我想在我的主机上配置 sshd 以将某个用户的公钥登录转发到运行自己的 sshd 服务的 Docker 容器.
I would like to configure sshd on my host machine to forward public key logins of a certain user to a Docker container that runs its own sshd service.
为了提供一些上下文,我在 Docker 容器中运行 GitLab,我不喜欢在主机上打开另一个端口以进行 SSH GitLab 通信,而是在主机上使用 sshd 重定向用户并直接键入 GitLab 公开的端口在本地机器上.
To give some context, I have GitLab running in a Docker container and I dislike opening another port on the host machine for the SSH GitLab communication but instead have sshd on the host machine redirect user and key directly to the port the GitLab exposes on the local machine.
我的想法是做这样的事情:
My idea is to do something like this:
Match User git ForceCommand ssh -p <GitLab port> <some arguments that forward to> git@localhost ...非常感谢您的帮助!
推荐答案我找到了一个简单的解决方法.只需在主机上创建一个 Git 用户并提供一个代理脚本,该脚本使用主机的 SSH 守护程序和容器卷中的 .ssh/authorized_keys 在 GitLab 容器中执行给定的 Git 命令.
I found a simple workaround to this. Just create a Git user on the host machine and provide a proxy script that executes the given Git commands in the GitLab container using the host's SSH daemon and the .ssh/authorized_keys from the container volume.
在宿主机上,添加用户git,使用相同的UID &GID 与 GitLab docker 容器 (998) 相同,并将 GitLab data 目录设置为用户的主目录:
On the host machine, add the user git using the same UID & GID as in the GitLab docker container (998) and set your GitLab data directory as the user's home: useradd -u 998 -s /bin/bash -d /your/gitlab/path/data git
将git用户加入docker组
Add the git user to the docker group
usermod -G docker git在宿主机上添加代理脚本/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell,内容如下:
#!/bin/bash docker exec -i -u git <your_gitlab_container_id> sh -c "SSH_CONNECTION='$SSH_CONNECTION' SSH_ORIGINAL_COMMAND='$SSH_ORIGINAL_COMMAND' $0 $1"更多推荐
让 git 用户的 sshd 登录转发到(GitLab)Docker 容器
发布评论