This is a 🐳 Docker image containing an OpenSSH server that can be used for local port forwarding only (rootless version). This image is almost equivalent to dmotte/docker-portfwd-server but it runs as a non-root user.
Inspired by: https://www.golinuxcloud.com/run-sshd-as-non-root-user-without-sudo/
📦 This image is also on Docker Hub as
dmotte/portfwd-server-rootlessand runs on several architectures (e.g. amd64, arm64, ...). To see the full list of supported platforms, please refer to the.github/workflows/main.ymlfile. If you need an architecture which is currently unsupported, feel free to open an issue.
The first things you need are host keys for the OpenSSH server and an SSH key pair for the client to be able to connect. See the usage example of dmotte/docker-portmap-server for how to get them.
In general, the use of this image is very similar to dmotte/docker-portmap-server-rootless.
In the PERMIT_OPEN environment variable you need to specify the destinations to which port forwarding is permitted, separated by spaces. Example: 10.0.2.15:8001 10.0.2.15:8002 10.0.2.2:8003
Finally, you can start the server:
docker run -it --rm \
-v "$PWD/hostkeys:/ssh-host-keys" \
-v "$PWD/myclientkey.pub:/ssh-client-keys/myclientkey.pub:ro" \
-p2222:2222 \
-ePERMIT_OPEN=10.0.2.15:8080 \
dmotte/portfwd-server-rootlessSee dmotte/docker-portmap-server for further details on usage; it's very similar to this one.
For a more complex example, refer to the docker-compose.yml file.
List of supported environment variables:
| Variable | Required | Description |
|---|---|---|
KEEPALIVE_INTERVAL |
No (default: 30) | Value for the ClientAliveInterval option of the OpenSSH server |
PERMIT_OPEN |
Yes | Value for the PermitOpen option of the OpenSSH server |
If you want to contribute to this project, you can use the following one-liner to rebuild the image and bring up the Docker-Compose stack every time you make a change to the code:
docker-compose down && docker-compose up --build