This project is not in active development anymore
Usage#
Some variables will be used here:
$JUMPER_PORT
- SSH port which will be used for jumping to another hosts. As port22
most likely will be busy by system SSH daemon, we will use another port, for example10022
.$JUMPER_HOST
- host which will be used as bastion, it may be dedicated server or part of your cluster. For examples we will uselocalhost
.$JUMPER_USER
- user which will be used to login on this host, something likedeveloper
oradmin
. By default it isjumper
.
So, here is defaults:
Quick way#
Create your own image based on this image with following files:
Dockerfile
:1FROM docker.pkg.github.com/soar/sshbastion/sshbastion:latest
homefs/.ssh/authorized_keys
:Build and run your image:
Test it with commands above
Deploy it on your infrastructure
Connecting#
With port forwarding#
Establish connection to bastion-host and open local port
1ssh -N -L $LP:$TARGET_HOSTNAME:$TARGET_PORT -p $JUMPER_PORT $JUMPER_USER@$JUMPER_HOST
where:
-N
- not to try to allocate PTY-L
- local port redirection mode$LP
- local port to open (1024+
if you are not root)$TARGET_HOSTNAME
- target hostname to connect to$TARGET_PORT
- target port to connect to$JUMPER_PORT
,$JUMPER_USER
,$JUMPER_HOST
- see above
for example:
Connect via opened local port Now you can use any application forwarded in previous step, just use
localhost:$LP
as target. For example for SSH:1ssh -p $LP $REMOTE_USER@localhost
where:
$LP
- locally opened port from previous step$REMOTE_USER
- user to authenticate on target hostlocalhost
- your address, where you’ve started tunnel
for example:
With SSH proxy-command#
SSH will open tunnel for you automatically with next command:
1ssh -o ProxyCommand="ssh -W %h:%p -p $JUMPER_PORT $JUMPER_USER@$JUMPER_HOST" targetuser@$TARGET_HOSTNAME
For example:
1ssh -o ProxyCommand="ssh -W %h:%p -p 10022 jumper@localhost" [email protected]
Environment variables#
WHITELIST
- comma-separated list of allowed IPs (or ranges in wildcard form) to connect.See:
man 5 sshd_config
/Match
orPatterns
sectionExamples:
192.0.2.1
192.0.2.1,192.0.2.2,192.0.2.3
192.0.2.*,10.0.0.1
192.0.2.0/24,10.0.0.0/24
2001:db8::/32