{"id":19499730,"url":"https://github.com/apsl/sshail","last_synced_at":"2025-10-26T23:04:37.865Z","repository":{"id":66127074,"uuid":"105907387","full_name":"APSL/sshail","owner":"APSL","description":"SSHail is a tool to generate on-demand SSH jails for users using Docker.","archived":false,"fork":false,"pushed_at":"2018-05-11T13:31:50.000Z","size":96,"stargazers_count":6,"open_issues_count":0,"forks_count":1,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-07-26T16:45:53.827Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/APSL.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-10-05T15:30:46.000Z","updated_at":"2024-03-05T18:34:31.000Z","dependencies_parsed_at":null,"dependency_job_id":"ad7f623d-bd38-493a-8af3-afb837d1ac9a","html_url":"https://github.com/APSL/sshail","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/APSL/sshail","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/APSL%2Fsshail","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/APSL%2Fsshail/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/APSL%2Fsshail/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/APSL%2Fsshail/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/APSL","download_url":"https://codeload.github.com/APSL/sshail/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/APSL%2Fsshail/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":281185454,"owners_count":26457747,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-26T02:00:06.575Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-10T22:06:07.546Z","updated_at":"2025-10-26T23:04:37.849Z","avatar_url":"https://github.com/APSL.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Overview\n\nThis projects try to simplify the way you do a SSH jail to limit\nthe resources (software / files) that SSH users can access on a server.\n\nA `sshail` is a docker container running SSH inside and some directories\nmounted in order to limit the software and visiblilty of the user inside\nthe container, just like an SSH jail but easier to configure.\n\nAlso you can have virtual users only aviable in the sshail mapped to\nreal users outside the container so you can manipulate the files\nand permissions easy.\n\nThe sshails are destroyed daily for security and avoiding resouce exhaustion.\n\n# Usage example\n\nThe user requests a sshail to `server1.example.com`:\n\n    curl https://myuser@server1.example.com:1934/ssh\n\nIt will respond with something like:\n\n    ssh myuser@server1.example.com -p 12200 # Valid until yyyy-mm-dd hh:mm:ss\n\n\n# Install \u0026 configure\n\nFirst of all you will need `docker` installed properly on your system. Visit\nthe official documentation to do that.\n\nOn Debian based systems you can install the `debrequirements.txt` with `apt` if you\nwant to avoid installing them with pip3.\n\n    apt install $(curl https://raw.githubusercontent.com/APSL/sshail/master/debrequirements.txt | sed ':a;N;$!ba;s/\\n/ /g')\n\nOf course you can alse make a virtualenv and install `requeriments.txt`\n\nThen install sshail:\n\n    pip3 install -U git+https://github.com/APSL/sshail.git\n\nConfigure (if you want to do it automagically):\n\n    sshail --deploy # As Root\n\nThis script will:\n    - Create the /etc/sshail directory for configurations\n    - Add a user on the system called `sshail` with permissions to manage Docker\n    - Deploy a systemd configuration to start sshail with `service sshail start`\n    - Deploy a cron to kill periodically the sshails\n\nIf `sshail --deploy` does not meet your system you can do it by hand.\n\n## /etc/sshail/conf.ini\n\nThe main SSHail configuration file for general application settings.\n\n| Setting                   | Description                                         |\n|---------------------------|-----------------------------------------------------|\n| `SSHAIL_PORT`             | Port to listen the sshail HTTP API                  |\n| `SSHAIL_SSH_HOST`         | Hostname to give to the users to do the SSH command |\n| `SSHAIL_DAILY_PURGE_TIME` | Which hour should the sshails be purged             |\n| `SSHAIL_PORT_RANGE`       | Port range for the SSH to reach the sshails         |\n\n\n### Basic Example\n\n    SSHAIL_PORT=1958\n    SSHAIL_SSH_HOST=\"127.0.0.1\"\n    SSHAIL_DAILY_PURGE_TIME=\"04:00\"\n    SSHAIL_PORT_RANGE=\"12200-12299\"\n\n\n## /etc/sshail/sshails.yml\n\nAt this file you can specify a list of the enabled sshails.\n\n| Field          | Description                                                    |\n|----------------|----------------------------------------------------------------|\n| `user`         | Virutal SSH user for the container and the HTTP API            |\n| `real_user`    | Real user of the host system to inherit permissions            |\n| `basic_passwd` | Password (clear text) for the HTTP API basic auth              |\n| `user_crypt`   | Linux crypt for `/etc/shadow` for the `user` inside the sshail |\n| `virt_home`    | Where to place the home inside the contaienr (default /home/)  |\n\n### Basic Example\n\n    sshails:\n        -\n            user: mike\n            real_user: test1\n            basic_passwd: \"123\"\n            user_crypt: '$6$aOoiKGBC$Ap1U9EFSmgPqZRgrbwbvQEqFjqGlTJ5OOJ5WvVxw7WYXhDzukUETlCvyo0iPkFzIHWgNKfQ227VuBcyyyyyyyy'\n        -\n            user: bob\n            real_user: test2\n            basic_passwd: \"456\"\n            user_crypt: '$6$aOoiKkBC$Ap1U9EFSmgPqZRgrbwbvQEqFjqGlTJ5OOJ5WvVxw7WYXhDzukUETlCvyo0iPkFzIHWgNKfQ227VuBcwzzzzzzz'\n            virt_home: '/var/www/users/bob'\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapsl%2Fsshail","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fapsl%2Fsshail","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapsl%2Fsshail/lists"}