I am confused with below examples, because it cannot work.

docker run -ti -p 2222:22 \
  -v ${HOME}/.ssh/id_rsa.pub:/root/.ssh/authorized_keys:ro \
  -v $(pwd)/keys/:/etc/ssh/keys \
  -v $(pwd)/data/:/data/ \
  -e SSH_ENABLE_ROOT=true \
  docker.io/panubo/sshd:1.3.0

docker run -ti -p 2222:22 \
  -v ${HOME}/.ssh/id_rsa.pub:/etc/authorized_keys/www:ro \
  -v $(pwd)/keys/:/etc/ssh/keys \
  -v $(pwd)/data/:/data/ \
  -e SSH_USERS="www:48:48" \
  docker.io/panubo/sshd:1.3.0

:ro change directory to -rw-r--r-

bash-5.0# ls -tlr /root/.ssh/
total 4
-rw-r--r--    1 1000     1000           396 Oct 26 16:45 authorized_keys

If want to keep id_rsa.pub safe, why not make a directory and copy it into that?

mkdir pk
cp ${HOME}/.ssh/id_rsa.pub pk

docker run -ti -p 2222:22 \
  -v $(pwd)/pk/id_rsa.pub:/root/.ssh/authorized_keys \
  -v $(pwd)/keys/:/etc/ssh/keys \
  -v $(pwd)/data/:/data/ \
  -e SSH_ENABLE_ROOT=true \
  docker.io/panubo/sshd:1.3.0

I am using your image along with Open JDK 11 and "nailgun" (a Java program). When I run the nailgun client with the parameter ng-cp, I do not get back any output. I have tested nailgun with Centos 8 and a brand new version of Alpine without your code, and it works fine. Can you assist? Thank you.

Thanks for the great Docker image! Unfortunately, I noticed the image is only being built for amd64. It would be nice to also have images for e.g. arm/v7, so it can run on a Raspberry Pi as well.

Luckily the base image supports quite some architectures. Adding other arches should be quite easy:

• GitHub Actions example
• Native example

Do you see any possibility to support this?

When mounting my public key to the root users authorized_keys and setting SSH_ENABLE_ROOT=true you still cannot logon as root. It looks like it would require a change of the /etc/ssh/sshd_config to allow it.

$ ssh root@localhost -p 9022                                                                                                                                               
root@localhost: Permission denied (publickey,keyboard-interactive).

docker-compose.yml

version: '2'

services:
  sshd:
    image: panubo/sshd
    volumes:
      - ${HOME}/.ssh/id_rsa.pub:/root/authorized_keys:ro
      - ${PWD}/keys/:/etc/ssh/keys
      - ${PWD}/data:/data/
    environment:
      - SSH_ENABLE_ROOT=true
    ports:
      - "9022:22"

I don't expect it to be a major problem. but it does mean the example doesn't work.

Hi guys,

can you a new version of the image please, to fix the terrapin vulerability. Alpine already has openssh 9.6 ready.

Cheers, matti

Similar to panubo/docker-postfix#28.

Also change SFTP_MODE -> SFTP_ONLY_MODE

Hi,

my CI build broken a few hours ago, it looks like that doing what stated in README is not working anymore:

docker run -d -p 2222:22 -v /secrets/id_rsa.pub:/root/.ssh/authorized_keys -v /mnt/data/:/data/ docker.io/panubo/sshd

It is maybe a bit stupid question but how do I define what the password is?
is it something extra in SSH_USERS?

I know that SSH_ENABLE_PASSWORD_AUTH=true is required

Thanks for this container. I needed something like this to access mounted volumes externally.

Comment on the warning here:

# Fix permissions, if writable
if [ -w ~/.ssh ]; then
    chown -R root:root ~/.ssh && chmod 700 ~/.ssh/ && chmod 600 ~/.ssh/* || echo "WARNING: No SSH authorized_keys or config found for root"
fi

It checks if the ~/.ssh is writable, but if we are sharing only the /root/.ssh/authorized_keys (like the README) read only the if statement will be true, but the chown will fail (chown: /root/.ssh/authorized_keys: Read-only file system) and it will throw the warning.

