docker-documentation/images/docker-openssh-server/index.html

<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><meta name=description content="Welcome to the home of the LinuxServer.io documentation!"><meta name=author content=LinuxServer.io><link href=https://docs.linuxserver.io/images/docker-openssh-server/ rel=canonical><link href=../docker-ombi/ rel=prev><link href=../docker-openvpn-as/ rel=next><link rel=icon href="https://gblobscdn.gitbook.com/spaces%2F-LWuIse8qFJj2MqDi90T%2Favatar-1590244439115.png?alt=media"><meta name=generator content="mkdocs-1.4.3, mkdocs-material-9.1.16"><title>openssh-server - LinuxServer.io</title><link rel=stylesheet href=../../assets/stylesheets/main.26e3688c.min.css><link rel=stylesheet href=../../assets/stylesheets/palette.ecc896b0.min.css><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback"><style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style><script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script></head> <body dir=ltr data-md-color-scheme=default data-md-color-primary=purple data-md-color-accent=indigo> <script>var palette=__md_get("__palette");if(palette&&"object"==typeof palette.color)for(var key of Object.keys(palette.color))document.body.setAttribute("data-md-color-"+key,palette.color[key])</script> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay for=__drawer></label> <div data-md-component=skip> <a href=#linuxserveropenssh-server class=md-skip> Skip to content </a> </div> <div data-md-component=announce> </div> <header class="md-header md-header--shadow" data-md-component=header> <nav class="md-header__inner md-grid" aria-label=Header> <a href=../.. title=LinuxServer.io class="md-header__button md-logo" aria-label=LinuxServer.io data-md-component=logo> <img src="https://gblobscdn.gitbook.com/spaces%2F-LWuIse8qFJj2MqDi90T%2Favatar-1590244439115.png?alt=media" alt=logo> </a> <label class="md-header__button md-icon" for=__drawer> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg> </label> <div class=md-header__title data-md-component=header-title> <div class=md-header__ellipsis> <div class=md-header__topic> <span class=md-ellipsis> LinuxServer.io </span> </div> <div class=md-header__topic data-md-component=header-topic> <span class=md-ellipsis> openssh-server </span> </div> </div> </div> <form class=md-header__option data-md-component=palette> <input class=md-option data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme=default data-md-color-primary=purple data-md-color-accent=indigo aria-label="Switch to dark mode" type=radio name=__palette id=__palette_1> <label class="md-header__button md-icon" title="Switch to dark mode" for=__palette_2 hidden> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M17 6H7c-3.31 0-6 2.69-6 6s2.69 6 6 6h10c3.31 0 6-2.69 6-6s-2.69-6-6-6zm0 10H7c-2.21 0-4-1.79-4-4s1.79-4 4-4h10c2.21 0 4 1.79 4 4s-1.79 4-4 4zM7 9c-1.66 0-3 1.34-3 3s1.34 3 3 3 3-1.34 3-3-1.34-3-3-3z"/></svg> </label> <input class=md-option data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme=slate data-md-color-primary=purple data-md-color-accent=indigo aria-label="Switch to light mode" type=radio name=__palette id=__palette_2> <label class="md-header__button md-icon" title="Switch to light mode" for=__palette_1 hidden> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M17 7H7a5 5 0 0 0-5 5 5 5 0 0 0 5 5h10a5 5 0 0 0 5-5 5 5 0 0 0-5-5m0 8a3 3 0 0 1-3-3 3 3
</code></pre></div></p> <p>Then simply follow the prompts. The keys generated by this script are only displayed on your console output, so make sure to save them somewhere after generation.</p> <h2 id=usage>Usage</h2> <p>To help you get started creating a container from this image you can either use docker-compose or the docker cli.</p> <h3 id=docker-compose-recommended-click-here-for-more-info>docker-compose (recommended, <a href=https://docs.linuxserver.io/general/docker-compose>click here for more info</a>)</h3> <div class=highlight><pre><span></span><code><span class=nn>---</span>
