I would like to configure sshd on my host machine to forward public key logins of a certain user to a Docker container that runs its own sshd service.
To give some context, I have GitLab running in a Docker container and I dislike opening another port on the host machine for the SSH GitLab communication but instead have sshd on the host machine redirect user and key directly to the port the GitLab exposes on the local machine.
My idea is to do something like this:
Match User git
ForceCommand ssh -p <GitLab port> <some arguments that forward to> git@localhost
Help is greatly appreciated!
I found a simple workaround to this. Just create a Git user on the host machine and provide a proxy script that executes the given Git commands in the GitLab container using the host's SSH daemon and the .ssh/authorized_keys
from the container volume.
On the host machine, add the user git
using the same UID & GID as in the GitLab docker container (998) and set your GitLab data
directory as the user's home:
useradd -u 998 -s /bin/bash -d /your/gitlab/path/data git
Add the git
user to the docker group
usermod -G docker git
Add a proxy script /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell
on the host machine with the following contents:
docker exec -i -u git <your_gitlab_container_id> sh -c "SSH_CONNECTION='$SSH_CONNECTION' SSH_ORIGINAL_COMMAND='$SSH_ORIGINAL_COMMAND' $0 $1"