openssh-server restricted to rsync 🐳 https://hub.docker.com/r/fphammerle/rsync-sshd

Fabian Peter Hammerle c10f268c3e upgrade rsync packages from v3.2.7-r3 to v3.2.7-r4 (fixes exec bit of rrsync) 10 months ago
.github 2cd0c143f2 build(deps): bump docker/setup-buildx-action from 2.4.1 to 2.5.0 (#46) 1 year ago
CHANGELOG.md 74373c36a9 sshd: no longer accept RSA keys < 2048 bits for authentication 1 year ago
Dockerfile c10f268c3e upgrade rsync packages from v3.2.7-r3 to v3.2.7-r4 (fixes exec bit of rrsync) 10 months ago
Makefile c820e72c7e makefile: fix image name 3 years ago
README.md a3de54ab7e readme: added required capabilities 3 years ago
docker-compose.yml b8fe5c6c3d added docker-compose.yml for testing 3 years ago
entrypoint.sh 74b7d04201 replace `passwd -u` to avoid empty passwords 4 years ago
openssh-package-log.url d2ebc22ee3 upgrade alpine base image from v3.17.3 to v3.18.0 including upgrade of rsync & rrsync package from v3.2.7-r0 to v3.2.7-r3 (enables xxhash) & openssh-server package from v9.1_p1-r2 to v9.3_p1-r3 (see below) 10 months ago
openssh-release-notes.url 8a2ce05b08 upgrade openssh server package v8.6_p1-r{2->3} (CVE-2021-41617) 2 years ago
rsnapshot.conf.example 1f5a5417ab restrict ssh access via rrsync 5 years ago
rsync-changelog.url 7a4ff9062b upgrade rsync & rrsync package to v3.2.4-r1 1 year ago
sshd_config 74373c36a9 sshd: no longer accept RSA keys < 2048 bits for authentication 1 year ago

README.md

docker: openssh-server restricted to rsync 🐳

repo: https://github.com/fphammerle/docker-rsync-sshd

docker hub: https://hub.docker.com/r/fphammerle/rsync-sshd

SSH clients are restricted to rsync --server commands via rrsync.

rrsync prefixes /data to all paths (e.g., rsync ... host:/src /backup downloads /data/src).

example 1

$ docker run --name=rsync-sshd -p 2022:22 -e USERS=alice,bob -v rsync-data:/data:ro fphammerle/rsync-sshd
$ docker cp alice-keys rsync-sshd:/home/alice/.ssh/authorized_keys
$ docker cp bob-keys rsync-sshd:/home/bob/.ssh/authorized_keys

example 2

$ docker run --name rsync-sshd \
    --publish 2022:22 --env USERS=alice,bob \
    --volume accessible-data:/data:ro \
    --volume host-keys:/etc/ssh/host_keys \
    --volume alice-ssh-config:/home/alice/.ssh:ro \
    --volume bob-ssh-config:/home/bob/.ssh:ro \
    --init --rm \
    fphammerle/rsync-sshd
$ rsync -av --rsh='ssh -p 2022' alice@localhost:/source /target

required capabilities:

  • NET_BIND_SERVICE
  • SETGID
  • SETUID
  • SYS_CHROOT