<span class=nt>version</span><span class=p>:</span><span class=w> </span><span class=s>&quot;2.1&quot;</span>
<span class=nt>services</span><span class=p>:</span>
<span class=w>  </span><span class=nt>openssh-server</span><span class=p>:</span>
<span class=w>    </span><span class=nt>image</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">lscr.io/linuxserver/openssh-server:latest</span>
<span class=w>    </span><span class=nt>container_name</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">openssh-server</span>
<span class=w>    </span><span class=nt>hostname</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">openssh-server</span><span class=w> </span><span class=c1>#optional</span>
<span class=w>    </span><span class=nt>environment</span><span class=p>:</span>
<span class=w>      </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">PUID=1000</span>
<span class=w>      </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">PGID=1000</span>
<span class=w>      </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">TZ=Etc/UTC</span>
<span class=w>      </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">PUBLIC_KEY=yourpublickey</span><span class=w> </span><span class=c1>#optional</span>
<span class=w>      </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">PUBLIC_KEY_FILE=/path/to/file</span><span class=w> </span><span class=c1>#optional</span>
<span class=w>      </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">PUBLIC_KEY_DIR=/path/to/directory/containing/_only_/pubkeys</span><span class=w> </span><span class=c1>#optional</span>
<span class=w>      </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">PUBLIC_KEY_URL=https://github.com/username.keys</span><span class=w> </span><span class=c1>#optional</span>
<span class=w>      </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">SUDO_ACCESS=false</span><span class=w> </span><span class=c1>#optional</span>
<span class=w>      </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">PASSWORD_ACCESS=false</span><span class=w> </span><span class=c1>#optional</span>
<span class=w>      </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">USER_PASSWORD=password</span><span class=w> </span><span class=c1>#optional</span>
<span class=w>      </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">USER_PASSWORD_FILE=/path/to/file</span><span class=w> </span><span class=c1>#optional</span>
<span class=w>      </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">USER_NAME=linuxserver.io</span><span class=w> </span><span class=c1>#optional</span>
<span class=w>    </span><span class=nt>volumes</span><span class=p>:</span>
<span class=w>      </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/appdata/config:/config</span>
<span class=w>    </span><span class=nt>ports</span><span class=p>:</span>
<span class=w>      </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">2222:2222</span>
<span class=w>    </span><span class=nt>restart</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">unless-stopped</span>
</code></pre></div> <h3 id=docker-cli-click-here-for-more-info>docker cli (<a href=https://docs.docker.com/engine/reference/commandline/cli/ >click here for more info</a>)</h3> <div class=highlight><pre><span></span><code>docker<span class=w> </span>run<span class=w> </span>-d<span class=w> </span><span class=se>\</span>
<span class=w>  </span>--name<span class=o>=</span>openssh-server<span class=w> </span><span class=se>\</span>
<span class=w>  </span>--hostname<span class=o>=</span>openssh-server<span class=w> </span><span class=sb>`</span><span class=c1>#optional` \</span>
<span class=w>  </span>-e<span class=w> </span><span class=nv>PUID</span><span class=o>=</span><span class=m>1000</span><span class=w> </span><span class=se>\</span>
