31/07/2018 - DOCKER, LINUX, PHP
This examples shows us how we can create a OpenSSH based SSH server with docker. After running our container, we will use phpseclib library to connect if within a PHP script. The library can be installed with composer require phpseclib/phpseclib command. This just gives you an idea so you should enhance it as per your needs.
.
├── docker
│ ├── Dockerfile
│ ├── entrypoint.sh
│ ├── ssh_config
│ ├── sshd_config
│ └── user.sh
├── .env
└── docker-compose.yml
SSH_MASTER_USER=master
SSH_MASTER_PASS=master
version: '3'
services:
server:
build:
context: ./docker
args:
SSH_MASTER_USER: ${SSH_MASTER_USER}
SSH_MASTER_PASS: ${SSH_MASTER_PASS}
hostname: server
ports:
- "2222:22"
FROM debian:9.5
ARG SSH_MASTER_USER
ARG SSH_MASTER_PASS
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
nano \
sudo \
openssh-server
COPY ssh_config /etc/ssh/ssh_config
COPY sshd_config /etc/ssh/sshd_config
COPY user.sh /usr/local/bin/user.sh
RUN chmod +x /usr/local/bin/user.sh
RUN /usr/local/bin/user.sh
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
CMD tail -f /dev/null
This file creates master user, assigns /home/master as home, ssh as user group and sets master as password. Apart from all that, it grants rm, mkdir, chown, useradd, deluser and chpasswd command usages with the help of sudo command. This user now can create a new SSH user and revert what he has done.
#!/bin/bash
set -e
printf "\n\033[0;44m---> Creating SSH master user.\033[0m\n"
useradd -m -d /home/${SSH_MASTER_USER} -G ssh ${SSH_MASTER_USER} -s /bin/bash
echo "${SSH_MASTER_USER}:${SSH_MASTER_PASS}" | chpasswd
echo 'PATH="/usr/local/bin:/usr/bin:/bin:/usr/sbin"' >> /home/${SSH_MASTER_USER}/.profile
echo "${SSH_MASTER_USER} ALL=NOPASSWD:/bin/rm" >> /etc/sudoers
echo "${SSH_MASTER_USER} ALL=NOPASSWD:/bin/mkdir" >> /etc/sudoers
echo "${SSH_MASTER_USER} ALL=NOPASSWD:/bin/chown" >> /etc/sudoers
echo "${SSH_MASTER_USER} ALL=NOPASSWD:/usr/sbin/useradd" >> /etc/sudoers
echo "${SSH_MASTER_USER} ALL=NOPASSWD:/usr/sbin/deluser" >> /etc/sudoers
echo "${SSH_MASTER_USER} ALL=NOPASSWD:/usr/sbin/chpasswd" >> /etc/sudoers
exec "$@"
#!/bin/bash
set -e
printf "\n\033[0;44m---> Starting the SSH server.\033[0m\n"
service ssh start
service ssh status
exec "$@"
ChallengeResponseAuthentication no
# UsePAM yes # Prints login information
PrintMotd no
X11Forwarding no
AllowTcpForwarding no
AllowAgentForwarding no
PermitTunnel no
Subsystem sftp /usr/lib/openssh/sftp-server
# Prevents "Are you sure you want to continue connecting (yes/no)?" question while connecting to the server.
# The host IP below is the client machine where the ssh command is issued from.
# Host 192.168.99.*
# StrictHostKeyChecking no
# UserKnownHostsFile=/dev/null
Host *
HashKnownHosts yes
GSSAPIAuthentication yes
$ ssh master@172.18.0.2 -p 22
master@server:~$
master@server:~$ sudo useradd -m -d /home/inanzzz inanzzz -s /bin/bash
master@server:~$ echo "inanzzz:inanzzz" | sudo chpasswd
$ ssh inanzzz@172.18.0.2 -p 22
inanzzz@server:~$
I assume that you have installed the phpseclib library with composer so use example below to test connection.
use phpseclib\Net\SSH2;
$ssh = new SSH2('172.18.0.2'); // My container IP
if (!$ssh->login('master', 'master')) {
exit('Login Failed');
}
echo $ssh->exec('pwd');
echo $ssh->exec('ls -la');
/home/master
total 20
drwxr-xr-x 2 master master 4096 Jul 31 10:21 .
drwxr-xr-x 3 root root 4096 Jul 31 10:21 ..
-rw-r--r-- 1 master master 220 May 15 2017 .bash_logout
-rw-r--r-- 1 master master 3526 May 15 2017 .bashrc
-rw-r--r-- 1 master master 721 Jul 31 10:21 .profile