I didn't see anybody else report this problem, so maybe I'm doing something wrong, but docker logs shows Authentication refused: bad ownership or modes for file /etc/authorized_keys/foo. This fixes it, after creating the container:

docker exec -t bar bash -c 'chown foo:foo /etc/authorized_keys/foo'

Steps to reproduce:

scp ~/.ssh/foo.pub bar:
docker run --name baz -d -p 2222:22 --network-alias=howdy --network=baz.local \
  --mount type=bind,source=$(pwd)/foo.pub,target=/etc/authorized_keys/foo \
  -e SSH_USERS="foo:1001:1001" docker.io/panubo/sshd:1.0.3

I've been able to run the image just fine --- doing various things. What I can't seem to do it is to replace its /etc/ssh/sshd_config with my own. Notice this is supported. The homepage says

Configure the container with the following environment variables or optionally mount a custom sshd config at /etc/ssh/sshd_config:

I'd like to replace it because I want to set directives such as ListenAddress. Whenever I try to replace it, I get the following error:

#docker run -v $(pwd)/sshd_config:/etc/ssh/sshd_config docker.io/panubo/sshd:latest
> Starting SSHD
>> Generating new host keys
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
error: Failed to execute command
saving failed (run 'errors' for details)
#

Output of DEBUG=true.

#docker run -v $(pwd)/sshd_config:/etc/ssh/sshd_config -e DEBUG=true docker.io/panubo/sshd:latest
> Starting SSHD
+ DAEMON=sshd
+ echo '> Starting SSHD'
++ ls -A /etc/ssh
>> Generating new host keys
+ '[' '!' 'moduli
ssh_config
sshd_config' ']'
+ ls '/etc/ssh/keys/ssh_host_*'
+ ls '/etc/ssh/ssh_host_*'
+ echo '>> Generating new host keys'
+ mkdir -p /etc/ssh/keys
+ ssh-keygen -A
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
+ mv /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_ed25519_key.pub /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub /etc/ssh/keys/
+ set_hostkeys
+ printf '%s\n' 'set /files/etc/ssh/sshd_config/HostKey[1] /etc/ssh/keys/ssh_host_rsa_key' 'set /files/etc/ssh/sshd_config/HostKey[2] /etc/ssh/keys/ssh_host_dsa_key' 'set /files/etc/ssh/sshd_config/HostKey[3] /etc/ssh/keys/ssh_host_ecdsa_key' 'set /files/etc/ssh/sshd_config/HostKey[4] /etc/ssh/keys/ssh_host_ed25519_key'
+ augtool -s
error: Failed to execute command
saving failed (run 'errors' for details)
#

OS: CentOS 7
Docker: docker-ce-18.06.1.ce-3.el7.x86_64

I am having issues with running this docker container, it works once it has been pulled and started. But when I reset the server I need to manually bring the server down with docker-compose and then up it again, otherwise it just keeps restarting.

I tested this on a virtual Debian docker server and a physical CentOS server.

Docker-compose.yml:

---
version: '3.1'
services:
  bastion:
    image: panubo/sshd:latest
    container_name: bastion
    restart: always
    ports:
      - "x.x.x.x:xyz:22"
    volumes:
      - /opt/sshd/config/authorized_keys:/home/user/.ssh/authorized_keys
      - /opt/sshd/config/known_hosts:/home/user/.ssh/known_hosts
      - /opt/sshd/config/ssh-key:/home/user/.ssh/id_rsa:ro
      - /opt/sshd/config/ssh-key.pub:/home/user/.ssh/id_rsa.pub:ro
      - /opt/sshd/config/ssh_config:/home/user/.ssh/config:ro
      - /opt/sshd/config/.profile:/home/user/.profile:ro
      - /opt/sshd/config/keys:/etc/ssh/keys:ro
      - /opt/docker_config/resolv.conf:/etc/resolv.conf:ro
    environment:
      - SSH_USERS=user:505:505

Step 4/6 : COPY entry.sh /entry.sh
COPY failed: stat /var/lib/docker/tmp/docker-builder114673644/entry.sh: no such file or directory

My username on Ubuntu is "kevin" with keys in ~/.ssh/id_rsa.pub

After build image, I execute the command:

docker run -ti -p 22:22 \
-v ${HOME}/.ssh/id_rsa.pub:/etc/authorized_keys/kevin:ro \
-v $(pwd)/data/:/data/ \
-e SSH_USERS="kevin:48:48" \
enziin/authen-ssh:1.0 bash

But I get the message error:

WARNING: Incorrect ownership for /etc/authorized_keys/kevin. Expected uid/gid: 48/48, found uid/gid: 1000/1000. File uid/gid must match SSH_USERS or be root owned.

