https://github.com/rcarmo/docker-ssh-bastion-armhf
A Docker container with a tailored SSH bastion
https://github.com/rcarmo/docker-ssh-bastion-armhf
armhf bastion docker ssh-server
Last synced: 4 months ago
JSON representation
A Docker container with a tailored SSH bastion
- Host: GitHub
- URL: https://github.com/rcarmo/docker-ssh-bastion-armhf
- Owner: rcarmo
- License: mit
- Created: 2017-08-21T10:39:50.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2020-09-21T19:13:33.000Z (about 5 years ago)
- Last Synced: 2025-04-07T14:51:18.263Z (6 months ago)
- Topics: armhf, bastion, docker, ssh-server
- Language: Shell
- Size: 6.84 KB
- Stars: 8
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# docker-ssh-bastion-armhf
A Docker container with a tailored SSH server, to act as a bastion host. Some of the things below can be easily tuned to your liking.
* [x] Experimental `mosh` configuration (removed because `perl` is a security risk)
* [x] set SSH client defaults to perform agent forwarding by default, as well as a few other niceties I need.
* [x] Use `bash` instead of `busybox` to reduce number of commands available (Alpine uses `busybox` for everything, and I don't want people to be able to do `busybox ls`).
* [x] Lock down capabilities to absolute minimum
* [x] Allow for a PTY (because I cannot specify a `ProxyCommand` on some mobile SSH clients and thus need to type `ssh foo` again)
* [x] Mount existing `authorized_keys` inside the container, read-only
* [x] Lock down SSH for key-based auth only
* [x] Remove unused commands, SUID files, etc