{"id":15753758,"url":"https://github.com/dmotte/docker-portmap-server","last_synced_at":"2025-03-13T15:32:59.585Z","repository":{"id":116427587,"uuid":"353821397","full_name":"dmotte/docker-portmap-server","owner":"dmotte","description":"🐳 Docker image with an OpenSSH server that can be used for remote port forwarding only","archived":false,"fork":false,"pushed_at":"2024-08-25T14:34:08.000Z","size":79,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-05T07:41:54.598Z","etag":null,"topics":["docker","docker-compose","docker-image","dockerfile","expose","forward","forwarding","openssh","port","port-forwarding","portmap","private-key","remote","server","ssh","ssh-server","sshd","tcp","tunnel"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/dmotte/portmap-server","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dmotte.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-04-01T20:40:08.000Z","updated_at":"2024-08-25T14:33:59.000Z","dependencies_parsed_at":null,"dependency_job_id":"106f69e6-c412-4e41-91f9-797d4cb16bab","html_url":"https://github.com/dmotte/docker-portmap-server","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmotte%2Fdocker-portmap-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmotte%2Fdocker-portmap-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmotte%2Fdocker-portmap-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmotte%2Fdocker-portmap-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dmotte","download_url":"https://codeload.github.com/dmotte/docker-portmap-server/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221384193,"owners_count":16809942,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","docker-compose","docker-image","dockerfile","expose","forward","forwarding","openssh","port","port-forwarding","portmap","private-key","remote","server","ssh","ssh-server","sshd","tcp","tunnel"],"created_at":"2024-10-04T07:41:56.896Z","updated_at":"2024-10-25T04:20:31.309Z","avatar_url":"https://github.com/dmotte.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# docker-portmap-server\n\n![icon](icon-149.png)\n\n[![GitHub main workflow](https://img.shields.io/github/actions/workflow/status/dmotte/docker-portmap-server/main.yml?branch=main\u0026logo=github\u0026label=main\u0026style=flat-square)](https://github.com/dmotte/docker-portmap-server/actions)\n[![Docker Pulls](https://img.shields.io/docker/pulls/dmotte/portmap-server?logo=docker\u0026style=flat-square)](https://hub.docker.com/r/dmotte/portmap-server)\n\nThis is a :whale: **Docker image** containing an **OpenSSH server** that can be used for **remote port forwarding** only.\n\nIt is meant to act as a server for the [dmotte/portmap-client](https://github.com/dmotte/docker-portmap-client) image, but should work with any OpenSSH client.\n\nIf you want a **rootless** version of this image, check out [dmotte/docker-portmap-server-rootless](https://github.com/dmotte/docker-portmap-server-rootless).\n\n\u003e :package: This image is also on **Docker Hub** as [`dmotte/portmap-server`](https://hub.docker.com/r/dmotte/portmap-server) and runs on **several architectures** (e.g. amd64, arm64, ...). To see the full list of supported platforms, please refer to the [`.github/workflows/main.yml`](.github/workflows/main.yml) file. If you need an architecture which is currently unsupported, feel free to open an issue.\n\n## Usage\n\n\u003e **Note**: this Docker image uses **unprivileged users** to perform the remote port forwarding stuff. As a result, it will only be possible to use **port numbers \u003e 1024**. However this is not a problem at all, since you can still leverage the **Docker port exposure feature** to bind to any port you want on your host (e.g. `-p \"80:8080\"`).\n\nThe first thing you need are **host keys** for the OpenSSH server. You can generate them with the following commands:\n\n```bash\nmkdir -p hostkeys/etc/ssh\nssh-keygen -Af hostkeys\nmv -thostkeys hostkeys/etc/ssh/*\nrm -r hostkeys/etc\n```\n\nThis creates a folder named :file_folder: `hostkeys` which has to be mounted to `/ssh-host-keys` inside the container. If you omit this step, the startup script will generate the host keys internally and try to copy them to `/ssh-host-keys`.\n\nThen you'll have to generate an **SSH key pair** for each client. For example:\n\n```bash\nssh-keygen -t ed25519 -C myclient -N '' -f myclientkey\n```\n\nThis will create two files:\n\n- :page_facing_up: `myclientkey`: the client's **private** SSH key, which should be given to the client\n- :page_facing_up: `myclientkey.pub`: the client's **public** SSH key, which is used by the OpenSSH server running inside the container to authenticate the client\n\nThis image supports **multiple users** and **permissions** on [which ports can be bound](https://man.openbsd.org/sshd_config#PermitListen) by the users. For each user you have to:\n\n- Specify the username and permissions in the container **command** (mandatory). Example for two users: `alice:8001,8002 bob:any`\n- Mount the SSH public client key(s) to `/ssh-client-keys/myuser/myclientkey.pub`. If you don't do this, a keypair will be generated and put into the `/ssh-client-keys/myuser` directory\n\n\u003e **Note**: you can also specify [key options](https://man.openbsd.org/OpenBSD-current/man8/sshd.8#AUTHORIZED_KEYS_FILE_FORMAT) in the public key file, e.g. `permitlisten=\"8080\" ssh-ed25519 AAAAC3Nza...`\n\nWhen you have everything ready, you can start the server with:\n\n```bash\ndocker run -it --rm \\\n    -v \"$PWD/hostkeys:/ssh-host-keys\" \\\n    -v \"$PWD/myclientkey.pub:/ssh-client-keys/myuser/myclientkey.pub:ro\" \\\n    -p80:8080 -p2222:22 \\\n    dmotte/portmap-server myuser:8080\n```\n\nTo test the server on-the-fly, you can connect to it and setup a remote port forwarding tunnel, by running the following OpenSSH command in another shell:\n\n```bash\nssh -i myclientkey myuser@localhost -p2222 -NvR8080:google.it:80\n```\n\nThis will serve `http://google.it/` on port `8080` of the server container, which is exposed to port `80` of your host machine due to the `-p 80:8080` docker run flag specified before. Note that, for this to work, the `myclientkey` must have **`600` permissions**. If this isn't the case, you can achieve it with:\n\n```bash\nchmod 600 myclientkey\n```\n\nYou can now test that your remote port forwarding tunnel is working with _cURL_:\n\n```bash\ncurl http://localhost/\n```\n\nFor a more complex example, refer to the [`docker-compose.yml`](docker-compose.yml) file.\n\n### Environment variables\n\nList of supported **environment variables**:\n\n| Variable             | Required         | Description                                                      |\n| -------------------- | ---------------- | ---------------------------------------------------------------- |\n| `KEEPALIVE_INTERVAL` | No (default: 30) | Value for the `ClientAliveInterval` option of the OpenSSH server |\n\n## Development\n\nIf you want to contribute to this project, you can use the following one-liner to **rebuild the image** and bring up the **Docker-Compose stack** every time you make a change to the code:\n\n```bash\ndocker-compose down \u0026\u0026 docker-compose up --build\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdmotte%2Fdocker-portmap-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdmotte%2Fdocker-portmap-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdmotte%2Fdocker-portmap-server/lists"}