Acasă Explorează Ajutor
Autentificare
fphammerle
/
docker-ssh-remote-forwarding
1
0
Bifurcare 0
Fisiere Probleme 0 Trageți solicitările 0 Wiki
Răsfoiți Sursa

forward tcp port 22 of docker host to serveo.net

Fabian Peter Hammerle 6 ani în urmă
comite
b533f34636
5 a modificat fișierele cu 64 adăugiri și 0 ștergeri
Vedere unificată Arată Statisticile Diff
  1. 18 0
      Dockerfile
  2. 17 0
      README.md
  3. 8 0
      entrypoint.sh
  4. 1 0
      known_hosts
  5. 20 0
      ssh_config

+ 18 - 0
Dockerfile
Vizualizați fișierul 

@@ -0,0 +1,18 @@
 
+FROM arm32v6/alpine:3.8
 
+
 
+RUN apk add --no-cache openssh-client
 
+
 
+COPY entrypoint.sh /
 
+RUN chmod a+rx /entrypoint.sh
 
+ENTRYPOINT ["/entrypoint.sh"]
 
+
 
+COPY ssh_config /etc/ssh/ssh_config
 
+RUN chmod a=r /etc/ssh/ssh_config
 
+
 
+RUN adduser -S tunnel
 
+COPY known_hosts /home/tunnel/.ssh/known_hosts
 
+RUN chown tunnel /home/tunnel/.ssh/known_hosts
 
+USER tunnel
 
+
 
+ENV BIND_ADDRESS bind-address
 
+CMD ssh -T -R $BIND_ADDRESS:22:$DOCKER_HOST_ADDRESS:22 serveo.net

+ 17 - 0
README.md
Vizualizați fișierul 

@@ -0,0 +1,17 @@
 
+# docker: ssh remote forwarding
 
+
 
+## forward tcp port 22/ssh
 
+
 
+```sh
 
+$ docker run --rm -e BIND_ADDRESS=host-alias fphammerle/ssh-remote-forwarding
 
++ exec /bin/sh -c 'ssh -T -R $BIND_ADDRESS:22:$DOCKER_HOST_ADDRESS:22 serveo.net'
 
+Hi there
 
+Authenticated to serveo.net ([159.89.214.31]:22).
 
+Forwarding SSH traffic from alias "host-alias"
 
+```
 
+
 
+### connect via jump host
 
+
 
+```sh
 
+$ ssh -J serveo.net host-alias
 
+```

+ 8 - 0
entrypoint.sh
Vizualizați fișierul 

@@ -0,0 +1,8 @@
 
+#!/bin/sh
 
+set -e
 
+
 
+export DOCKER_HOST_ADDRESS="$(ip route show default | grep default | cut -d ' ' -f 3)"
 
+
 
+set -x
 
+
 
+exec "$@"

+ 1 - 0
known_hosts
Vizualizați fișierul 

@@ -0,0 +1 @@
 
+serveo.net,159.89.214.31 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDxYGqSKVwJpQD1F0YIhz+bd5lpl7YesKjtrn1QD1RjQcSj724lJdCwlv4J8PcLuFFtlAA8AbGQju7qWdMN9ihdHvRcWf0tSjZ+bzwYkxaCydq4JnCrbvLJPwLFaqV1NdcOzY2NVLuX5CfY8VTHrps49LnO0QpGaavqrbk+wTWDD9MHklNfJ1zSFpQAkSQnSNSYi/M2J3hX7P0G2R7dsUvNov+UgNKpc4n9+Lq5Vmcqjqo2KhFyHP0NseDLpgjaqGJq2Kvit3QowhqZkK4K77AA65CxZjdDfpjwZSuX075F9vNi0IFpFkGJW9KlrXzI4lIzSAjPZBURhUb8nZSiPuzj

+ 20 - 0
ssh_config
Vizualizați fișierul 

@@ -0,0 +1,20 @@
 
+Protocol 2
 
+
 
+LogLevel VERBOSE
 
+
 
+# https://cipherli.st/
 
+# disable sha1 & nist
 
+KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
 
+# disable des; use >= 128 bits
 
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
 
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
 
+
 
+StrictHostKeyChecking yes
 
+
 
+PasswordAuthentication no
 
+ChallengeResponseAuthentication no
 
+
 
+ExitOnForwardFailure yes
 
+
 
+# https://security.stackexchange.com/questions/110639/how-exploitable-is-the-recent-useroaming-ssh-problem
 
+UseRoaming no