<span class=w>  </span>-e<span class=w> </span><span class=nv>PGID</span><span class=o>=</span><span class=m>1000</span><span class=w> </span><span class=se>\</span>
<span class=w>  </span>-e<span class=w> </span><span class=nv>TZ</span><span class=o>=</span>Etc/UTC<span class=w> </span><span class=se>\</span>
<span class=w>  </span>-e<span class=w> </span><span class=nv>PUBLIC_KEY</span><span class=o>=</span>yourpublickey<span class=w> </span><span class=sb>`</span><span class=c1>#optional` \</span>
<span class=w>  </span>-e<span class=w> </span><span class=nv>PUBLIC_KEY_FILE</span><span class=o>=</span>/path/to/file<span class=w> </span><span class=sb>`</span><span class=c1>#optional` \</span>
<span class=w>  </span>-e<span class=w> </span><span class=nv>PUBLIC_KEY_DIR</span><span class=o>=</span>/path/to/directory/containing/_only_/pubkeys<span class=w> </span><span class=sb>`</span><span class=c1>#optional` \</span>
<span class=w>  </span>-e<span class=w> </span><span class=nv>PUBLIC_KEY_URL</span><span class=o>=</span>https://github.com/username.keys<span class=w> </span><span class=sb>`</span><span class=c1>#optional` \</span>
<span class=w>  </span>-e<span class=w> </span><span class=nv>SUDO_ACCESS</span><span class=o>=</span><span class=nb>false</span><span class=w> </span><span class=sb>`</span><span class=c1>#optional` \</span>
<span class=w>  </span>-e<span class=w> </span><span class=nv>PASSWORD_ACCESS</span><span class=o>=</span><span class=nb>false</span><span class=w> </span><span class=sb>`</span><span class=c1>#optional` \</span>
<span class=w>  </span>-e<span class=w> </span><span class=nv>USER_PASSWORD</span><span class=o>=</span>password<span class=w> </span><span class=sb>`</span><span class=c1>#optional` \</span>
<span class=w>  </span>-e<span class=w> </span><span class=nv>USER_PASSWORD_FILE</span><span class=o>=</span>/path/to/file<span class=w> </span><span class=sb>`</span><span class=c1>#optional` \</span>
<span class=w>  </span>-e<span class=w> </span><span class=nv>USER_NAME</span><span class=o>=</span>linuxserver.io<span class=w> </span><span class=sb>`</span><span class=c1>#optional` \</span>
<span class=w>  </span>-p<span class=w> </span><span class=m>2222</span>:2222<span class=w> </span><span class=se>\</span>
<span class=w>  </span>-v<span class=w> </span>/path/to/appdata/config:/config<span class=w> </span><span class=se>\</span>
<span class=w>  </span>--restart<span class=w> </span>unless-stopped<span class=w> </span><span class=se>\</span>
<span class=w>  </span>lscr.io/linuxserver/openssh-server:latest
</code></pre></div> <h2 id=parameters>Parameters</h2> <p>Docker images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate <code>&lt;external&gt;:&lt;internal&gt;</code> respectively. For example, <code>-p 8080:80</code> would expose port <code>80</code> from inside the container to be accessible from the host's IP on port <code>8080</code> outside the container.</p> <h3 id=ports-p>Ports (<code>-p</code>)</h3> <table> <thead> <tr> <th align=center>Parameter</th> <th>Function</th> </tr> </thead> <tbody> <tr> <td align=center><code>2222</code></td> <td>ssh port</td> </tr> </tbody> </table> <h3 id=environment-variables-e>Environment Variables (<code>-e</code>)</h3> <table> <thead> <tr> <th align=center>Env</th> <th>Function</th> </tr> </thead> <tbody> <tr> <td align=center><code>PUID=1000</code></td> <td>for UserID - see below for explanation</td> </tr> <tr> <td align=center><code>PGID=1000</code></td> <td>for GroupID - see below for explanation</td> </tr> <tr> <td align=center><code>TZ=Etc/UTC</code></td> <td>specify a timezone to use, see this <a href=https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List>list</a>.</td> </tr> <tr> <td align=center><code>PUBLIC_KEY=yourpublickey</code></td> <td>Optional ssh public key, which will automatically be added to authorized_keys.</td> </tr> <tr> <td align=center><code>PUBLIC_KEY_FILE=/path/to/file</code></td> <td>Optionally specify a file containing the public key (works with docker secrets).