linuxserver.io Posted September 26, 2020 Share Posted September 26, 2020 Application Name: Openssh-server Application Site: https://www.openssh.com/ Docker Hub: https://hub.docker.com/r/linuxserver/openssh-server/ Github: https://github.com/linuxserver/docker-openssh-server Please post any questions/issues relating to this docker you have in this thread. If you are not using Unraid (and you should be!) then please do not post here, rather use the linuxserver.io forum for support. Quote Link to comment
jj_uk Posted May 4, 2021 Share Posted May 4, 2021 How can this be configured to listen on multiple ports? It seems to ignore /etc/ssh/sshd_config Quote Link to comment
saarg Posted May 5, 2021 Share Posted May 5, 2021 20 hours ago, jj_uk said: How can this be configured to listen on multiple ports? It seems to ignore /etc/ssh/sshd_config It can't. Setup multiple containers if you want more servers. Quote Link to comment
jj_uk Posted May 5, 2021 Share Posted May 5, 2021 Thanks for the reply. It's not possible at the moment, but if this https://github.com/linuxserver/docker-openssh-server/pull/42#issuecomment-832987767 gets merged, it will be possible to open multiple ports easily by forwarding any required ports in the template, and adding them to a 'OPENSSH_PORT_STRING' variable. Quote Link to comment
saarg Posted May 6, 2021 Share Posted May 6, 2021 (edited) 9 hours ago, jj_uk said: Thanks for the reply. It's not possible at the moment, but if this https://github.com/linuxserver/docker-openssh-server/pull/42#issuecomment-832987767 gets merged, it will be possible to open multiple ports easily by forwarding any required ports in the template, and adding them to a 'OPENSSH_PORT_STRING' variable. Why do you need multiple ports? The container can't handle multiple users, so I don't see the value. If you read aptalcas comment, you can see that you can do this with the customizing option we have in our containers. Edited May 6, 2021 by saarg Quote Link to comment
jj_uk Posted May 8, 2021 Share Posted May 8, 2021 What i'm trying to achieve is to set the ssh-server up so that it can be used as a tunnel to several raspberry pi's that are behind routers on different networks. From each device, create and copy key to openssh-server: User 1 ssh-keygen -t rsa -b 2048 -E sha512 ssh-copy-id user1@<duckdns to unraid> -p 2222 Add to startup: sudo autossh -M 0 -q -T -N -i /home/user1/.ssh/id_rsa -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R 12345:localhost:22 user1@<duckdns to unraid> -p 2222 User 2 ssh-keygen -t rsa -b 2048 -E sha512 ssh-copy-id user2@duckdns to unraid> -p 2222 Add to startup: sudo autossh -M 0 -q -T -N -i /home/user2/.ssh/id_rsa -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R 12345:localhost:22 user2@<duckdns to unraid> -p 2222 But as the container only has one user/password, so can't copy the key for the 2nd user. Is there a config file in openssh-server that can be used to set up multiple users on the server? Quote Link to comment
saarg Posted May 8, 2021 Share Posted May 8, 2021 1 hour ago, jj_uk said: What i'm trying to achieve is to set the ssh-server up so that it can be used as a tunnel to several raspberry pi's that are behind routers on different networks. From each device, create and copy key to openssh-server: User 1 ssh-keygen -t rsa -b 2048 -E sha512 ssh-copy-id user1@<duckdns to unraid> -p 2222 Add to startup: sudo autossh -M 0 -q -T -N -i /home/user1/.ssh/id_rsa -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R 12345:localhost:22 user1@<duckdns to unraid> -p 2222 User 2 ssh-keygen -t rsa -b 2048 -E sha512 ssh-copy-id user2@duckdns to unraid> -p 2222 Add to startup: sudo autossh -M 0 -q -T -N -i /home/user2/.ssh/id_rsa -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R 12345:localhost:22 user2@<duckdns to unraid> -p 2222 But as the container only has one user/password, so can't copy the key for the 2nd user. Is there a config file in openssh-server that can be used to set up multiple users on the server? Our containers are not multi user. Why not set up multiple containers? Quote Link to comment
jj_uk Posted May 8, 2021 Share Posted May 8, 2021 At the moment, there are 3 remote devices, but if successful, I can see that growing to probably 20 devices. So, my options are linux VM or a basic linux container that I can add users to. Quote Link to comment
