{"id":22111691,"url":"https://github.com/phx/dockerjail","last_synced_at":"2025-03-24T04:34:11.040Z","repository":{"id":121578375,"uuid":"210466621","full_name":"phx/dockerjail","owner":"phx","description":"dockerjail acts as a secure jumpbox running sshd as a non-root user.","archived":false,"fork":false,"pushed_at":"2022-01-28T17:38:51.000Z","size":157,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-29T10:33:58.210Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/phx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-09-23T22:54:27.000Z","updated_at":"2024-01-29T09:54:40.000Z","dependencies_parsed_at":null,"dependency_job_id":"a24b3910-db4e-4468-a10c-fd45711103b8","html_url":"https://github.com/phx/dockerjail","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phx%2Fdockerjail","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phx%2Fdockerjail/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phx%2Fdockerjail/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phx%2Fdockerjail/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phx","download_url":"https://codeload.github.com/phx/dockerjail/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245211872,"owners_count":20578437,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-01T10:50:34.887Z","updated_at":"2025-03-24T04:34:11.004Z","avatar_url":"https://github.com/phx.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"![dockerjail](./logo.png?raw=true)\n\n# DockerJail\n\nA secure jumpbox running sshd as a non-root user with key-based authentication.\n\nNAT port 2222 on the host to SSH with the private key generated after running install.sh.\n\n## Install via install.sh from master branch\n\n1. `git clone https://github.com/phx/dockerjail.git`\n2. `cd dockerjail \u0026\u0026 ./install.sh`\n\n(sudo will be required for some commands in the script).\n\nContainer uses key-based authentication and will only have password-based SSH access to the the host with no access to the rest of the network.\n\n## Uninstall via install.sh\n1. `git clone https://github.com/phx/dockerjail.git` (if you already deleted it).\n2. `cd dockerjail \u0026\u0026 ./install.sh remove`\n\nThis will perform a complete rollback of all of the changes made when running install.sh\n\n### Host Dependencies for install.sh:\n1. [Docker](https://github.com/oldjamey/dockerinstall) (easy unofficial-official install script for Ubuntu/Debian/Raspbian/Arch/Kali)\n2. `/bin/bash` (not `sh` -- if you want it to work with `sh`, just fork it.)\n3. `iptables`\n\n### Warnings and Limitations for install.sh:\nThis will completely lockdown the `docker0` interface, so it is not really meant to be run alongside other containers.  If you want to customize the `iptables` rules, you can do so in the `Dockerfile` before running `install.sh` or after running `install.sh` by editing `/usr/local/bin/dockerjailrules` and restarting `docker.service`.\n\n**The Docker service will be restarted during the installation process.**\n\n#### Notes about install.sh:\nYou can set the passwords of the root user and the alpine user by passing\nthe `$ROOTPASS` and `$USERPASS` environment variables if you do not wish them to be random.\n\nYou can also run `./install.sh --interactive` to be prompted for each password, which will be shown in clear text.\nThis is the suggested method if you don't have `python3` installed, which is used to create the random passwords.\n\nAdditionally, you can pass a custom CIDR range for your local network as the `$CIDR` environment variable,\nor you can specify it in `--interactive` mode if you don't want `iptables` to use the default 192.168.1.0/24 network.\n\n\n#### Usage:\n```\nUsage: ./install.sh \u003c[help | interactive | remove]\u003e\n--help          | help         | -h     Shows this help message.\n--interactive   | interactive           Allows you to set passwords (instead of random).\n--remove        | remove                Complete rollback of all changes made by install.sh.\n```\n\n## Non-intrusive pure Docker install from Dockerhub:\n***Note:*** *this is not nearly as secure, as it does require, nor implement any `iptables` rules to lockdown the container to only the host.*\n*The container will have SSH access to the host, as well as the rest of the entire local network.*\n*If you NAT, then this is basically the equivalent of just opening up SSH to the world, except locking it down with key-based access.*\n*Not entirely insecure, yet not entirely recommended for external access from the Internet.*\n*You would probably be better off running sshd with key-based access on the host and installing `fail2ban` instead.*\n\n1. `docker run --restart=always -dp 2222:2222 lphxl/dockerjail:latest`\n2. `docker exec -it dockerjail sh`\n3. `/home/alpine/regnerate_keys.sh`\n4. `exit`\n5. `docker cp dockerjail:/home/alpine/.ssh/id_rsa dockerjail.pem \u0026\u0026 chmod 400 dockerjail.pem`\n\n### Alternatively, you can build the image yourself by cloning the dev branch:\n1. `git clone --single-branch --branch dev https://github.com/phx/dockerjail.git`\n2. `cd dockerjail \u0026\u0026 docker build -t dockerjail .`\n3. `docker run -dp 2222:2222 --name dockerjail dockerjail`\n4. `docker exec -it dockerjail sh`\n5. `/home/alpine/regnerate_keys.sh`\n6. `exit`\n7. `docker cp dockerjail:/home/alpine/.ssh/id_rsa dockerjail.pem \u0026\u0026 chmod 400 dockerjail.pem`\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphx%2Fdockerjail","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphx%2Fdockerjail","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphx%2Fdockerjail/lists"}