31/07/2018 - DOCKER, LINUX, PHP
This examples shows us how we can create a OpenSSH based SSH server with docker. After running our container, we will use phpseclib library to connect if within a PHP script. The library can be installed with composer require phpseclib/phpseclib
command. This just gives you an idea so you should enhance it as per your needs.
.
├── docker
│ ├── Dockerfile
│ ├── entrypoint.sh
│ ├── ssh_config
│ ├── sshd_config
│ └── user.sh
├── .env
└── docker-compose.yml
SSH_MASTER_USER=master
SSH_MASTER_PASS=master
version: '3'
services:
server:
build:
context: ./docker
args:
SSH_MASTER_USER: ${SSH_MASTER_USER}
SSH_MASTER_PASS: ${SSH_MASTER_PASS}
hostname: server
ports:
- "2222:22"
FROM debian:9.5
ARG SSH_MASTER_USER
ARG SSH_MASTER_PASS
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
nano \
sudo \
openssh-server
COPY ssh_config /etc/ssh/ssh_config
COPY sshd_config /etc/ssh/sshd_config
COPY user.sh /usr/local/bin/user.sh
RUN chmod +x /usr/local/bin/user.sh
RUN /usr/local/bin/user.sh
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
CMD tail -f /dev/null
This file creates master
user, assigns /home/master
as home, ssh
as user group and sets master
as password. Apart from all that, it grants rm
, mkdir
, chown
, useradd
, deluser
and chpasswd
command usages with the help of sudo
command. This user now can create a new SSH user and revert what he has done.
#!/bin/bash
set -e
printf "\n\033[0;44m---> Creating SSH master user.\033[0m\n"
useradd -m -d /home/${SSH_MASTER_USER} -G ssh ${SSH_MASTER_USER} -s /bin/bash
echo "${SSH_MASTER_USER}:${SSH_MASTER_PASS}" | chpasswd
echo 'PATH="/usr/local/bin:/usr/bin:/bin:/usr/sbin"' >> /home/${SSH_MASTER_USER}/.profile
echo "${SSH_MASTER_USER} ALL=NOPASSWD:/bin/rm" >> /etc/sudoers
echo "${SSH_MASTER_USER} ALL=NOPASSWD:/bin/mkdir" >> /etc/sudoers
echo "${SSH_MASTER_USER} ALL=NOPASSWD:/bin/chown" >> /etc/sudoers
echo "${SSH_MASTER_USER} ALL=NOPASSWD:/usr/sbin/useradd" >> /etc/sudoers
echo "${SSH_MASTER_USER} ALL=NOPASSWD:/usr/sbin/deluser" >> /etc/sudoers
echo "${SSH_MASTER_USER} ALL=NOPASSWD:/usr/sbin/chpasswd" >> /etc/sudoers
exec "$@"
#!/bin/bash
set -e
printf "\n\033[0;44m---> Starting the SSH server.\033[0m\n"
service ssh start
service ssh status
exec "$@"
ChallengeResponseAuthentication no
# UsePAM yes # Prints login information
PrintMotd no
X11Forwarding no
AllowTcpForwarding no
AllowAgentForwarding no
PermitTunnel no
Subsystem sftp /usr/lib/openssh/sftp-server
# Prevents "Are you sure you want to continue connecting (yes/no)?" question while connecting to the server.
# The host IP below is the client machine where the ssh command is issued from.
# Host 192.168.99.*
# StrictHostKeyChecking no
# UserKnownHostsFile=/dev/null
Host *
HashKnownHosts yes
GSSAPIAuthentication yes
$ ssh master@172.18.0.2 -p 22
master@server:~$
master@server:~$ sudo useradd -m -d /home/inanzzz inanzzz -s /bin/bash
master@server:~$ echo "inanzzz:inanzzz" | sudo chpasswd
$ ssh inanzzz@172.18.0.2 -p 22
inanzzz@server:~$
I assume that you have installed the phpseclib
library with composer so use example below to test connection.
use phpseclib\Net\SSH2;
$ssh = new SSH2('172.18.0.2'); // My container IP
if (!$ssh->login('master', 'master')) {
exit('Login Failed');
}
echo $ssh->exec('pwd');
echo $ssh->exec('ls -la');
/home/master
total 20
drwxr-xr-x 2 master master 4096 Jul 31 10:21 .
drwxr-xr-x 3 root root 4096 Jul 31 10:21 ..
-rw-r--r-- 1 master master 220 May 15 2017 .bash_logout
-rw-r--r-- 1 master master 3526 May 15 2017 .bashrc
-rw-r--r-- 1 master master 721 Jul 31 10:21 .profile