thomas/docker-ssh
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
docker-ssh/README.md
Thomas Lovén 0584d79e9a Initial commit
2021-09-04 22:37:12 +02:00

1.2 KiB
Raw Blame History

SSH entrypoint with yubikey OTP support

This docker container runs a sshd instance which is exposed through TCP 443. It can be a nice and secure way into your network.

Since this is the only TCP service I expose, traefik handles this automagically while also routing SSL HTTPS traffic the normal way.

The image is a modified version of https://github.com/Hermsi1337/docker-sshd which has been made to work with yubikey OTP certification and allow for personalized .ssh/config files to be loaded.

ENV variable SSH_USERS

SSH_USERS contain a comma separates lists of username:UID:GUI that will be allowed to login.

Ex:

SSH_USERS=myuser:1000:1000,anotheruser:1001:1001

Key files

The directory mapped to /conf.d/authorized_keys contain files for authorized_keys, authorized yubikeys and ssh config.

  • A file named myuser will be copied to /home/myuser/.ssh/authorized_keys
  • A file named myuser.config will be copied to /home/myuser/.ssh/config
  • A file name myuser.yubi will be copied to /home/myuser/.yubico/authorized_yubikeys

The format of the .yubi file is your username followed by a list of the first 12 characters from any OTP from all of your yubikeys, all separated by :s. E.g.:

myuser:cccccccgklgc:ccccccclabca: