A secured ssh based VPN in a Docker container. Works only as jump host for port forwarding and SOCKS proxy but provides no shell.
frm https://github.com/geggo98/docker-ssh-vpn-jump-host
A secured ssh based VPN in a Docker container. Works only as jump host for port forwarding and SOCKS proxy but provides no shell.
It can either be used to access services on a remote host or a remote access in a secure way.
Or it can be used to publish services inside a docker container with ssh. I this case, there should be at least two docker ontainers: One running the service you want to access from the outside and one running the ssh service.
The big advantage of having ssh in a separate Docker container is that the ssh container can be kept at the most current version while the rest of the system can stay at a stable state. So if there are some security updates, it is sufficient to only update the ssh Docker container and keep the rest of the system untouched.
With the ssh Docker container it is also possible to update ssh from remote without risking to lock yourself out. Just spawn two instances of the ssh Docker container, then connect to the first and update the second and then vice versa. So there is always a backup in case the update fails and ssh won't start in the updated container.
Idea: SSH VPN jump host for port forwarding
This docker file provides a pure jump host. This means it can only be used to connect to other servers using ssh port fowarding. It has no shell available and cannot run any commands.
Connecting
Connect from Linux
Open the command line and run
ssh -N -L xxx:nnnnnn:yyy -p 22022 vpn@name-of-serverWhere
| Option | Description |
|---|---|
| nnnnnn:yyy | The remote server you want to access |
| xxx | The local port number |
| name-of-server | The name of the jump gateway server |
You can then access the remote server on port xxx on your local system.
ssh -N -D 1080 -p 22022 vpn@name-of-serverYou can then add "localhost:1080" as a socks 4 proxy to your local web browser. All traffic will be tunneled to the vpn gateway server.
Connect from Mac OS X
Install a current ssh version using homebrew:
brew tap homebrew/dupes
brew install openssh \
--with-brewed-openssl --with-keychain-support
Then continue with the steps for Linux.
Connect from Windows
Attention: PuTTY does not support the required encryption levels used on this server.
KiTTY SSH
Configure a new session with port forwarding. Under "SSH" choose "Don't start a shell or command at all".
MobaXTerm
Create a new connection. Under "Advanced settings" choose "Conncet through SSH gateway (jump host)"
Autossh
Instead of the plain command line ssh, you can also use autossh. Autossh automatically restarts the tunnel when the connection temporarily goes down. It is available to all major platforms (on Windows autossh is available as a Cygwin package and can even run as a Windows service).
News
| Date | Remark |
|---|---|
| 2015-07-22 | The provided configuration is already imune against the MaxAuthRetries attack. |
| 2016-02-17 | The provided configuration is probably safe against the GLibc getaddrinfo attack. Nevertheless all users are advised to rebuild the Docker image, so it fetches the fixes from Ubunutu 14.04 LTS. The patches are already in the LTS version, othere Ubuntu versions should follow soon. |
frm https://github.com/geggo98/docker-ssh-vpn-jump-host
