This plugin queries dockerd for containers and creates pipes to them.
sshpiperd docker
start a container with sshpiper labels
docker run -d -e USER_NAME=user -e USER_PASSWORD=pass -e PASSWORD_ACCESS=true -l sshpiper.username=pass -l sshpiper.container_username=user -l sshpiper.port=2222 lscr.io/linuxserver/openssh-server
connect to piper
ssh -l pass piper
Docker connection is configured with environment variables below:
https://pkg.go.dev/github.com/moby/moby/client#FromEnv
- DOCKER_HOST: to set the url to the docker server, default "unix:///var/run/docker.sock"
- DOCKER_API_VERSION: to set the version of the API to reach, leave empty for latest.
- DOCKER_CERT_PATH: to load the TLS certificates from.
- DOCKER_TLS_VERIFY: to enable or disable TLS verification, off by default.
- sshpiper.username: username to filter containers by
downstream's username. left empty to auth withauthorized_keysonly. - sshpiper.container_username: username of container's sshd
- sshpiper.port: port of container's sshd
- sshpiper.authorized_keys: authorized_keys to verify against
downstream. in base64 format - sshpiper.trusted_user_ca_keys: trusted user CA keys to verify ssh certificates against
downstream. in base64 format - sshpiper.private_key: private_key to send to container's sshd. in base64 format. For
sshpiper.docker_exec_cmd=true, sshpiper ignores this label and always generates one. - sshpiper.docker_exec_cmd: set to
truewhen there is no sshd inside the container; sshpiper will start an sshd bridge and exec into the container. currently only supports downstream publickey auth. - sshpiper.docker_sshd_cmd: command used by docker-sshd when no remote command is provided. defaults to
/bin/sh.