And

ssh kevin@localhost
kex_exchange_identification: read: Connection reset by peer

I have a problem with sending email from the docker image. What I'm trying is to create a txt file with sender, recepient, subject, body and then send it with sendmail. But all I get always is:

bash-5.0# sendmail -vt < mail.txt 
sendmail: can't connect to remote host (127.0.0.1): Connection refused

Any idea how can I use sendmail inside the docker?

If no environment variable SSH_USERS exists, create a user for every filename in /etc/authorized_keys.

When restarting an existing container of this image, the entry script fails because it is trying to create users that have already been created at the previous start. Concretely, the addgroup, adduser and passwd calls fail.

If the root account is enabled via SSH_ENABLE_ROOT=true the restricted modes do not seem to apply to the root account, i.e. one can still login via SSH getting a regular shell login. After checking the entrypoint script, I realized that it only applies the restricted shell etc. to the configured users via SSH_USERS.

I think, this behavior should at least be documented. However, I was wondering if there is a specific reason to exclude the root account from the restricted modes since I'd prefer to use root (for simplicity with access rights for the keys files as well as the files written via rsync) but still have the added security of restricted access.

-v /secrets/id_rsa.pub:/root/.ssh/authorized_keys:ro

Was having a problem here, I think having read only on that will stop your entrypoint.sh from changing to proper permissions root:root 0600.

I was getting
auth.info sshd[37]: Authentication refused: bad ownership or modes for file /root/.ssh/authorized_keys

Works after taking the :ro away from the docker run command

Some pull requests are pending without any comment.

Is the repo dead?

>> Adding user user1 with uid: 1000, gid: 1000, shell: <default>. 16/11/2020 16:05:41>> Adding user user2 with uid: 1001, gid: 1000, shell: <default>. 16/11/2020 16:05:41groupadd: GID '1000' already exists

And container exits. I suggest to do a fix by using getent group ${_GID} >/dev/null 2>&1 || { groupadd -g ${_GID} ${_NAME} } instead.

Many thanks for your exceptional work.

Hi I've been using this to gave ssh access for support.
This week suddenly it got this message, whenever we want to open connection outside docker host

telnet: Unable to connect to remote host: Connection refused

I use your script inside my custom container cause it need php and other stuff. I thought it was my script so I run directly using your image

docker run --rm \
  -e SSH_USERS=test:1000:1000:/bin/bash \
  -e SSH_ENABLE_PASSWORD_AUTH=true \
  -v $(pwd)/setpasswd.sh:/etc/entrypoint.d/setpasswd.sh \
  -p2222:22 \
panubo/sshd

setpasswd.sh contain the password

#!/usr/bin/env bash
set -e
echo "test:888888" | chpasswd

FIrewall is disabled

Alpine 3.14 is almost EOL, upgrade to the latest alpine release please.

The environment variable is not actually used to set the chroot path. See: http://github.com/panubo/docker-sshd/blob/aa347246ceae6af44d465c2399f8a67a2aed8306/entry.sh#L104

An easy workaround is of course just to mount the dir you want to chroot into on /data.

With this config :

   sftp:
    image: panubo/sshd:1.2.0
    hostname: sftp
    ports:
      - "2222:22"
    environment:
      SSH_USERS: tradegateag:1000:1000
    volumes:
      - "./ssh/id_rsa.pub:/etc/authorized_keys/tradegateag:ro"

I'm hving this exception.

