Created
January 8, 2026 15:22
-
-
Save rwcitek/9f4be30f816128dc143446260f96a93c to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Run this in a blank GitHub Codespace | |
| ## set up folders | |
| mkdir -p ssh_client ssh_server http_server | |
| ## ssh client | |
| <<'eof' cat > ssh_client/Dockerfile | |
| FROM ubuntu:24.04 | |
| RUN apt-get update && apt-get install -y openssh-client iputils-ping curl && rm -rf /var/lib/apt/lists/* | |
| # Create user foobar | |
| RUN useradd -m -s /bin/bash foobar | |
| USER foobar | |
| WORKDIR /home/foobar | |
| RUN mkdir -p /home/foobar/.ssh && chown foobar:foobar /home/foobar/.ssh | |
| CMD ["sleep", "infinity"] | |
| eof | |
| ## ssh server | |
| <<'eof' cat > ssh_server/Dockerfile | |
| FROM ubuntu:24.04 | |
| RUN apt-get update && apt-get install -y openssh-server curl && rm -rf /var/lib/apt/lists/* | |
| RUN mkdir /var/run/sshd | |
| # Create user foobar | |
| RUN useradd -m -s /bin/bash foobar | |
| # Configure SSH for GatewayPorts (required for the tunnel to work) | |
| RUN echo "GatewayPorts yes" >> /etc/ssh/sshd_config | |
| # Ensure the user has a .ssh directory with correct ownership | |
| RUN mkdir -p /home/foobar/.ssh && chown foobar:foobar /home/foobar/.ssh | |
| CMD ["/usr/sbin/sshd", "-D"] | |
| eof | |
| ## http server | |
| <<'eof' cat > http_server/Dockerfile | |
| FROM ubuntu:24.04 | |
| RUN apt-get update && apt-get install -y nginx && rm -rf /var/lib/apt/lists/* | |
| CMD ["nginx", "-g", "daemon off;"] | |
| eof | |
| ## docker compose | |
| <<'eof' cat > docker-compose.yml | |
| services: | |
| container_a: | |
| build: ./http_server | |
| container_name: container_a | |
| networks: | |
| - front-tier | |
| container_b: | |
| build: ./ssh_client | |
| container_name: container_b | |
| networks: | |
| - front-tier | |
| - back-tier | |
| container_c: | |
| build: ./ssh_server | |
| container_name: container_c | |
| networks: | |
| - back-tier | |
| networks: | |
| front-tier: | |
| back-tier: | |
| eof | |
| ## Generate keys | |
| ssh-keygen -t rsa -b 4096 -f ./id_rsa -N "" | |
| chmod 600 ./id_rsa | |
| ## Start containers | |
| docker compose up -d | |
| ## Get Container C's IP | |
| C_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_c) | |
| echo ${C_IP} | |
| ## Copy keys to Container C (Authorized Keys for login) | |
| docker cp ./id_rsa.pub container_c:/home/foobar/.ssh/authorized_keys | |
| docker exec container_c chown foobar:foobar /home/foobar/.ssh/authorized_keys | |
| docker exec container_c chmod 600 /home/foobar/.ssh/authorized_keys | |
| ## Copy keys to Container B (Private key to initiate reverse tunnel) | |
| docker cp ./id_rsa container_b:/home/foobar/.ssh/id_rsa | |
| docker exec -u root container_b chown foobar:foobar /home/foobar/.ssh/id_rsa | |
| docker exec container_b chmod 600 /home/foobar/.ssh/id_rsa | |
| ## ssh from B to C | |
| docker exec -u foobar container_b \ | |
| ssh -i /home/foobar/.ssh/id_rsa \ | |
| -N -f -R 8080:container_a:80 \ | |
| foobar@container_c -o StrictHostKeyChecking=no | |
| ## ssh from host to C | |
| ssh -i ./id_rsa -N -L 8080:localhost:8080 foobar@$C_IP -o StrictHostKeyChecking=no |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment