No Description

Fabian Peter Hammerle ec728a8641 upgrade openssh server package v8.6_p1-r{2->3} (CVE-2021-41617) 2 years ago
.github deacabf238 build(deps): bump docker/setup-buildx-action from 1.5.1 to 1.6.0 2 years ago
CHANGELOG.md fbc6339e09 release v2.0.1 2 years ago
Dockerfile ec728a8641 upgrade openssh server package v8.6_p1-r{2->3} (CVE-2021-41617) 2 years ago
Makefile affd28a1bd added makefile to facilitate building, tagging & pushing container images 3 years ago
README.md 09e42367e0 readme: update docker-compose section (amendment to commit 938ea0f6aa997ac715dc32617aca5fa6d331c618) 3 years ago
docker-compose.yml 938ea0f6aa authorize public keys in env var SSH_CLIENT_PUBLIC_KEYS (instead of mounting /home/dump/.ssh/authorized_keys) 3 years ago
entrypoint.sh 3019db1bdc entrypoint: unset no longer needed MYSQLDUMP_ARGS variable 3 years ago
mariadb-client-package-log.url 8093da022f upgrade alpine base image v3.12 -> v13.4 including openssh-server package upgrade v8.3_p1-r0 -> v8.4_p1-r3 & mariadb-client package upgrade v10.4.13-r0 -> v10.5.8-r0 (diff links below) 3 years ago
openssh-package-log.url 8093da022f upgrade alpine base image v3.12 -> v13.4 including openssh-server package upgrade v8.3_p1-r0 -> v8.4_p1-r3 & mariadb-client package upgrade v10.4.13-r0 -> v10.5.8-r0 (diff links below) 3 years ago
openssh-release-notes.url ec728a8641 upgrade openssh server package v8.6_p1-r{2->3} (CVE-2021-41617) 2 years ago
rsnapshot.conf.example 0565874cd8 listen on port 2200 for consistency among personal projects (previously 2222) 3 years ago
sshd_config b648c76350 dockerfile: rename build argument OPENSSH_PACKAGE_VERSION to OPENSSH_SERVER_PACKAGE_VERSION for consistency 3 years ago

README.md

docker: openssh-server invoking mysqldump 💾 🐳

Create logical backups of mariadb and mysql databases via SSH.

Whenever a SSH client connects mysqldump will be executed.

Useful to fetch backups via rsnapshot. See rsnapshot.conf.example.

$ sudo docker run --rm --name mysqldump_ssh \
    -p 2200:2200 \
    -e SSH_CLIENT_PUBLIC_KEYS="$(cat ~/.ssh/id_*.pub)" \
    --tmpfs /home/dump/.ssh:mode=1777,size=16k \
    -e MYSQLDUMP_ARGS='--host=dbhost --user=dbuser --password=dbpass --all-databases' \
    --read-only --security-opt=no-new-privileges --cap-drop=ALL \
    docker.io/fphammerle/mysqldump-sshd
$ ssh -p 2200 -T dump@localhost
-- MariaDB dump 10.17  Distrib 10.4.10-MariaDB, for Linux (x86_64)
--
-- Host: database    Database: demo
-- ------------------------------------------------------
[…]

Git tags docker/* contain signed docker image digests: https://github.com/fphammerle/docker-mysqldump-sshd/tags

⚠️ MYSQLDUMP_ARGS=--password=... leaks the password to other users on the same machine, if /proc is mounted with hidepid=0 (default).

Docker Compose 🐙

  1. git clone https://github.com/fphammerle/docker-mysqldump-sshd
  2. cd docker-mysqldump-sshd
  3. Adapt SSH_CLIENT_PUBLIC_KEYS and MYSQLDUMP_ARGS in docker-compose.yml.
  4. docker-compose up --build