Skip to content

bingzhilanmo-bowen/containerssh

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

106 Commits
.docs-theme
.docs-theme
 
 
.github
.github
 
 
auth
auth
 
 
backend
backend
 
 
cmd
cmd
 
 
config
config
 
 
docs
docs
 
 
example
example
 
 
features
features
 
 
http
http
 
 
log
log
 
 
protocol
protocol
 
 
ssh
ssh
 
 
test
test
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
.goreleaser.yaml
.goreleaser.yaml
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Dockerfile.goreleaser
Dockerfile.goreleaser
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
config.example.yaml
config.example.yaml
 
 
containerssh.service
containerssh.service
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
godogs_test.go
godogs_test.go
 
 
golicense.json
golicense.json
 
 
main.py
main.py
 
 
mkdocs.yml
mkdocs.yml
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

ContainerSSH: An SSH server that launches containers

Documentation: available GitHub Workflow Status GitHub release (latest SemVer) Docker Image Size (latest by date) Go Report Card LGTM Alerts GitHub

This is a Proof of Concept SSH server written in Go that sends any shell directly into a Docker container or Kubernetes pod instead of launching it on a local machine. It uses an HTTP microservice as an authentication endpoint for SSH connections.

What is this?

This is an SSH server that launches containers for every incoming connection. You can run it on the host or in a container. It needs two things: an authentication server and access to your container environment.

Animation: SSH-ing into this SSH server lands you in a container where you can't access the network and you can't see any processes.

Quick start

This is a quick start guide to get a test server up and running in less than 5 minutes with docker-compose.

To run it grab all files from the example directory and run docker-compose build followed by docker-compose up in that directory. This will run the SSH server on your local machine on port 2222. You can log in with any password using the user "foo" to get an Ubuntu image and "busybox" to get a Busybox image.

Use cases

  • Web hosting: Imagine user A has access to site X and Y, user B has access to site Y and Z. You can use ContainerSSH to mount the appropriate sites for the SSH session.
  • Practicing environments: Launch dummy containers for practice environment.
  • Honeypot: Let attackers into an enclosed environment and observe them.

How does it work?

+------+        +--------------+   2.   +-------------------+
|      |        |              | -----> |    Auth server    |
|      |        |              |        +-------------------+
|      |        |              |   
|      |   1.   |              |   3.   +-------------------+
| User | -----> | ContainerSSH | -----> |   Config server   |
|      |        |              |        +-------------------+
|      |        |              |   
|      |        |              |   4.   +-------------------+
|      |        |              | -----> | Container Backend |
+------+        +--------------+        +-------------------+
  1. The user opens an SSH connection to ContainerSSH.
  2. ContainerSSH calls the authentication server with the users username and password/pubkey to check if its valid.
  3. ContainerSSH calls the config server to obtain backend location and configuration (if configured)
  4. ContainerSSH calls the container backend to launch the container with the specified configuration. All input from the user is sent directly to the backend, output from the container is sent to the user.

Curious? Learn more about how this works in my blog post.

Installing & Using / Documentation

If you are ready to give it a go head over to the documentation page.

About

ContainerSSH: An SSH server that launches containers

projects.pasztor.at/containerssh/

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

No packages published

Languages

  • Go 97.6%
  • HTML 1.1%
  • Other 1.3%