No Description

Fabian Peter Hammerle b73e54b98f upgrade openssh-server package from v9.1_p1-r1 to v9.1_p1-r2 (double free patch) 1 year ago
.github 0b6e2369d6 Bump docker/build-push-action from 3.2.0 to 3.3.0 (#38) 1 year ago
CHANGELOG.md 02a35994a8 sshd: no longer accept RSA keys < 2048 bits for authentication 1 year ago
Dockerfile b73e54b98f upgrade openssh-server package from v9.1_p1-r1 to v9.1_p1-r2 (double free patch) 1 year ago
Makefile 64da870f82 single-user openssh ssh server restricted to sftp 3 years ago
README.md afc4bee9db added readme 3 years ago
docker-compose.yml 64da870f82 single-user openssh ssh server restricted to sftp 3 years ago
entrypoint.sh 64da870f82 single-user openssh ssh server restricted to sftp 3 years ago
openssh-package-log.url 352f8cc9ce upgrade openssh packages from v9.0_p1-r2 to v9.1_p1-r1 (see below) 1 year ago
openssh-release-notes.url b8c194bb3b upgrade openssh server package v8.6_p1-r{2->3} (CVE-2021-41617) 3 years ago
sshd_config 02a35994a8 sshd: no longer accept RSA keys < 2048 bits for authentication 1 year ago

README.md

docker: sftpd 💾 🐳 🐙

Single-user OpenSSH server restricted to SFTP access

$ sudo docker run --name sftpd \
    -v ssh_host_keys:/etc/ssh/host_keys:rw \
    -v /somewhere:/data:rw \
    --tmpfs /home/nonroot/.ssh,size=16k \
    -p 2200:2200 \
    -e SSH_CLIENT_PUBLIC_KEYS="$(cat ~/.ssh/id_*.pub)" \
    --read-only --security-opt=no-new-privileges \
    --cap-drop=ALL --cap-add SETUID --cap-add SETGID --cap-add SYS_CHROOT \
    docker.io/fphammerle/sftpd

$ sshfs -p 2200 nonroot@localhost:/ /mount/point

sudo docker may be replaced with podman.

Pre-built docker images are available at https://hub.docker.com/r/fphammerle/sftpd/tags (mirror: https://quay.io/repository/fphammerle/sftpd?tab=tags)

Annotation of signed git tags docker/* contains docker image digests: https://github.com/fphammerle/docker-sftpd/tags

Detached signatures of images are available at https://github.com/fphammerle/container-image-sigstore (exluding automatically built latest tag).

Docker Compose 🐙

  1. git clone https://github.com/fphammerle/docker-sftpd
  2. Adapt public keys to SSH_CLIENT_PUBLIC_KEYS in docker-compose.yml
  3. docker-compose up --build