moul / ssh2docker Goto Github PK

View Code? Open in Web Editor NEW

184.0 17.0 17.0 4.81 MB

:whale: standalone SSH server that connects you to your Docker containers

Home Page: https://manfred.life/ssh2docker

License: MIT License

Go 83.99% Makefile 7.69% Ruby 2.64% Dockerfile 5.68%

docker ssh-server hook-script ssh gateway

ssh2docker's Issues

Support of `--allowed-images=alpine,ubuntu:trusty,abcdef12345`

Handle stream plugin using pipes

i.e:

$ ssh2docker --pipe-input=typo --pipe-output=anonuuid

Do not kill secondary clients (joined) of freshly created containers

POC: forward root access to standard shell

So we can only have this sshd server

Linux: panic: runtime error: invalid memory address or nil pointer dereference

root@ssh:~# ssh2docker
INFO[0000] Listening on ":2222"
INFO[0014] NewClient (0): User="armbuild/alpine", ClientVersion="5353482d322e302d4f70656e5353485f362e377031205562756e74752d357562756e747531"
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xb code=0x1 addr=0x0 pc=0xc6438]

goroutine 7 [running]:
github.com/moul/ssh2docker.(*Client).HandleChannelRequests.func1(0x10752000, 0xb64fc858, 0x10728b80, 0x10739fc0)
        /go/src/github.com/moul/ssh2docker/client.go:136 +0x658
created by github.com/moul/ssh2docker.(*Client).HandleChannelRequests
        /go/src/github.com/moul/ssh2docker/client.go:228 +0x44

goroutine 1 [IO wait]:
net.runtime_pollWait(0xb64fc458, 0x72, 0x106100b0)
        /usr/local/go/src/runtime/netpoll.go:157 +0x60
net.(*pollDesc).Wait(0x106ab9f8, 0x72, 0x0, 0x0)
        /usr/local/go/src/net/fd_poll_runtime.go:73 +0x34
net.(*pollDesc).WaitRead(0x106ab9f8, 0x0, 0x0)
        /usr/local/go/src/net/fd_poll_runtime.go:78 +0x30
net.(*netFD).accept(0x106ab9c0, 0x0, 0xb64fc518, 0x106a7a20)
        /usr/local/go/src/net/fd_unix.go:408 +0x21c
net.(*TCPListener).AcceptTCP(0x1060a488, 0x10645b4c, 0x0, 0x0)
        /usr/local/go/src/net/tcpsock_posix.go:254 +0x4c
net.(*TCPListener).Accept(0x1060a488, 0x0, 0x0, 0x0, 0x0)
        /usr/local/go/src/net/tcpsock_posix.go:264 +0x34
main.Action(0x1067a100)
        /go/src/github.com/moul/ssh2docker/cmd/ssh2docker/main.go:162 +0x75c
github.com/moul/ssh2docker/vendor/github.com/codegangsta/cli.(*App).Run(0x106663f0, 0x1060a0e0, 0x1, 0x1, 0x0, 0x0)
        /go/src/github.com/moul/ssh2docker/vendor/github.com/codegangsta/cli/app.go:164 +0xac8
main.main()
        /go/src/github.com/moul/ssh2docker/cmd/ssh2docker/main.go:104 +0x784

goroutine 17 [syscall, locked to thread]:
runtime.goexit()
        /usr/local/go/src/runtime/asm_arm.s:1036 +0x4

goroutine 5 [chan receive]:
github.com/moul/ssh2docker.(*Client).HandleChannels(0x10752000, 0x0, 0x0)
        /go/src/github.com/moul/ssh2docker/client.go:82 +0x50
github.com/moul/ssh2docker.(*Server).Handle(0x10650480, 0xb64fc530, 0x1060a4b0, 0x0, 0x0)
        /go/src/github.com/moul/ssh2docker/server.go:77 +0x238
created by main.Action
        /go/src/github.com/moul/ssh2docker/cmd/ssh2docker/main.go:167 +0x920

