February 28, 2021

Docker Compose Bastion Host

Ensure basic connectivity between containers (common network, known names).

A good starting point for a bastion host image is: binlab/bastion:latest But it requires a file volume that is my public key. That works fine locally, but won't work when the container is deployed to AWS or some other docker host. The solution is to build a new image with my public key baked in. Here's the Dockerfile:

FROM binlab/bastion

LABEL maintainer="cch1@hapgood.com"

ARG USER=bastion
ARG GROUP=bastion
ARG HOME=/var/lib/bastion

COPY ./authorized_keys ${HOME}/authorized_keys

RUN chown ${USER}:${GROUP} ${HOME}/authorized_keys
RUN chmod 600 ${HOME}/authorized_keys

Dockerfile to build a personalized bastion

docker run --name bastion --hostname bastion -p 22222:22/tcp -v bastion:/usr/etc/ssh:rw -e "PUBKEY_AUTHENTICATION=true" -e "GATEWAY_PORTS=false" -e "PERMIT_TUNNEL=false" -e "X11_FORWARDING=false" -e "TCP_FORWARDING=true" -e "AGENT_FORWARDING=true" binlab/bastion:latest

Start the bastion server without authorized keys

Reference: https://www.techrepublic.com/article/how-to-create-your-own-docker-image/

Docker Compose Bastion Host

Recent Posts

Clojure Zippers - Part One

Docker Compose Bastion Host

Clojure Zippers for Maps