</td> </tr> <tr> <td align=center><code>PUBLIC_KEY_DIR=/path/to/directory/containing/_only_/pubkeys</code></td> <td>Optionally specify a directory containing the public keys (works with docker secrets).</td> </tr> <tr> <td align=center><code>PUBLIC_KEY_URL=https://github.com/username.keys</code></td> <td>Optionally specify a URL containing the public key.</td> </tr> <tr> <td align=center><code>SUDO_ACCESS=false</code></td> <td>Set to <code>true</code> to allow <code>linuxserver.io</code>, the ssh user, sudo access. Without <code>USER_PASSWORD</code> set, this will allow passwordless sudo access.</td> </tr> <tr> <td align=center><code>PASSWORD_ACCESS=false</code></td> <td>Set to <code>true</code> to allow user/password ssh access. You will want to set <code>USER_PASSWORD</code> or <code>USER_PASSWORD_FILE</code> as well.</td> </tr> <tr> <td align=center><code>USER_PASSWORD=password</code></td> <td>Optionally set a sudo password for <code>linuxserver.io</code>, the ssh user. If this or <code>USER_PASSWORD_FILE</code> are not set but <code>SUDO_ACCESS</code> is set to true, the user will have passwordless sudo access.</td> </tr> <tr> <td align=center><code>USER_PASSWORD_FILE=/path/to/file</code></td> <td>Optionally specify a file that contains the password. This setting supersedes the <code>USER_PASSWORD</code> option (works with docker secrets).</td> </tr> <tr> <td align=center><code>USER_NAME=linuxserver.io</code></td> <td>Optionally specify a user name (Default:<code>linuxserver.io</code>)</td> </tr> </tbody> </table> <h3 id=volume-mappings-v>Volume Mappings (<code>-v</code>)</h3> <table> <thead> <tr> <th align=center>Volume</th> <th>Function</th> </tr> </thead> <tbody> <tr> <td align=center><code>/config</code></td> <td>Contains all relevant configuration files.</td> </tr> </tbody> </table> <h4 id=miscellaneous-options>Miscellaneous Options</h4> <table> <thead> <tr> <th align=center>Parameter</th> <th>Function</th> </tr> </thead> <tbody> <tr> <td align=center><code>--hostname=</code></td> <td>Optionally the hostname can be defined.</td> </tr> </tbody> </table> <h2 id=environment-variables-from-files-docker-secrets>Environment variables from files (Docker secrets)</h2> <p>You can set any environment variable from a file by using a special prepend <code>FILE__</code>.</p> <p>As an example:</p> <div class=highlight><pre><span></span><code>-e<span class=w> </span><span class=nv>FILE__PASSWORD</span><span class=o>=</span>/run/secrets/mysecretpassword
</code></pre></div> <p>Will set the environment variable <code>PASSWORD</code> based on the contents of the <code>/run/secrets/mysecretpassword</code> file.</p> <h2 id=umask-for-running-applications>Umask for running applications</h2> <p>For all of our images we provide the ability to override the default umask settings for services started within the containers using the optional <code>-e UMASK=022</code> setting. Keep in mind umask is not chmod it subtracts from permissions based on it's value it does not add. Please read up <a href=https://en.wikipedia.org/wiki/Umask>here</a> before asking for support.</p> <h2 id=user-group-identifiers>User / Group Identifiers</h2> <p>When using volumes (<code>-v</code> flags), permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user <code>PUID</code> and group <code>PGID</code>.</p> <p>Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic.</p> <p>In this instance <code>PUID=1000</code> and <code>PGID=1000</code>, to find yours use <code>id user</code> as below:</p> <div class=highlight><pre><span></span><code><span class=w>  </span>$<span class=w> </span>id<span class=w> </span>username
<span class=w>    </span><span class=nv>uid</span><span class=o>=</span><span class=m>1000</span><span class=o>(</span>dockeruser<span class=o>)</span><span class=w> </span><span class=nv>gid</span><span class=o>=</span><span class=m>1000</span><span class=o>(</span>dockergroup<span class=o>)</span><span class=w> </span><span class=nv>groups</span><span class=o>=</span><span class=m>1000</span><span class=o>(</span>dockergroup<span class=o>)</span>
