[Support] Linuxserver.io - openssh-server


Recommended Posts

linuxserver_medium.png?v=4&s=4000

 

Application Name: Openssh-server
Application Site: https://www.openssh.com/
Docker Hub: https://hub.docker.com/r/linuxserver/openssh-server/
Github: https://github.com/linuxserver/docker-openssh-server

 

Please post any questions/issues relating to this docker you have in this thread.

If you are not using Unraid (and you should be!) then please do not post here, rather use the linuxserver.io forum for support.

Link to comment
  • 7 months later...
9 hours ago, jj_uk said:

Thanks for the reply. It's not possible at the moment, but if this https://github.com/linuxserver/docker-openssh-server/pull/42#issuecomment-832987767 gets merged, it will be possible to open multiple ports easily by forwarding any required ports in the template, and adding them to a 'OPENSSH_PORT_STRING' variable.

Why do you need multiple ports? The container can't handle multiple users, so I don't see the value.

If you read aptalcas comment, you can see that you can do this with the customizing option we have in our containers.

Edited by saarg
Link to comment

What i'm trying to achieve is to set the ssh-server up so that it can be used as a tunnel to several raspberry pi's that are behind routers on different networks.

 

From each device, create and copy key to openssh-server:

User 1

ssh-keygen -t rsa -b 2048 -E sha512

ssh-copy-id user1@<duckdns to unraid> -p 2222

Add to startup:

sudo autossh -M 0 -q -T -N -i /home/user1/.ssh/id_rsa -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R 12345:localhost:22 user1@<duckdns to unraid> -p 2222

 

User 2

ssh-keygen -t rsa -b 2048 -E sha512

ssh-copy-id user2@duckdns to unraid> -p 2222

Add to startup:

sudo autossh -M 0 -q -T -N -i /home/user2/.ssh/id_rsa -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R 12345:localhost:22 user2@<duckdns to unraid> -p 2222

 

But as the container only has one user/password, so can't copy the key for the 2nd user.

 

Is there a config file in openssh-server that can be used to set up multiple users on the server?

 

 

Link to comment
1 hour ago, jj_uk said:

What i'm trying to achieve is to set the ssh-server up so that it can be used as a tunnel to several raspberry pi's that are behind routers on different networks.

 

From each device, create and copy key to openssh-server:

User 1

ssh-keygen -t rsa -b 2048 -E sha512

ssh-copy-id user1@<duckdns to unraid> -p 2222

Add to startup:

sudo autossh -M 0 -q -T -N -i /home/user1/.ssh/id_rsa -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R 12345:localhost:22 user1@<duckdns to unraid> -p 2222

 

User 2

ssh-keygen -t rsa -b 2048 -E sha512

ssh-copy-id user2@duckdns to unraid> -p 2222

Add to startup:

sudo autossh -M 0 -q -T -N -i /home/user2/.ssh/id_rsa -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R 12345:localhost:22 user2@<duckdns to unraid> -p 2222

 

But as the container only has one user/password, so can't copy the key for the 2nd user.

 

Is there a config file in openssh-server that can be used to set up multiple users on the server?

 

 

Our containers are not multi user.

Why not set up multiple containers?

Link to comment
12 minutes ago, jj_uk said:

At the moment, there are 3 remote devices, but if successful, I can see that growing to probably 20 devices. 

 

So, my options are linux VM or a basic linux container that I can add users to. 

 

While visually unappealing in the list, multiple containers are very resource friendly, as the bits are reused across all the containers. Being able to manage them as separate entities but still use virtually the same amount of space as a single container is the upside of using granular containers.

Link to comment
1 hour ago, jonathanm said:

While visually unappealing in the list, multiple containers are very resource friendly, as the bits are reused across all the containers. Being able to manage them as separate entities but still use virtually the same amount of space as a single container is the upside of using granular containers.

Ok i'll try this. It would be good if dockers could be placed into minimizable groups to avoid the visually unappealing aspect.

Edited by jj_uk
Link to comment
  • 2 months later...

I am trying to use this docker to set up a reverse SSH tunnel so I can access remote hosts that are behind NAT. But no matter what I always get this error and the tunnel is not created:

 

pi@piaware:~ $ ssh -i ~/.ssh/my_key -R 10022:localhost:2222 [email protected] -p 2222
Warning: remote port forwarding failed for listen port 10022
Welcome to OpenSSH Server

758869fae143:~$

 

I tested creating a reverse SSH tunnel to a normal Ubuntu host and it worked fine. Where I am I going wrong with the docker?

Link to comment
  • 3 weeks later...

Looks like using a ssh key pair is not working? Added my public key file using the specific variable and double checked its addition via /config/.ssh/authorized_keys by connecting to the console which looks to have been added. However using both putty from Windows or my ssh app on my ipad gives me an the error that no authentication method error. I took the same public key and added it to a raspberry pi I used for various testing of things. Once it was added I then tried the same two apps to connect and both immediately worked. Is there a setting that needs to be changed in the /config folder to allow authentication via key files?

 

Tried even using ssh from within the container to login using the same username and I get the same error when specifying the key.

Edited by texanman
Link to comment
  • 2 months later...

Hi, I have been using this docker on unRAID for a while now.

I intended to install a second instance of the docker but when searching for it in the APP section I can't find it.

It seems as if this docker has been removed from the unRAID repository?

 

Is it removed or have I made some error?

And if it's removed then why?

