5 years ago · b533f34636
--- a/Dockerfile
+++ b/Dockerfile
@@ -0,0 +1,18 @@
 
				+FROM arm32v6/alpine:3.8
			
 
				+
			
 
				+RUN apk add --no-cache openssh-client
			
 
				+
			
 
				+COPY entrypoint.sh /
			
 
				+RUN chmod a+rx /entrypoint.sh
			
 
				+ENTRYPOINT ["/entrypoint.sh"]
			
 
				+
			
 
				+COPY ssh_config /etc/ssh/ssh_config
			
 
				+RUN chmod a=r /etc/ssh/ssh_config
			
 
				+
			
 
				+RUN adduser -S tunnel
			
 
				+COPY known_hosts /home/tunnel/.ssh/known_hosts
			
 
				+RUN chown tunnel /home/tunnel/.ssh/known_hosts
			
 
				+USER tunnel
			
 
				+
			
 
				+ENV BIND_ADDRESS bind-address
			
 
				+CMD ssh -T -R $BIND_ADDRESS:22:$DOCKER_HOST_ADDRESS:22 serveo.net
			
--- a/README.md
+++ b/README.md
@@ -0,0 +1,17 @@
 
				+# docker: ssh remote forwarding
			
 
				+
			
 
				+## forward tcp port 22/ssh
			
 
				+
			
 
				+```sh
			
 
				+$ docker run --rm -e BIND_ADDRESS=host-alias fphammerle/ssh-remote-forwarding
			
 
				++ exec /bin/sh -c 'ssh -T -R $BIND_ADDRESS:22:$DOCKER_HOST_ADDRESS:22 serveo.net'
			
 
				+Hi there
			
 
				+Authenticated to serveo.net ([159.89.214.31]:22).
			
 
				+Forwarding SSH traffic from alias "host-alias"
			
 
				+```
			
 
				+
			
 
				+### connect via jump host
			
 
				+
			
 
				+```sh
			
 
				+$ ssh -J serveo.net host-alias
			
 
				+```
			
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -0,0 +1,8 @@
 
				+#!/bin/sh
			
 
				+set -e
			
 
				+
			
 
				+export DOCKER_HOST_ADDRESS="$(ip route show default | grep default | cut -d ' ' -f 3)"
			
 
				+
			
 
				+set -x
			
 
				+
			
 
				+exec "$@"
			
--- a/known_hosts
+++ b/known_hosts
@@ -0,0 +1 @@
 
				+serveo.net,159.89.214.31 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDxYGqSKVwJpQD1F0YIhz+bd5lpl7YesKjtrn1QD1RjQcSj724lJdCwlv4J8PcLuFFtlAA8AbGQju7qWdMN9ihdHvRcWf0tSjZ+bzwYkxaCydq4JnCrbvLJPwLFaqV1NdcOzY2NVLuX5CfY8VTHrps49LnO0QpGaavqrbk+wTWDD9MHklNfJ1zSFpQAkSQnSNSYi/M2J3hX7P0G2R7dsUvNov+UgNKpc4n9+Lq5Vmcqjqo2KhFyHP0NseDLpgjaqGJq2Kvit3QowhqZkK4K77AA65CxZjdDfpjwZSuX075F9vNi0IFpFkGJW9KlrXzI4lIzSAjPZBURhUb8nZSiPuzj
			
--- a/ssh_config
+++ b/ssh_config
@@ -0,0 +1,20 @@
 
				+Protocol 2
			
 
				+
			
 
				+LogLevel VERBOSE
			
 
				+
			
 
				+# https://cipherli.st/
			
 
				+# disable sha1 & nist
			
 
				+KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
			
 
				+# disable des; use >= 128 bits
			
 
				+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
			
 
				+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
			
 
				+
			
 
				+StrictHostKeyChecking yes
			
 
				+
			
 
				+PasswordAuthentication no
			
 
				+ChallengeResponseAuthentication no
			
 
				+
			
 
				+ExitOnForwardFailure yes
			
 
				+
			
 
				+# https://security.stackexchange.com/questions/110639/how-exploitable-is-the-recent-useroaming-ssh-problem
			
 
				+UseRoaming no