kopia lustrzana https://github.com/linuxserver/docker-documentation
Bot Updating Documentation
LinuxServer-CI
rodzic
b4afed9320
commit
281412dae9
|
|
@ -1,8 +1,18 @@
|
|||
# linuxserver/openssh-server
|
||||
# [linuxserver/openssh-server](https://github.com/linuxserver/docker-openssh-server)
|
||||
|
||||
[](https://github.com/linuxserver/docker-openssh-server) [](https://github.com/linuxserver/docker-openssh-server/releases) [](https://github.com/linuxserver/docker-openssh-server/packages) [](https://gitlab.com/Linuxserver.io/docker-openssh-server/container_registry) [](https://microbadger.com/images/linuxserver/openssh-server) [](https://hub.docker.com/r/linuxserver/openssh-server) [](https://hub.docker.com/r/linuxserver/openssh-server) [](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-openssh-server/job/master/) [](https://lsio-ci.ams3.digitaloceanspaces.com/linuxserver/openssh-server/latest/index.html)
|
||||
[](https://github.com/linuxserver/docker-openssh-server)
|
||||
[](https://github.com/linuxserver/docker-openssh-server/releases)
|
||||
[](https://github.com/linuxserver/docker-openssh-server/packages)
|
||||
[](https://gitlab.com/Linuxserver.io/docker-openssh-server/container_registry)
|
||||
[](https://microbadger.com/images/linuxserver/openssh-server "Get your own version badge on microbadger.com")
|
||||
[](https://hub.docker.com/r/linuxserver/openssh-server)
|
||||
[](https://hub.docker.com/r/linuxserver/openssh-server)
|
||||
[](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-openssh-server/job/master/)
|
||||
[](https://lsio-ci.ams3.digitaloceanspaces.com/linuxserver/openssh-server/latest/index.html)
|
||||
|
||||
[Openssh-server](https://www.openssh.com/) is a sandboxed environment that allows ssh access without giving keys to the entire server. Giving ssh access via private key often means giving full access to the server. This container creates a limited and sandboxed environment that others can ssh into. The users only have access to the folders mapped and the processes running inside this container.
|
||||
[Openssh-server](https://www.openssh.com/) is a sandboxed environment that allows ssh access without giving keys to the entire server.
|
||||
Giving ssh access via private key often means giving full access to the server. This container creates a limited and sandboxed environment that others can ssh into.
|
||||
The users only have access to the folders mapped and the processes running inside this container.
|
||||
|
||||
## Supported Architectures
|
||||
|
||||
|
|
@ -13,18 +23,19 @@ Simply pulling `linuxserver/openssh-server` should retrieve the correct image fo
|
|||
The architectures supported by this image are:
|
||||
|
||||
| Architecture | Tag |
|
||||
| :---: | :--- |
|
||||
| :----: | --- |
|
||||
| x86-64 | amd64-latest |
|
||||
| arm64 | arm64v8-latest |
|
||||
| armhf | arm32v7-latest |
|
||||
|
||||
|
||||
## Usage
|
||||
|
||||
Here are some example snippets to help you get started creating a container from this image.
|
||||
|
||||
### docker
|
||||
|
||||
```text
|
||||
```
|
||||
docker create \
|
||||
--name=openssh-server \
|
||||
--hostname=openssh-server `#optional` \
|
||||
|
|
@ -44,6 +55,7 @@ docker create \
|
|||
linuxserver/openssh-server
|
||||
```
|
||||
|
||||
|
||||
### docker-compose
|
||||
|
||||
Compatible with docker-compose v2 schemas.
|
||||
|
|
@ -76,48 +88,49 @@ services:
|
|||
|
||||
## Parameters
|
||||
|
||||
Docker images are configured using parameters passed at runtime \(such as those above\). These parameters are separated by a colon and indicate `<external>:<internal>` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container.
|
||||
Docker images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `<external>:<internal>` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container.
|
||||
|
||||
### Ports \(`-p`\)
|
||||
### Ports (`-p`)
|
||||
|
||||
| Parameter | Function |
|
||||
| :---: | :--- |
|
||||
| :----: | --- |
|
||||
| `2222` | ssh port |
|
||||
|
||||
### Environment Variables \(`-e`\)
|
||||
|
||||
### Environment Variables (`-e`)
|
||||
|
||||
| Env | Function |
|
||||
| :---: | :--- |
|
||||
| :----: | --- |
|
||||
| `PUID=1000` | for UserID - see below for explanation |
|
||||
| `PGID=1000` | for GroupID - see below for explanation |
|
||||
| `TZ=Europe/London` | Specify a timezone to use EG Europe/London |
|
||||
| `PUBLIC_KEY=yourpublickey` | Optional ssh public key, which will automatically be added to authorized\_keys. |
|
||||
| `PUBLIC_KEY_FILE=/path/to/file` | Optionally specify a file containing the public key \(works with docker secrets\). |
|
||||
| `PUBLIC_KEY=yourpublickey` | Optional ssh public key, which will automatically be added to authorized_keys. |
|
||||
| `PUBLIC_KEY_FILE=/path/to/file` | Optionally specify a file containing the public key (works with docker secrets). |
|
||||
| `SUDO_ACCESS=false` | Set to `true` to allow `linuxserver.io`, the ssh user, sudo access. Without `USER_PASSWORD` set, this will allow passwordless sudo access. |
|
||||
| `PASSWORD_ACCESS=false` | Set to `true` to allow user/password ssh access. You will want to set `USER_PASSWORD` or `USER_PASSWORD_FILE` as well. |
|
||||
| `USER_PASSWORD=password` | Optionally set a sudo password for `linuxserver.io`, the ssh user. If this or `USER_PASSWORD_FILE` are not set but `SUDO_ACCESS` is set to true, the user will have passwordless sudo access. |
|
||||
| `USER_PASSWORD_FILE=/path/to/file` | Optionally specify a file that contains the password. This setting supersedes the `USER_PASSWORD` option \(works with docker secrets\). |
|
||||
| `USER_NAME=linuxserver.io` | Optionally specify a user name \(Default:`linuxserver.io`\) |
|
||||
| `USER_PASSWORD_FILE=/path/to/file` | Optionally specify a file that contains the password. This setting supersedes the `USER_PASSWORD` option (works with docker secrets). |
|
||||
| `USER_NAME=linuxserver.io` | Optionally specify a user name (Default:`linuxserver.io`) |
|
||||
|
||||
### Volume Mappings \(`-v`\)
|
||||
### Volume Mappings (`-v`)
|
||||
|
||||
| Volume | Function |
|
||||
| :---: | :--- |
|
||||
| :----: | --- |
|
||||
| `/config` | Contains all relevant configuration files. |
|
||||
|
||||
#### Miscellaneous Options
|
||||
|
||||
#### Miscellaneous Options
|
||||
| Parameter | Function |
|
||||
| :---: | :--- |
|
||||
| :-----: | --- |
|
||||
| `--hostname=` | Optionally the hostname can be defined. |
|
||||
|
||||
## Environment variables from files \(Docker secrets\)
|
||||
## Environment variables from files (Docker secrets)
|
||||
|
||||
You can set any environment variable from a file by using a special prepend `FILE__`.
|
||||
|
||||
As an example:
|
||||
|
||||
```text
|
||||
```
|
||||
-e FILE__PASSWORD=/run/secrets/mysecretpassword
|
||||
```
|
||||
|
||||
|
|
@ -125,24 +138,27 @@ Will set the environment variable `PASSWORD` based on the contents of the `/run/
|
|||
|
||||
## Umask for running applications
|
||||
|
||||
For all of our images we provide the ability to override the default umask settings for services started within the containers using the optional `-e UMASK=022` setting. Keep in mind umask is not chmod it subtracts from permissions based on it's value it does not add. Please read up [here](https://en.wikipedia.org/wiki/Umask) before asking for support.
|
||||
For all of our images we provide the ability to override the default umask settings for services started within the containers using the optional `-e UMASK=022` setting.
|
||||
Keep in mind umask is not chmod it subtracts from permissions based on it's value it does not add. Please read up [here](https://en.wikipedia.org/wiki/Umask) before asking for support.
|
||||
|
||||
|
||||
## User / Group Identifiers
|
||||
|
||||
When using volumes \(`-v` flags\), permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`.
|
||||
When using volumes (`-v` flags), permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`.
|
||||
|
||||
Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic.
|
||||
|
||||
In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below:
|
||||
|
||||
```text
|
||||
```
|
||||
$ id username
|
||||
uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup)
|
||||
```
|
||||
|
||||
## Application Setup
|
||||
|
||||
If `PUBLIC_KEY` or `PUBLIC_KEY_FILE` variables are set, they will automatically be added to `authorized_keys`. If not, the keys can manually be added to `/config/.ssh/authorized_keys` and the container should be restarted. Removing `PUBLIC_KEY` or `PUBLIC_KEY_FILE` variables from docker run environment variables will not remove the keys from `authorized_keys`. `PUBLIC_KEY_FILE` can be used with docker secrets.
|
||||
If `PUBLIC_KEY` or `PUBLIC_KEY_FILE` variables are set, they will automatically be added to `authorized_keys`. If not, the keys can manually be added to `/config/.ssh/authorized_keys` and the container should be restarted.
|
||||
Removing `PUBLIC_KEY` or `PUBLIC_KEY_FILE` variables from docker run environment variables will not remove the keys from `authorized_keys`. `PUBLIC_KEY_FILE` can be used with docker secrets.
|
||||
|
||||
We provide the ability to set and allow password based access via the `PASSWORD_ACCESS` and `USER_PASSWORD` variables, though we as an organization discourage using password auth for public facing ssh endpoints.
|
||||
|
||||
|
|
@ -166,18 +182,19 @@ You can optionally set the docker argument `hostname`
|
|||
## Key Generation
|
||||
|
||||
This container has a helper script to generate an ssh private/public key. In order to generate a key please run:
|
||||
|
||||
```text
|
||||
```
|
||||
docker run --rm -it --entrypoint /keygen.sh linuxserver/openssh-server
|
||||
```
|
||||
|
||||
Then simply follow the prompts. The keys generated by this script are only displayed on your console output, so make sure to save them somewhere after generation.
|
||||
Then simply follow the prompts.
|
||||
The keys generated by this script are only displayed on your console output, so make sure to save them somewhere after generation.
|
||||
|
||||
|
||||
## Docker Mods
|
||||
[](https://mods.linuxserver.io/?mod=openssh-server "view available mods for this container.")
|
||||
|
||||
[](https://mods.linuxserver.io/?mod=openssh-server)
|
||||
We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to enable additional functionality within the containers. The list of Mods available for this image (if any) can be accessed via the dynamic badge above.
|
||||
|
||||
We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to enable additional functionality within the containers. The list of Mods available for this image \(if any\) can be accessed via the dynamic badge above.
|
||||
|
||||
## Support Info
|
||||
|
||||
|
|
@ -197,4 +214,3 @@ We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to
|
|||
* **13.01.20:** - Add openssh-sftp-server.
|
||||
* **19.12.19:** - Rebasing to alpine 3.11.
|
||||
* **17.10.19:** - Initial Release.
|
||||
|
||||
|
|
|
|||
Ładowanie…
Reference in New Issue