[info]   java.lang.RuntimeException: org.testcontainers.containers.ContainerLaunchException: Timed out waiting for container port to open (localhost ports: [32777, 2222] should be listening)
[info]   at org.rnorth.ducttape.timeouts.Timeouts.callFuture(Timeouts.java:68)
[info]   at org.rnorth.ducttape.timeouts.Timeouts.doWithTimeout(Timeouts.java:60)
[info]   at org.testcontainers.containers.wait.strategy.WaitAllStrategy.waitUntilReady(WaitAllStrategy.java:53)
[info]   at org.testcontainers.containers.DockerComposeContainer.waitUntilServiceStarted(DockerComposeContainer.java:254)
[info]   at java.base/java.util.concurrent.ConcurrentHashMap.forEach(ConcurrentHashMap.java:1603)
[info]   at org.testcontainers.containers.DockerComposeContainer.waitUntilServiceStarted(DockerComposeContainer.java:234)
[info]   at org.testcontainers.containers.DockerComposeContainer.start(DockerComposeContainer.java:173)
[info]   at com.dimafeng.testcontainers.DockerComposeContainer.start(DockerComposeContainer.scala:166)
[info]   at com.dimafeng.testcontainers.ForAllTestContainer.run(ForAllTestContainer.scala:17)
[info]   at com.dimafeng.testcontainers.ForAllTestContainer.run$(ForAllTestContainer.scala:13)
[info]   ...
[info]   Cause: org.testcontainers.containers.ContainerLaunchException: Timed out waiting for container port to open (localhost ports: [32777, 2222] should be listening)
[info]   at org.testcontainers.containers.wait.strategy.HostPortWaitStrategy.waitUntilReady(HostPortWaitStrategy.java:49)
[info]   at org.testcontainers.containers.wait.strategy.AbstractWaitStrategy.waitUntilReady(AbstractWaitStrategy.java:35)
[info]   at org.testcontainers.containers.wait.strategy.WaitAllStrategy.waitUntilNestedStrategiesAreReady(WaitAllStrategy.java:61)
[info]   at org.testcontainers.containers.wait.strategy.WaitAllStrategy.lambda$waitUntilReady$0(WaitAllStrategy.java:54)
[info]   at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
[info]   at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
[info]   at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
[info]   at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
[info]   at java.base/java.lang.Thread.run(Thread.java:832)

The current version (1.3.0) has some security flaws that can be fixed by just rebuilding the container (apk upgrade).
Can this be done?

I am using github actions and your docker image to test my tool.

Here is my config

# This is a basic workflow to help you get started with Actions

name: CI

on:
  push:
   branches:
    - main
    

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  build:
    
    runs-on: ubuntu-latest
          
    services:
      ssh: panubo/sshd 
    
    
    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      - name: Get container information
        id: conf
        run: |
          echo "::set-output name=DOCKER_ID::$(docker ps -q)"
          echo "::set-output name=DOCKER_IP::$(docker exec $(docker ps -q) ifconfig eth0 | cut -d ':' -f 2 | sed -n '2p' | cut -d ' ' -f 1)"
      
      - name: Create SSH Keys
        run: |
          sudo rm -rf /keys
          sudo mkdir /keys 
          sudo chown $USER:$USER /keys -R
          ssh-keygen -f /keys/src -N ''
          ssh-keygen -f /keys/dest -N ''
      
      - name: Setup source user
        run: |
          docker exec ${{ steps.conf.outputs.DOCKER_ID }} mkdir -p /home/src/.ssh
          docker exec ${{ steps.conf.outputs.DOCKER_ID }} useradd -d /home/src src
          docker cp /keys/src.pub ${{ steps.conf.outputs.DOCKER_ID }}:/home/src/.ssh/authorized_keys
          docker exec ${{ steps.conf.outputs.DOCKER_ID }} chown src:src -Rv /home/src
          
      - name: Setup destination user
        run: |
          docker exec ${{ steps.conf.outputs.DOCKER_ID }} mkdir -p /home/dest/.ssh
          docker exec ${{ steps.conf.outputs.DOCKER_ID }} useradd -d /home/dest dest
          docker cp /keys/dest.pub ${{ steps.conf.outputs.DOCKER_ID }}:/home/dest/.ssh/authorized_keys
          docker exec ${{ steps.conf.outputs.DOCKER_ID }} chown dest:dest -Rv /home/dest
        
      - name: Check ssh connection
        run: ssh -i /keys/src src@${{ steps.conf.outputs.DOCKER_IP }} "whoami"

I am getting this error

Hello,
first, thanks a lot for this very useful container, it work's very well.

I see on the standard-output that i have a lot of invalid login attempts. I want to secure it with fail2ban, and i need to read the file /var/log/auth.log, but it itsn't there.

Is there an option to enable / implement this?

