thomas/docker-ssh
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Thomas Lovén
2021-09-04 22:35:39 +02:00
commit 0584d79e9a
5 changed files with 294 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
README.md Normal file
View File

@@ -0,0 +1,29 @@
# SSH entrypoint with yubikey OTP support
This docker container runs a sshd instance which is exposed through TCP 443. It can be a nice and secure way into your network.
Since this is the only TCP service I expose, traefik handles this automagically while also routing SSL HTTPS traffic the normal way.
The image is a modified version of https://github.com/Hermsi1337/docker-sshd which has been made to work with yubikey OTP certification and allow for personalized `.ssh/config` files to be loaded.
### ENV variable `SSH_USERS`
`SSH_USERS` contain a comma separates lists of username:UID:GUI that will be allowed to login.
Ex:
`SSH_USERS=myuser:1000:1000,anotheruser:1001:1001`
### Key files
The directory mapped to `/conf.d/authorized_keys` contain files for authorized_keys, authorized yubikeys and ssh config.
- A file named `myuser` will be copied to `/home/myuser/.ssh/authorized_keys`
- A file named `myuser.config` will be copied to `/home/myuser/.ssh/config`
- A file name `myuser.yubi` will be copied to `/home/myuser/.yubico/authorized_yubikeys`
The format of the `.yubi` file is your username followed by a list of the first 12 characters from any OTP from all of your yubikeys, all separated by `:`s. E.g.:
```yaml
myuser:cccccccgklgc:ccccccclabca:
```