Proxy for ssh protocol
I am building a project where i want to give ssh access to containers on the same host. How do i proxy ssh based on some parameter , like username.
17 Replies
Can't you use subdomain routing?
it only works for http protocol not in ssh protocol
Have you verified you can't do that with SSH?
It's just a service on a port, realistically.
when using ssh with domains, it queries the IP address of the domain name and make ssh connection on the port 22 of that IP address. and since reverse proxy's IP address is same for all domains , the request of ssh connection end up on a same port of same ip address.
You can use the Match directive on your sshd_config on your host. You do not even need to set up an ssh server on the containers since you can force exec the shell command.
Or something more customizable you can use HAProxy
can you please elaborate your answer
If you're using docker, just simply map the containers ssh port (22) to some other port on the host (2323) with something like:
docker run -d -p 2323:22 --name my_container your_image
or if you're using compose add this to your service:
ports:
- "2323:22"
now if you ssh by using the command ssh -p 2323 user@somehost
you should be able to access your container
where the port acts like your proxy parameter
you cant use nginx to forward non http requests.
You've got many ways to forward the traffic. You could modify your sshd_config file and use match blocks within it as @rboud suggested. It would look like:
#Define all the ports you want to forward
Port 2323
#Configuration for x.myservice.com
Match Host x.myservice.com
Port 2323
You can also implement ssh multiplexing with a tool like HAProxy. You can learn more about this at: https://docs.haproxy.org/
I'd consider using version 3.0.0 as it the latest LTS version. Perfect for a project
I was thinking of adding somethink like :
but yeah that would work too !
I think yours fit the bill more specifically
in my use case i do not want to give actual IP and port of docker host, i solved my use case this way
ANISH ARAZ (@AnishAraz) on X
I wanted to grant users SSH access to containers within a host, but I can't share the host's IP address and port. What's the solution in this case? The solution I designed is to use a proxy server that forwards ssh requests on a port to the container's host through an ssh tunnel
Twitter
That works!
nice solution
Nice user name 😎
Am about to complete this project , which can provision you containers very similar to how aws provisions you VM , so you can ssh into the container, host multiple applications as you would do in a EC2 machine , but the difference is that, you will be interacting with a docker container.
What do you people say on it ? if we can directly provision containers to users instead of VM , then it would be much more resource efficient.
In most instances, VMs are containers running in the cloud with pre allocated resources and limited access. And while yes this does give the user greater control over what they want but I would imagine that would serve more or less like services offered by cloud providers only that where those services are plug and play, provisioning your own containers is more flexible but less easy to integrate
I guess it comes down to versatility. Being able to provision a container directly instead of renting a VM and then provisioning containers on that VM
I wanted to give it a try so i did this project , and there are some shortcomings. If the container technology gets mature enough to let us do this easily then this would be a huge efficiency improvement on cloud infrastructure since containers are much more efficient.
yessir