 

Regards

Link to comment
On 8/28/2021 at 10:08 PM, texanman said:

Looks like using a ssh key pair is not working? Added my public key file using the specific variable and double checked its addition via /config/.ssh/authorized_keys by connecting to the console which looks to have been added. However using both putty from Windows or my ssh app on my ipad gives me an the error that no authentication method error. I took the same public key and added it to a raspberry pi I used for various testing of things. Once it was added I then tried the same two apps to connect and both immediately worked. Is there a setting that needs to be changed in the /config folder to allow authentication via key files?

 

Tried even using ssh from within the container to login using the same username and I get the same error when specifying the key.

Hi.

 

I have managed to get certificate based authentication working.

The client that is supposed to connect shall use the private key not the public key.

 

 

Link to comment
On 8/28/2021 at 10:08 PM, texanman said:

Looks like using a ssh key pair is not working? Added my public key file using the specific variable and double checked its addition via /config/.ssh/authorized_keys by connecting to the console which looks to have been added. However using both putty from Windows or my ssh app on my ipad gives me an the error that no authentication method error. I took the same public key and added it to a raspberry pi I used for various testing of things. Once it was added I then tried the same two apps to connect and both immediately worked. Is there a setting that needs to be changed in the /config folder to allow authentication via key files?

 

Tried even using ssh from within the container to login using the same username and I get the same error when specifying the key.

 

If you changed the parameter "Password Access" to false it means that password authentication is then disabled.

If you then try to connect with a client that doesn't use a certificate to authenticate then you will get the "no authentication method" error.

If using putty to connect you need to setup putty to use the private key when connecting and also if you used a password to protect the certificates with (entered during creation) you need to enter the same password to putty, if not then putty will not be able to use the certificate.

 

Good luck. 

 

 

Link to comment
  • 2 months later...

How does this openssh container avoid the "chroot" before ssh authentication?

 

I tried to create a container from a ubuntu 18.04 base image and install openssh-server inside the container so that I can ssh into the container. However, my seccomp rule does not allow syscal "chroot" and I get this error log "fatal: chroot("/run/sshd"): Operation not permitted [preauth]" from /var/log/auth.log. This error indicates that ssh-server tries to run "chroot" before authentication (ssh client log shows "connection reset" before authentication) but failed because of permission issue.

 

I also tried openssh container image without providing "chroot" in seccomp but I have no issue. I access into the openssh container as root and tried to manually run "chroot" and I have no permission to do that. This tells me that ssh-server inside openssh container does not run "chroot" when establishing the connection.

1. Why does openssh-server try to chroot to /run/sshd inside ubuntu container? This "chroot" before authentication is different from the "chroot" that could be ran after authentication and can be configed inside /etc/ssh/sshd_config file.

2. What is the change that ssh-server, inside openssh container, have made to avoid using "chroot"?

 

Thanks

Link to comment
  • 4 months later...
  • 1 month later...
On 6/11/2022 at 1:55 PM, Darkguy said:

I can't seem to find this container within the Apps section in Unraid. It's still available from DockerHub. Has the template for Unraid been removed for some reason?

Same question here.

 

I just uploaded a version of it using the repository version as base: https://github.com/linuxserver/docker-templates/blob/master/linuxserver.io/openssh-server.xml

 

It's working perfectly so far and available in the Community Applications tab.

Edited by djismgaming
Link to comment

Is there a way to use the docker mod

linuxserver/mods:universal-cloudflared

with this container to have SSH access via CGNAT?

 

I tried with my version and get repeating error:

s6-envuidgid: fatal: unknown user: abc

 

I've seen this user "abc" in other linuxserver docker containers.

Edited by djismgaming
Link to comment
  • 3 months later...
On 8/7/2021 at 7:13 PM, absolute_badger said:

I am trying to use this docker to set up a reverse SSH tunnel so I can access remote hosts that are behind NAT. But no matter what I always get this error and the tunnel is not created:

 

pi@piaware:~ $ ssh -i ~/.ssh/my_key -R 10022:localhost:2222 [email protected] -p 2222
Warning: remote port forwarding failed for listen port 10022
Welcome to OpenSSH Server

758869fae143:~$

 

I tested creating a reverse SSH tunnel to a normal Ubuntu host and it worked fine. Where I am I going wrong with the docker?

 

Hi all,

 

I have exactly the same problem, trying to achieve exactly the same thing.

 

Is there any solution? @absolute_badger, have you managed to setup a reverse SSH tunnel after all ?

 

With thanks,

OP

Link to comment
On 8/7/2021 at 7:13 PM, absolute_badger said:

I am trying to use this docker to set up a reverse SSH tunnel so I can access remote hosts that are behind NAT. But no matter what I always get this error and the tunnel is not created:

 

pi@piaware:~ $ ssh -i ~/.ssh/my_key -R 10022:localhost:2222 [email protected] -p 2222
Warning: remote port forwarding failed for listen port 10022
Welcome to OpenSSH Server

758869fae143:~$

 

I tested creating a reverse SSH tunnel to a normal Ubuntu host and it worked fine. Where I am I going wrong with the docker?

 

Folks at linuxserver.io actually made a mod to enable reverse ssh tunneling: https://github.com/linuxserver/docker-mods/tree/openssh-server-ssh-tunnel

 

To use it, you should add the following variable:

DOCKER_MODS=linuxserver/mods:openssh-server-ssh-tunnel

as well as an extra port (the 10022 forwarding port in your case) to your docker container configuration.

 

With regards,

OP

 

 

Link to comment
  • 8 months later...

Good Day,

perhaps you have an idea what my problem could be.
I successfully connected to the the openssh server, but i have no file access. Nowhere in the docker container, even not in folder I specifically shared with read/write permissions.
Do you have a clue what the issue might be?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.