Thank you in advance,
best regards,
Martin

A version deployed today to Docker Hub changes behavior with regard to tunneling. Connecting to the remote with a tunnel open works as it has before:

--- ~ » ssh -N -L 12345:remote:2345 root@sshd

... but actually trying to communicate with the remote service using the local port fails with:

channel 2: open failed: administratively prohibited: open failed

Something must have changed in the default config that prohibits connecting out to a remote service from the container.

the executable test in

 if [[ -x ${f} ]]; then 
     echo ">> Running: ${f}" 
     ${f} 
 fi 

is not passing on files with 755 permissions set
this could be a bug in musl libc

changing to

 if [[ -f ${f} ]]; then 
     echo ">> Running: ${f}" 
     ${f} 
 fi 

is the workaround we adopted

In the readme, you suggest:

Password authentication is not recommended however using SSH_ENABLE_PASSWORD_AUTH=true you can enable password authentication. The image doesn't provide any way to set user passwords via config but you can use the custom scripts support to run a custom script to set user passwords.

My script (which looks similar to the one provided; thanks guys):

#!/usr/bin/env bash

set -e

echo 'user1:$6$lAkdPbeeZR7YJiE3$ohWgU3LcSVit/hEZ2VOVKvxD.67.N9h5v4ML7.4X51ZK3kABbTPHkZUPzN9jxQQWXtkLctI0FJZR8CChIwz.S/' | chpasswd --encrypted

echo 'test:test' | chpasswd

By passing this in using docker run -ti --publish 2222:22 -v /.../sshd/keys/:/etc/ssh/keys -e SSH_USERS=user1:1012:1112,test:1013:1113 -e SSH_ENABLE_PASSWORD_AUTH=true -v /.../sshd/entrypoint.d/:/etc/entrypoint.d/ panubo/sshd, I keep getting Failed password for test from 172.17.0.1 port 51866 ssh2 as an error message during login attempts. I try to log into both user1 and test users with the passwords as provided above. No dice. Any ideas?

P.S. I did check the file system by attaching to the container. Docker did mount the script in at container launch.

I know this is probably harmless but I'd like to see a fast failure when someone tries to log in without a key. As it stands doing a:

% ssh [email protected]

results in a password prompt. Setting the following in sshd_config causes an immediate failure

PasswordAuthentication no

There was a huge security flaw in alpine based docker images (see here).
Since this docker image has a lot of pulls, it should be updated.

With following setpasswd.sh:

#!/usr/bin/env bash
set -e
echo "root:root" | chpasswd

When launching the docker container, this files is correctly executed:

$ docker run --rm -p 2222:22 -e SSH_ENABLE_ROOT=true -e SSH_ENABLE_PASSWORD_AUTH=true -v $(pwd)/entrypoint.d/:/etc/entrypoint.d/ docker.io/panubo/sshd:1.3.0
Unable to find image 'panubo/sshd:1.3.0' locally
1.3.0: Pulling from panubo/sshd
df20fa9351a1: Pull complete 
eeeb77613589: Pull complete 
a551ea48ade2: Pull complete 
Digest: sha256:b5435f6c5a667ae8c3bd7ea6571612e888515b42d5c78b3c2d0e05bd93bcb365
Status: Downloaded newer image for panubo/sshd:1.3.0
> Starting SSHD
>> Generating new host keys
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519 
>>> Fingerprints for dsa host key
1024 MD5:29:95:27:16:ef:3f:af:1e:d5:b6:86:6e:b0:89:df:ab root@61781a3d94e2 (DSA)
1024 SHA256:eWsck6FmKILAP8mMeUR8Jnp28TcBv+W0vnKk+xMJhTE root@61781a3d94e2 (DSA)
1024 SHA512:5dXRm1aVQX2poLJ7hPhFFpZFic/QI0laVxwDNnsSIeUTEq44nV+8aav6eubrSj5tXAbgj2XxPgPS6T0l7fIgwg root@61781a3d94e2 (DSA)
>>> Fingerprints for rsa host key
3072 MD5:85:b0:01:0f:f9:47:28:b7:b0:32:60:b2:be:66:23:30 root@61781a3d94e2 (RSA)
3072 SHA256:s4DzmgeWnv6a4118Kd19oDwXmC/K6bIItwXq6hNkwrc root@61781a3d94e2 (RSA)
3072 SHA512:pVK+uVaWaniJtaPhskyWa34p0fz6rRk0MU2m3D+LZv48ktrpMU+8TgGS71mdwiIFAJ16YyH80e45M4PLRakETQ root@61781a3d94e2 (RSA)
>>> Fingerprints for ecdsa host key
256 MD5:e7:fb:23:0d:c1:d7:a8:b7:a4:79:b0:5e:91:e6:0f:0e root@61781a3d94e2 (ECDSA)
256 SHA256:mwO3wASqnjkevkfXl8D2z85NitLB9XdXXKo/rmU/7HA root@61781a3d94e2 (ECDSA)
256 SHA512:YZrMtInzNv9IGfCn25EJV1WOKiJyneF+7rI2cAyRVceN5di21JiDe2TxCuW7xq0x+6ihPJlBywVJTCWgo+gYsQ root@61781a3d94e2 (ECDSA)
>>> Fingerprints for ed25519 host key
256 MD5:4e:7a:03:8f:2d:ea:28:9d:f8:ef:59:10:f2:66:a3:a3 root@61781a3d94e2 (ED25519)
256 SHA256:U/7dFj0abcjyIz5hXKuoNlQuYsFCdR5QL9LYj8HS1WM root@61781a3d94e2 (ED25519)
256 SHA512:pw/II/DaikEQCk86UpIJfncFUfHi09zAAZpRQzMJltDWT4XjLDHCSdZ3uzR4DGJPR9A89a135V8oYhWLLR6SpQ root@61781a3d94e2 (ED25519)
WARNING: No SSH authorized_keys found!
>> Unlocking root account
WARNING: password authentication enabled.
>> Running: /etc/entrypoint.d/setpasswd.sh
Running /usr/sbin/sshd -D -e -f /etc/ssh/sshd_config
Server listening on 0.0.0.0 port 22.
Server listening on :: port 22.
Connection closed by 172.17.0.1 port 58124 [preauth]
Failed password for root from 172.17.0.1 port 58128 ssh2
Failed password for root from 172.17.0.1 port 58128 ssh2
Failed password for root from 172.17.0.1 port 58128 ssh2