</code></pre></div> <h2 id=docker-mods>Docker Mods</h2> <p><a href="https://mods.linuxserver.io/?mod=openssh-server" title="view available mods for this container."><img alt="Docker Mods" src="https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=openssh-server&query=%24.mods%5B%27openssh-server%27%5D.mod_count&url=https%3A%2F%2Fraw.githubusercontent.com%2Flinuxserver%2Fdocker-mods%2Fmaster%2Fmod-list.yml"></a> <a href="https://mods.linuxserver.io/?mod=universal" title="view available universal mods."><img alt="Docker Universal Mods" src="https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=universal&query=%24.mods%5B%27universal%27%5D.mod_count&url=https%3A%2F%2Fraw.githubusercontent.com%2Flinuxserver%2Fdocker-mods%2Fmaster%2Fmod-list.yml"></a></p> <p>We publish various <a href=https://github.com/linuxserver/docker-mods>Docker Mods</a> to enable additional functionality within the containers. The list of Mods available for this image (if any) as well as universal mods that can be applied to any one of our images can be accessed via the dynamic badges above.</p> <h2 id=support-info>Support Info</h2> <ul> <li>Shell access whilst the container is running:</li> <li><code>docker exec -it openssh-server /bin/bash</code></li> <li>To monitor the logs of the container in realtime:</li> <li><code>docker logs -f openssh-server</code></li> <li>Container version number</li> <li><code>docker inspect -f '{{ index .Config.Labels "build_version" }}' openssh-server</code></li> <li>Image version number</li> <li><code>docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/openssh-server:latest</code></li> </ul> <h2 id=versions>Versions</h2> <ul> <li><strong>12.06.23:</strong> - Rebase to Alpine 3.18, deprecate armhf. As announced <a href=https://www.linuxserver.io/blog/a-farewell-to-arm-hf>here</a></li> <li><strong>05.03.23:</strong> - Rebase to Alpine 3.17.</li> <li><strong>18.10.22:</strong> - Fix wrong behavior of password/passwordless sudo</li> <li><strong>11.10.22:</strong> - Rebase to Alpine 3.16, migrate to s6v3.</li> <li><strong>15.09.22:</strong> - add netcat-openbsd with support for proxies.</li> <li><strong>18.07.22:</strong> - Fix service perms to comply with upgrade to s6 v3.</li> <li><strong>16.04.22:</strong> - Rebase to alpine 3.15.</li> <li><strong>16.11.21:</strong> - Add PUBLIC_KEY_URL option</li> <li><strong>28.06.21:</strong> - Rebasing to alpine 3.14. Add support for PAM.</li> <li><strong>10.02.21:</strong> - Rebasing to alpine 3.13. Add openssh-client for scp.</li> <li><strong>21.10.20:</strong> - Implement s6-log for openssh, which adds local timestamps to logs and can be used with a log parser like fail2ban.</li> <li><strong>20.10.20:</strong> - Set umask for sftp.</li> <li><strong>01.06.20:</strong> - Rebasing to alpine 3.12.</li> <li><strong>18.01.20:</strong> - Add key generation script.</li> <li><strong>13.01.20:</strong> - Add openssh-sftp-server.</li> <li><strong>19.12.19:</strong> - Rebasing to alpine 3.11.</li> <li><strong>17.10.19:</strong> - Initial Release.</li> </ul> </article> </div> </div> </main> <footer class=md-footer> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-copyright> <div class=md-copyright__highlight> Copyright &copy; 2022 LinuxServer.io </div> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a> </div> <div class=md-social> <a href=https://github.com/linuxserver target=_blank rel=noopener title=github.com class=md-social__link> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 448 512"><!-- Font Awesome Free 6.4.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M400 32H48C21.5 32 0 53.5 0 80v352c0 26.5 21.5 48 48 48h352c26.5 0 48-21.5 48-48V80c0-26.5-21.5-48-48-48zM277.3 415.7c-8.4 1.5