^
Error: Missing data generated by parseKey()
at Object.genPublicKey (/usr/src/app/node_modules/ssh2-streams/lib/utils.js:352:11)
at /usr/src/app/src/auth/publicKeyAuth.coffee:21:37
at Array.forEach (native)
at Client.module.exports (/usr/src/app/src/auth/publicKeyAuth.coffee:18:64)
at emitOne (events.js:96:13)
at Client.emit (events.js:188:7)
at SSH2Stream.onUSERAUTH_REQUEST (/usr/src/app/node_modules/ssh2/lib/server.js:240:12)
at emitMany (events.js:127:13)
at SSH2Stream.emit (events.js:201:7)
at parsePacket (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:3625:10)
at SSH2Stream._transform (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:551:13)
at SSH2Stream.Transform._read (_stream_transform.js:167:10)
at SSH2Stream._read (/usr/src/app/node_modules/ssh2-streams/lib/ssh.js:212:15)
at SSH2Stream.Transform._write (_stream_transform.js:155:12)
at doWrite (_stream_writable.js:331:12)
at writeOrBuffer (_stream_writable.js:317:5)
at SSH2Stream.Writable.write (_stream_writable.js:243:11)
at Socket.ondata (_stream_readable.js:555:20)
at emitOne (events.js:96:13)
at Socket.emit (events.js:188:7)
at readableAddChunk (_stream_readable.js:176:18)
at Socket.Readable.push (_stream_readable.js:134:10)
at TCP.onread (net.js:547:20)
error: Forever detected script exited with code: 1
error: Script restart attempt #1
Would you mind patching your code to accept comments and empty lines (I have not tested if an empty line is hitting the same bug, just to mention) ?
Thanx for your valuable software by the way and have a great day !
Fred.
When using docker-ssh, the opened shell on the target container is for the root
-user. Is it somehow possible to change this, so that we can specify a user which the shell should be run as?
Hi, sadly I need more documentation to get started.
I get Received disconnect from ::1 port 2222:2:
Is there a sample container to connect to? It wont connect to mine.
Maybe even a shell script that wraps the command.
hello i tried to build an arm docker container of this project but failed. please can you make a
Dockerfile.armhf for it. i think it nice to have for raspberry pi. it appears light and sleek
The web console seems to disconnect the session very quickly after inactivity. Is there a timer value to change this?
docker run -d -p 2222:22
-v /var/run/docker.sock:/var/run/docker.sock
-e FILTERS={"name":["^/ufoym/deepo:all-py36-jupyter$"]}
-e AUTH_MECHANISM=simpleAuth
-e AUTH_USER=gumush -e AUTH_PASSWORD=1234
jeroenpeeters/docker-ssh
i've got this messages in no auth and simple auth with user mode too.
Connection to localhost closed by remote host.
Connection to localhost closed.
hi. can you help me this?
i start the docker-ssh and i found no problem
but when i try to connect ssh
and it return [2016-11-16T16:29:44.752Z] INFO: sshServer/44 on 711da3200ebb: Listening (host=0.0.0.0, port=22)
[2016-11-16T16:29:45.108Z] INFO: sshServer/44 on 711da3200ebb: Client connected (clientIp=172.19.0.1)
[2016-11-16T16:29:45.175Z] ERROR: noAuthHandler/44 on 711da3200ebb: NoAuthentication handler is handling the authentication! This is INSECURE!
[2016-11-16T16:29:45.258Z] INFO: sessionHandler/44 on 711da3200ebb: Opening shell (container=test-ssh)
[2016-11-16T16:29:45.400Z] INFO: sessionHandler/44 on 711da3200ebb: Terminal exited (container=test-ssh)
[2016-11-16T16:29:45.405Z] INFO: sessionHandler/44 on 711da3200ebb: Channel exited (container=test-ssh)
[2016-11-16T16:29:45.407Z] INFO: sshServer/44 on 711da3200ebb: Client disconnected (clientIp=172.19.0.1)
/src/src/session-handler-factory.coffee:156
stream.on('data', function(data) {
^
TypeError: Cannot read property 'on' of null
at Object.callback (/src/src/session-handler-factory.coffee:79:19)
at /src/node_modules/dockerode/lib/exec.js:39:10
at Modem.buildPayload (/src/node_modules/docker-modem/lib/modem.js:225:19)
at ClientRequest. (/src/node_modules/docker-modem/lib/modem.js:210:10)
at emitOne (events.js:96:13)
at ClientRequest.emit (events.js:188:7)
at writeAfterEndNT (_http_outgoing.js:499:8)
at _combinedTickCallback (internal/process/next_tick.js:77:11)
at process._tickCallback (internal/process/next_tick.js:98:9)
error: Forever detected script exited with code: 1
error: Script restart attempt #2
AND DISCONNECT to the terminal
please help me
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.