Fabian Peter Hammerle b73e54b98f upgrade openssh-server package from v9.1_p1-r1 to v9.1_p1-r2 (double free patch) | 1 year ago | |
---|---|---|
.github | 1 year ago | |
CHANGELOG.md | 1 year ago | |
Dockerfile | 1 year ago | |
Makefile | 3 years ago | |
README.md | 3 years ago | |
docker-compose.yml | 3 years ago | |
entrypoint.sh | 3 years ago | |
openssh-package-log.url | 1 year ago | |
openssh-release-notes.url | 3 years ago | |
sshd_config | 1 year ago |
Single-user OpenSSH server restricted to SFTP access
$ sudo docker run --name sftpd \
-v ssh_host_keys:/etc/ssh/host_keys:rw \
-v /somewhere:/data:rw \
--tmpfs /home/nonroot/.ssh,size=16k \
-p 2200:2200 \
-e SSH_CLIENT_PUBLIC_KEYS="$(cat ~/.ssh/id_*.pub)" \
--read-only --security-opt=no-new-privileges \
--cap-drop=ALL --cap-add SETUID --cap-add SETGID --cap-add SYS_CHROOT \
docker.io/fphammerle/sftpd
$ sshfs -p 2200 nonroot@localhost:/ /mount/point
sudo docker
may be replaced with podman
.
Pre-built docker images are available at https://hub.docker.com/r/fphammerle/sftpd/tags (mirror: https://quay.io/repository/fphammerle/sftpd?tab=tags)
Annotation of signed git tags docker/*
contains docker image digests: https://github.com/fphammerle/docker-sftpd/tags
Detached signatures of images are available at https://github.com/fphammerle/container-image-sigstore
(exluding automatically built latest
tag).
git clone https://github.com/fphammerle/docker-sftpd
SSH_CLIENT_PUBLIC_KEYS
in docker-compose.ymldocker-compose up --build