docker-bastion/README.md

[![Blax Software OSS](https://raw.githubusercontent.com/blax-software/laravel-workkit/master/art/oss-initiative-banner.svg)](https://github.com/blax-software)

# docker-bastion

A **minimal SSH bastion** that authenticates by key and runs exactly **one preconfigured command** on every login. No fallback shell, no interactive choice — the agent connecting via SSH gets dropped straight into whatever you point `FORCE_COMMAND` at.

Typical uses:

- Give an agent (or a human) an SSH-shaped door into a running container — connection lands inside `docker exec -it app bash` and behaves like SSH'ing into the app.
- Give a deploy bot an SSH-shaped door that runs `./deploy.sh` on connect, streams output, and disconnects when the script exits.

Same image, different `FORCE_COMMAND` per service.

## Image

| Tag                          | Base       | Size (est.) |
|------------------------------|------------|-------------|
| `blaxsoftware/bastion:latest`| alpine 3.21 | ~65 MB     |

## Quick Start

```yaml
services:
  ssh-app:
    image: blaxsoftware/bastion:latest
    ports:
      - "2222:22"
    environment:
      FORCE_COMMAND: "docker exec -it learnatc-app-1 bash"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ~/.ssh/authorized_keys:/etc/bastion/authorized_keys.host:ro
      - ./docker/bastion/authorized_keys:/etc/bastion/authorized_keys.repo:ro
      - bastion-keys:/etc/ssh/keys
    restart: unless-stopped

  ssh-deploy:
    image: blaxsoftware/bastion:latest
    ports:
      - "2223:22"
    environment:
      FORCE_COMMAND: "cd /workspace && ./deploy.sh"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - .:/workspace:ro
      - ~/.ssh/authorized_keys:/etc/bastion/authorized_keys.host:ro
      - bastion-keys-deploy:/etc/ssh/keys
    restart: unless-stopped

volumes:
  bastion-keys:
  bastion-keys-deploy:
```

Then from the client:

```bash
ssh -p 2222 agent@your-host        # → drops into bash inside the app container
ssh -p 2223 agent@your-host        # → streams ./deploy.sh, disconnects on exit
```

## Authorized Keys — two sources, merged

At boot the entrypoint concatenates whichever of these files exist into the agent's `authorized_keys`. **At least one must exist** or the container refuses to start.

| File                                         | Typical mount                                   |
|----------------------------------------------|-------------------------------------------------|
| `/etc/bastion/authorized_keys.host`          | `~/.ssh/authorized_keys` from the docker host  |
| `/etc/bastion/authorized_keys.repo`          | `./docker/bastion/authorized_keys` in the repo  |

Mount either, both, or neither — but neither = container exits at startup with a clear error.

## How `FORCE_COMMAND` behaves

`FORCE_COMMAND` is run via `sh -c`, so shell metacharacters work — `&&`, `||`, pipes, `cd`, redirects.

- **Interactive command** (`docker exec -it app bash`) — SSH allocates a PTY by default for `ssh user@host`, `docker exec -it` inherits it, the inner bash is interactive. Session ends when the user types `exit`.
- **Script command** (`cd /workspace && ./deploy.sh`) — output streams back over SSH, the session closes the moment the script exits. Exit code propagates to the SSH client.

The client cannot override the command. `SSH_ORIGINAL_COMMAND` is ignored.

## Environment Variables

| Variable                | Default                                  | Description                                                                |
|-------------------------|------------------------------------------|----------------------------------------------------------------------------|
| `FORCE_COMMAND`         | *(required)*                             | The command run on every authenticated session. Shell metacharacters OK.   |
| `AUTHORIZED_KEYS_HOST`  | `/etc/bastion/authorized_keys.host`      | Path to the host-sourced authorized_keys (mount it here).                  |
| `AUTHORIZED_KEYS_REPO`  | `/etc/bastion/authorized_keys.repo`      | Path to the repo-sourced authorized_keys (mount it here).                  |
| `SSH_PORT`              | `22`                                     | Port sshd listens on inside the container.                                 |

## Build Args

| Arg              | Default | Description                       |
|------------------|---------|-----------------------------------|
| `ALPINE_VERSION` | `3.21`  | Alpine base image tag.            |
| `SSH_UID`        | `1000`  | UID of the bastion `agent` user.  |
| `SSH_GID`        | `1000`  | GID of the bastion `agent` group. |

## What's Inside

- **openssh-server** — hardened config: key-only auth, no forwarding, no PAM, no user env, `/sbin/nologin` shell, global `ForceCommand`.
- **docker-cli** + **docker-cli-compose** — so `FORCE_COMMAND` can target containers via a mounted docker socket. Group membership is auto-aligned at boot to the host socket's GID.
- **tini** — PID 1, signal handling.
- **bash**, **ca-certificates**, **tzdata**.

## Security Model

The security boundary is **the authorized_keys file and the ForceCommand wrapper**. Once a key authenticates, the session is hard-pinned to exactly one command. The bastion has the docker socket — equivalent to host root — so the only thing standing between a remote attacker and host root is sshd + your key hygiene.

Practical checklist:

1. **Key-only auth, no passwords** — enforced in `sshd_config`.
2. **No agent / tcp / x11 forwarding, no port tunnels** — enforced in `sshd_config`.
3. **Login shell is `/sbin/nologin`** — no fallback if `ForceCommand` somehow misfires.
4. **`PermitUserEnvironment no`, `PermitUserRC no`** — clients cannot inject env or rc files.
5. **Bind the host port to `127.0.0.1` or behind a firewall / VPN unless you actually need it public.**
6. **Keep openssh patched** — `apk upgrade` in a rebuild cycle; an unauth sshd RCE here would mean host root.
7. **Lock down siblings** — anyone who can `docker exec` into the app can also `docker exec` into the mysql/redis container via the same socket. `cap_drop: [ALL]` and `no-new-privileges` on siblings caps the blast radius.

## Architecture

```
start-container (entrypoint)
  ├─ generate host keys (idempotent, persisted via /etc/ssh/keys volume)
  ├─ merge AUTHORIZED_KEYS_HOST + AUTHORIZED_KEYS_REPO into authorized_keys
  ├─ write /etc/bastion/force-command wrapper from $FORCE_COMMAND
  ├─ align docker socket group membership (if socket is mounted)
  └─ exec sshd -D -e

ssh client
  └─ key auth as `agent`
       └─ ForceCommand /etc/bastion/force-command
            └─ exec sh -c "$FORCE_COMMAND"
```