sshpiper and docker

[jmls]

I'm trying to get sshpiper to forward connections to an upstream host running in a docker container. I am using docker-gen to generate the config, but I can't seem to get it working.

Has anyone done this and care to help / share who they did it ?

Thanks!

[tg123]

can you ssh into your container?

or you can try my project ssh into docker container without sshd
you can try https://github.com/tg123/docker-sshd

[asthomasdk]

I am working with @jmls on this.

The container we want to connect to is on a remote server, with nginx-proxy handling htpp/s traffic with dynamic URLs, as we have many containers being started - each requiring individual connections.

From outside the host, we can connect to the ssh container with : using ssh and autohorized keys set up inside the container.

We have tried to set up sshpiper so that we can use the public DNS name of the host, and then have sshpiper_upstream files configured to use the internal docker IP (which the sshpiper container can access) of the ssh container. Should this work?

[tg123]

@asthomasdk
I think it should work

maybe you have to update sshpiper_upstream file after dest container was created.
We have a dynamic version of sshpiper_upstream inside :)

[asthomasdk]

I created the container first - this has been running for a while. So I doubt that is the problem.

Is the upstream host supposed to have a URL or IP that can be evaluated by the client directly - or can we use this to proxy between one public IP and internal IPs/hostnames as upstream servers ? (Like we do with nginx-proxy)

[asthomasdk]

Another question - just to make sure I have this correctly configured...

Do I have to have the authorized_keys file for each upstream setup - or can I leave it out and have the key being passed in by the client used all the way through to the upstream container?

[tg123]

authorized_keys is to ensure
CLIENT (ssh client) -> sshpiper
is authorized by client private key

and you have to setup a key for container

you cannot leave it because keys cannot be passed to upstream
sshpiper need another key to connect to upstream(container sshd)

reason here
https://github.com/tg123/sshpiper#publickey-sign-again

[asthomasdk]

ok - so for every upstream, I have to have :

• sshpiper_upstream file
• authorized_keys (with client public key registered)
• id_rsa (which is then registered in the upstream server)

Is that correct?

[tg123]

Yes

[asthomasdk]

Apologies for the duplicate question...

When using the Docker container version of this, should there be a file called authorized_keys in each upstream directory - or should we just have one inside the container in ~/.ssh/authorized_keys ?

[tg123]

@asthomasdk
yes there must be a upstream file to find the upstream in the working dir

the docker version is the same as the standalone binary

[asthomasdk]

FYI - we did get this to work. Now we will be looking into how we might be able to auto-generate the various config parts - using something like docker-gen that nginx-proxy is using.

[roopemerikukka]

@asthomasdk did you manage to create the configurations with docker-gen?

[asthomasdk]

Afraid we have moved away from this and not looked at it in a very long time.