Jan 26, 2023

Run a Secure SSH Server With Docker in 3 Steps

Run a Secure SSH Server With Docker in 3 Steps

Step 1: Writing the Dockerfile

In order to simplify the set up process, we're going to start by writing a Dockerfile that contains all the necessary instructions for building the SSH server image.

$ touch Dockerfile

Selecting a base image

For this tutorial, we'll use as a base image the latest version of Ubuntu for Docker, available on the official Docker Hub repository.

FROM ubuntu

Unminimizing the image

Unlike Ubuntu for desktop, the ubuntu image for Docker is a minimal image designed for automated deployment at scale. It has a greatly reduced default package set, without many convenience tools for interactive usage.

To convert this minimal instance into a standard environment suitable for interactive usage, we can use the unminimize command:

RUN yes | unminimize

That will install the standard Ubuntu Server packages for us.

Installing additional packages

We're now going to make sure that the package lists and available packages are up-to-date:

RUN apt update && apt upgrade -y

And we're going to install two additional packages:

  • The sudo package; which allows users to run commands as the root user.
  • The openssh-server package; which allows for secure remote connections.
RUN apt install sudo openssh-server -y

Note that the -y option flag is used in non-interactive mode to automatically accept the installation of packages and their dependencies.

Creating a sudo user

Since by default the only available user account is the root account, we're going to create a new user account named ubuntu using the useradd command:

RUN useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo -u 1000 ubuntu

Which will:

  • Set its home directory to /home/ubuntu.
  • Set its default shell to /bin/bash.
  • Add it to the root and sudo groups.
  • Set its UID to 1000.

Once created, we're going to set this new user's password to admin using the chpasswd command:

RUN echo 'ubuntu:admin' | chpasswd

Defining a start command

Finally, we're going to define the /bin/bash command as the default command to be executed upon container startup.

CMD ["/bin/bash"]

The complete Dockerfile

# Pull ubuntu:latest
FROM ubuntu

# Install base packages
RUN yes | unminimize

# Update packages
RUN apt update && apt upgrade -y

# Install sudo and OpenSSH
RUN apt install sudo openssh-server -y

# Create new sudo user
RUN useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo -u 1000 ubuntu

# Update user password
RUN echo 'ubuntu:admin' | chpasswd

# Run shell
CMD ["/bin/bash"]

Step 2: Building the Image

To convert the Dockerfile into an actual Docker image, we're going to use the docker build command, and tag this image using the -t option flag:

$ docker build -t ubuntu-ssh .

Once the building process is completed, we can verify that the image is ready to be used by running the docker images command:

$ docker images
REPOSITORY   TAG       IMAGE ID       CREATED          SIZE
ubuntu-ssh   latest    0c717bfd9ec0   10 minutes ago   291MB

Step 3: Starting the SSH Server

Running the container

To now launch a container named ssh-server based on the ubuntu-ssh image we've just build, we can use the docker run command:

$ docker run -dit --name ssh-server -p 22:22 ubuntu-ssh

Where:

  • The -d flag is used to run the container as a background process (i.e. detached mode).
  • The -it flags are used to run the container in interactive terminal mode.
  • The --name flag is used to give a name to the container.
  • The -p flag is used to connect the ports of the local environment to the ports of the container.

Once we've done that, we can verify that the container is up and running using the docker ps command:

$ docker ps
CONTAINER ID   IMAGE        COMMAND       CREATED          STATUS          PORTS                NAMES
246bf5f46b50   ubuntu-ssh   "/bin/bash"   16 minutes ago   Up 16 minutes   0.0.0.0:22->22/tcp   ssh-server

Starting the server

Now that the container is running, we can start the SSH server by executing the service ssh start command within it using the docker exec command:

$ docker exec ssh-server /bin/bash -c "service ssh start"
 * Starting OpenBSD Secure Shell server sshd
   ...done.

Connecting to the server

We can now connect to the server with the username (i.e. ubuntu) and password (i.e. admin) we've previously created using the ssh command:

$ ssh ubuntu@127.0.0.1

Et voilà!

Related posts