Skip to content

chentmin/bastion

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

~9MB Linux docker box just for use as ssh bastion

Usage

Create a authorized_keys file with all public keys that can connect to this bastion. Make the file publicly readable or the user in the docker will not have the permission to read it.

chmod a+r authorized_keys

Then run the following command to start the bastion.

docker run --name bastion -d --restart=always -v $(pwd)/authorized_keys:/home/dev/.ssh/authorized_keys:ro -p 9022:9022 chentm/bastion

To connect through the bastion, first add your key to forward agent: ssh-add and use ssh-add -L to

ssh -A -t -p 9022 [email protected] ssh -t [email protected]

Security

The bastion itself do not have firewalls to limit the source connections. You can use the firewall at the host machine or the security group from AWS to limit the connecitons to port 9022.

Users can do pretty much nothing with the bastion. Only ssh/sshd commands are available.

For places where Docker Hub is unreachable eg. China

Run the following commands to build the docker image before running docker run

git clone https://github.com/chentmin/bastion.git
docker build -t chentm/bastion bastion

It only needs to download ~2MB from Github, although it could be slow to download from China.

Credits

This bastion is based on Alpine Version 3.2.

Security harden script is modified based on this

About

Secure docker ssh bastion for 9MB in size

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published