No Description

dependabot[bot] ca0c0ec102 build(deps): bump docker/setup-buildx-action from 1.7.0 to 2.0.0 2 weeks ago
.github ca0c0ec102 build(deps): bump docker/setup-buildx-action from 1.7.0 to 2.0.0 2 weeks ago fbc6339e09 release v2.0.1 11 months ago
Dockerfile 99168291e5 build(deps): bump alpine from 3.15.3 to 3.15.4 1 month ago
Makefile affd28a1bd added makefile to facilitate building, tagging & pushing container images 1 year ago 09e42367e0 readme: update docker-compose section (amendment to commit 938ea0f6aa997ac715dc32617aca5fa6d331c618) 1 year ago
docker-compose.yml 938ea0f6aa authorize public keys in env var SSH_CLIENT_PUBLIC_KEYS (instead of mounting /home/dump/.ssh/authorized_keys) 1 year ago 3019db1bdc entrypoint: unset no longer needed MYSQLDUMP_ARGS variable 1 year ago
mariadb-client-package-log.url d3e8893ed5 upgrade alpine base image to v3.15.0 including upgrade of mariadb-client package to v10.6.4-r1 and openssh-server package (see below) 5 months ago
openssh-package-log.url 8093da022f upgrade alpine base image v3.12 -> v13.4 including openssh-server package upgrade v8.3_p1-r0 -> v8.4_p1-r3 & mariadb-client package upgrade v10.4.13-r0 -> v10.5.8-r0 (diff links below) 1 year ago
openssh-release-notes.url ec728a8641 upgrade openssh server package v8.6_p1-r{2->3} (CVE-2021-41617) 7 months ago
rsnapshot.conf.example 0565874cd8 listen on port 2200 for consistency among personal projects (previously 2222) 1 year ago
sshd_config b648c76350 dockerfile: rename build argument OPENSSH_PACKAGE_VERSION to OPENSSH_SERVER_PACKAGE_VERSION for consistency 1 year ago

docker: openssh-server invoking mysqldump 💾 🐳

Create logical backups of mariadb and mysql databases via SSH.

Whenever a SSH client connects mysqldump will be executed.

Useful to fetch backups via rsnapshot. See rsnapshot.conf.example.

$ sudo docker run --rm --name mysqldump_ssh \
    -p 2200:2200 \
    -e SSH_CLIENT_PUBLIC_KEYS="$(cat ~/.ssh/id_*.pub)" \
    --tmpfs /home/dump/.ssh:mode=1777,size=16k \
    -e MYSQLDUMP_ARGS='--host=dbhost --user=dbuser --password=dbpass --all-databases' \
    --read-only --security-opt=no-new-privileges --cap-drop=ALL \
$ ssh -p 2200 -T dump@localhost
-- MariaDB dump 10.17  Distrib 10.4.10-MariaDB, for Linux (x86_64)
-- Host: database    Database: demo
-- ------------------------------------------------------

Git tags docker/* contain signed docker image digests:

⚠️ MYSQLDUMP_ARGS=--password=... leaks the password to other users on the same machine, if /proc is mounted with hidepid=0 (default).

Docker Compose 🐙

  1. git clone
  2. cd docker-mysqldump-sshd
  3. Adapt SSH_CLIENT_PUBLIC_KEYS and MYSQLDUMP_ARGS in docker-compose.yml.
  4. docker-compose up --build