Reverse ssh proxy
JoramQ opened this issue · 3 comments
I'm trying to create a reverse ssh proxy server to connect to devices behind a nat or firewall. In order to do that I needed to be able to connect with ssh to the docker container to create an ssh tunnel. I've done the following:
FROM farmer1992/sshpiperd:latest
RUN apt-get update && apt-get install -y openssh-server
RUN useradd -ms /bin/bash cuser
RUN echo 'cuser:randompassword' | chpasswd
RUN mkdir /var/run/sshd
RUN sed -ri 's/UsePAM yes/#UsePAM yes/g' /etc/ssh/sshd_config
RUN echo "UseDNS no" >> /etc/ssh/sshd_config
EXPOSE 22
CMD /usr/sbin/sshd && /entrypoint.sh /go/bin/sshpiperd
On the client I need a constant connection to the sshpiper server:
ssh -o StrictHostKeyChecking=no -N -R22002:localhost:22 cuser@address_of_sshpiper -p22001
In the config I'm using
username@localhost:22002
Its working so that is good, but is this the correct way of doing this? I'm not a docker/linux expert yet and the only thing I don't like is that the user on the sshpiper container needs a password otherwise I cannot create the ssh tunnel.
I dont think you need sshpiper to do this
you can just use sshd without having sshpiper to redirect traffic to sshd
ssh -o StrictHostKeyChecking=no -N -R22002:localhost:22 cuser@container_with_ssd -p22001
for sshd without password, please see / google something like below
https://www.ssh.com/ssh/public-key-authentication
Ofcourse I don't need sshpiper but I really like that I can now make a direct connection from my desktop to any client by just changing the username.
I do use the key authentication but the account requires a password otherwise the key authentication also doesn't work.
please put id_rsa (private key) to sshd and and authorized_keys (client publickey) in your working dir to make sshpiper auth with key