But as indicated with last trace, it is impossible to log with ssh with root user.... password is not accepted....

With SFTP_MODE set to false (default) connections work fine. When set true it takes around 5 minutes to connect after the connection has been accepted. Also docker stats shows abnormally high cpu usage when trying to connect. The docker logs show no warnings or error messages when connecting.

Here is my docker-compose:

sftp:
    image: panubo/sshd
    restart: always
    env_file:
      - sftp.env
    volumes:
      - sftp-web-data:/public
      - ./setpasswd.sh:/etc/entrypoint.d/setpasswd.sh
      - ./id_rsa.pub:/etc/authorized_keys/user1:ro
    ports:
      - "2222:22"

And sftp.env:

SFTP_MODE=true
SFTP_CHROOT="/public"

#change password in setpassword.sh
SSH_USERS=user1:1000:1000
SSH_ENABLE_PASSWORD_AUTH=true

Any help would be appreciated!

If I create new users and add ~[USERNAME]/.ssh files for them in the Dockerfile, I can't seem to figure out how to modify entry.sh in a way that allows me to ssh into them properly. As of now, I can ssh but I immediately get disconnected. This is what I see:

tux@localhost's password: 
Welcome to Alpine!

The Alpine Wiki contains a large amount of how-to guides and general
information about administrating Alpine systems.
See <http://wiki.alpinelinux.org>.

You can setup the system with the command: setup-alpine

You may change this message by editing /etc/motd.

Connection to localhost closed.

My fork of this repo contains the base code I'm working with.

Hi.

In my environment, I'm extending this image to build my custom Jenkins slave image for the purpose of validating OpenAPI spec. My Docker file looks like this:

FROM panubo/sshd

RUN apk add --update nodejs-npm \
  && npm install -g [email protected] \
  && npm install -g json-merger

I'm forced to use swagger-cli 2.2.1 because starting from swagger-cli 2.2.2, there's an issue of too old version of nodejs which is (as I guess) the last available version for alpine 3.6, which this image is extending from:

Are there any plans to upgrade alpine dependency to the newest version (3.10.1 as of writing this post)?

/files/etc/ssh/sshd_config/AllowTCPForwarding no

Unable to forward TCP

Can you create tags (and builds for them in https://hub.docker.com/r/panubo/sshd/)
I'm looking to use the container, but generally don't like rolling tags like "latest" as unexpected changes can happen.
Can you both tag commits every now and again, and also create builds on dockerhub so when you tag commits here it produces appropriate tags there?

Thanks

Hi,

I set GATEWAY_PORTS=true, my reverse port forwarding only listen in localhost (127.0.0.1).
I edit /etc/ssh/sshd_config in container, setting GatewayPorts yes and works my reverse port forwarding.

Pls fix this issue :D