goroutine 6 [IO wait]:
net.runtime_pollWait(0xb64fc3e0, 0x72, 0x106100b0)
        /usr/local/go/src/runtime/netpoll.go:157 +0x60
net.(*pollDesc).Wait(0x106abb38, 0x72, 0x0, 0x0)
        /usr/local/go/src/net/fd_poll_runtime.go:73 +0x34
net.(*pollDesc).WaitRead(0x106abb38, 0x0, 0x0)
        /usr/local/go/src/net/fd_poll_runtime.go:78 +0x30
net.(*netFD).Read(0x106abb00, 0x1068b000, 0x1000, 0x1000, 0x0, 0xb64f7030, 0x106100b0)
        /usr/local/go/src/net/fd_unix.go:232 +0x1c4
net.(*conn).Read(0x1060a4b0, 0x1068b000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
        /usr/local/go/src/net/net.go:172 +0xc8
bufio.(*Reader).fill(0x106af3b0)
        /usr/local/go/src/bufio/bufio.go:97 +0x1c4
bufio.(*Reader).Read(0x106af3b0, 0x10733b70, 0x5, 0x5, 0x20, 0x0, 0x0)
        /usr/local/go/src/bufio/bufio.go:207 +0x22c
io.ReadAtLeast(0xb54b7000, 0x106af3b0, 0x10733b70, 0x5, 0x5, 0x5, 0x0, 0x0, 0x0)
        /usr/local/go/src/io/io.go:298 +0xdc
io.ReadFull(0xb54b7000, 0x106af3b0, 0x10733b70, 0x5, 0x5, 0x1074a1a0, 0x0, 0x0)
        /usr/local/go/src/io/io.go:316 +0x5c
github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh.(*streamPacketCipher).readPacket(0x10733b60, 0xa, 0xb54b7000, 0x106af3b0, 0x0, 0x0, 0x0, 0x0, 0x0)
        /go/src/github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh/cipher.go:142 +0x88
github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh.(*connectionState).readPacket(0x10698ab0, 0x106af3b0, 0x0, 0x0, 0x0, 0x0, 0x0)
        /go/src/github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh/transport.go:111 +0xb8
github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh.(*transport).readPacket(0x10698ab0, 0x0, 0x0, 0x0, 0x0, 0x0)
        /go/src/github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh/transport.go:107 +0x4c
github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh.(*handshakeTransport).readOnePacket(0x10698b40, 0x0, 0x0, 0x0, 0x0, 0x0)
        /go/src/github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh/handshake.go:165 +0xcc
github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh.(*handshakeTransport).readLoop(0x10698b40)
        /go/src/github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh/handshake.go:145 +0x1c
created by github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh.newServerTransport
        /go/src/github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh/handshake.go:120 +0x294

goroutine 18 [chan receive]:
github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh.(*handshakeTransport).readPacket(0x10698b40, 0x0, 0x0, 0x0, 0x0, 0x0)
        /go/src/github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh/handshake.go:136 +0x5c
github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh.(*mux).onePacket(0x10748140, 0x0, 0x0)
        /go/src/github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh/mux.go:224 +0x48
github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh.(*mux).loop(0x10748140)
        /go/src/github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh/mux.go:199 +0x30
created by github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh.newMux
        /go/src/github.com/moul/ssh2docker/vendor/golang.org/x/crypto/ssh/mux.go:128 +0x224

goroutine 19 [chan receive]:
github.com/moul/ssh2docker.(*Client).HandleRequests.func1(0x107480c0)
        /go/src/github.com/moul/ssh2docker/client.go:70 +0x48
created by github.com/moul/ssh2docker.(*Client).HandleRequests
        /go/src/github.com/moul/ssh2docker/client.go:76 +0x3c
root@ssh:~#

Add an option to display info to the user on connection

i.e:

image info
user info

Release binaries for multiple architectures

handle custom entrypoint

Add changelog

Add systemd startup scripts

Configure Docker to forward ctrl+p normally

Add an option to log errors on the client

Support of `--allow-join-existing` option

Add Scaleway native support

Create an image with Docker and ssh2docker
Configure default ssh port to something != 22
Configure ssh2docker to run on port 22

Support hot configuration reload

Depends on #9

Support of `--no-download` option

Create an `homebrew` package

Client keys

Hi there! Any ideas to check user keys, to detect non allowed access?

Initial version for Pathwar requirements

Auth by password using a hook (#28)
Connect/reconnect for same user + same host
Images whitelist (#4)

Restart stopped containers

Handle docker timeout, and exit with a warning

Handle SCP

https://gist.github.com/jedy/3357393

Add an option to log commands

When connecting with forbidden image, display a list of available images

Add a POC of ssh to git

implement
add usage example

Add an option to link local volume per-user

Kill connection when exiting shell (ctrl+D)

Add a logo

Clean containers when starting daemon or exiting

Also cleanup containers on remote when option --clean-on-startup is present

Add an helper to run gotty-client linked to ssh2docker and handle authentication

Add a POC of rsync

implement
add example usage

Handle `exec` req.Type

Blocking #34
Blocking #50

SFTP?

Any chance this project will support SFTP at some point?

Reconnecting to existing containers

Allow building on more platform by diverging `proc` related calls depending on the architecture

Add an ascii-art schema in the README.md

Support of `--no-create` option

Do not create new containers, only join existing ones

Add password hook mode

Add 'docker' support

Add keys hook mode

Related with #28
Fixes #2

Use a configuration file

Do not create new containers, only join existing ones

Connect an existing container

Hello,
It's possible to connect directly to existing container by name ?
Thanx

Log (un)successful attempts to connect

Similar to ssh, for fail2ban. Something like this will do :

May 24 10:52:45 dargor sshd[${pid}]: Disconnecting: Too many authentication failures for invalid user ${login} from ${ip} port ${port} ssh2 [preauth]
May 24 11:05:56 dargor sshd[${pid}]: Received disconnect from ${ip}: 11: Bye Bye [preauth]
May 24 11:21:28 dargor sshd[${pid}]: Connection closed by ${ip} [preauth]
May 24 12:13:06 dargor sshd[${pid}]: Accepted publickey for ${login} from ${ip} port ${port} ssh2: RSA ${fingerprint}
May 24 12:13:06 dargor sshd[${pid}]: Received disconnect from ${ip}: 11: disconnected by user

Either with syslog or a file to /var/log.