by MuchLearning
This image contains all that is needed to log in using sshuttle. It may also be used as a generic ssh server, for example, for port forwarding, etc. It is particularly useful for environments such as kubernetes or Docker Cloud that provide a private network between containers.
-
set the environment variable
AUTHORIZED_KEYSto the key(s) that should be allowed to log in -
mount a volume at /etc/ssh/keys which is a directory with the host keys. The key filenames should end with
key. Alternatively, add a layer to this image that includes that directory. Just don't push the image to a public repository, or else your host keys will become public. -
run the image, and publish port 22
-
you can now ssh in as the user sshuttle
apiVersion: v1
kind: Secret
metadata:
name: sshuttle
namespace: sshuttle
type: Opaque
data:
ecdsakey: [base64-encoded key]
ed25519key: [base64-encoded key]
rsakey: [base64-encoded key]
---
apiVersion: v1
kind: ConfigMap
metadata:
name: sshuttle
namespace: sshuttle
data:
authorizedkeys: "[user's public key]"
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: sshuttle
namespace: sshuttle
spec:
replicas: 1
template:
metadata:
labels:
role: sshuttle
spec:
containers:
- name: sshuttle
image: muchlearning/sshuttle-server:latest
ports:
- containerPort: 22
env:
- name: AUTHORIZED_KEYS
valueFrom:
configMapKeyRef:
name: sshuttle
key: authorizedkeys
volumeMounts:
- name: keys
mountPath: /etc/ssh/keys
volumes:
- name: keys
secret:
secretName: sshuttle
---
apiVersion: v1
kind: Service
metadata:
name: sshuttle
namespace: sshuttle
labels:
role: sshuttle
spec:
selector:
role: sshuttle
ports:
- name: ssh
port: 2222
targetPort: 22
protocol: TCP
externalIPs:
- [your public IP]