JonathanM Posted May 8, 2021 Share Posted May 8, 2021 12 minutes ago, jj_uk said: At the moment, there are 3 remote devices, but if successful, I can see that growing to probably 20 devices. So, my options are linux VM or a basic linux container that I can add users to. While visually unappealing in the list, multiple containers are very resource friendly, as the bits are reused across all the containers. Being able to manage them as separate entities but still use virtually the same amount of space as a single container is the upside of using granular containers. Quote Link to comment
jj_uk Posted May 8, 2021 Share Posted May 8, 2021 (edited) 1 hour ago, jonathanm said: While visually unappealing in the list, multiple containers are very resource friendly, as the bits are reused across all the containers. Being able to manage them as separate entities but still use virtually the same amount of space as a single container is the upside of using granular containers. Ok i'll try this. It would be good if dockers could be placed into minimizable groups to avoid the visually unappealing aspect. Edited May 8, 2021 by jj_uk Quote Link to comment
JonathanM Posted May 9, 2021 Share Posted May 9, 2021 6 hours ago, jj_uk said: It would be good if dockers could be placed into minimizable groups to avoid the visually unappealing aspect. Quote Link to comment
absolute_badger Posted August 7, 2021 Share Posted August 7, 2021 I am trying to use this docker to set up a reverse SSH tunnel so I can access remote hosts that are behind NAT. But no matter what I always get this error and the tunnel is not created: pi@piaware:~ $ ssh -i ~/.ssh/my_key -R 10022:localhost:2222 [email protected] -p 2222 Warning: remote port forwarding failed for listen port 10022 Welcome to OpenSSH Server 758869fae143:~$ I tested creating a reverse SSH tunnel to a normal Ubuntu host and it worked fine. Where I am I going wrong with the docker? Quote Link to comment
texanman Posted August 28, 2021 Share Posted August 28, 2021 (edited) Looks like using a ssh key pair is not working? Added my public key file using the specific variable and double checked its addition via /config/.ssh/authorized_keys by connecting to the console which looks to have been added. However using both putty from Windows or my ssh app on my ipad gives me an the error that no authentication method error. I took the same public key and added it to a raspberry pi I used for various testing of things. Once it was added I then tried the same two apps to connect and both immediately worked. Is there a setting that needs to be changed in the /config folder to allow authentication via key files? Tried even using ssh from within the container to login using the same username and I get the same error when specifying the key. Edited August 28, 2021 by texanman Quote Link to comment
Per-Arne Posted November 10, 2021 Share Posted November 10, 2021 Hi, I have been using this docker on unRAID for a while now. I intended to install a second instance of the docker but when searching for it in the APP section I can't find it. It seems as if this docker has been removed from the unRAID repository? Is it removed or have I made some error? And if it's removed then why? Regards Quote Link to comment
Per-Arne Posted November 10, 2021 Share Posted November 10, 2021 On 8/28/2021 at 10:08 PM, texanman said: Looks like using a ssh key pair is not working? Added my public key file using the specific variable and double checked its addition via /config/.ssh/authorized_keys by connecting to the console which looks to have been added. However using both putty from Windows or my ssh app on my ipad gives me an the error that no authentication method error. I took the same public key and added it to a raspberry pi I used for various testing of things. Once it was added I then tried the same two apps to connect and both immediately worked. Is there a setting that needs to be changed in the /config folder to allow authentication via key files? Tried even using ssh from within the container to login using the same username and I get the same error when specifying the key. Hi. I have managed to get certificate based authentication working. The client that is supposed to connect shall use the private key not the public key. Quote Link to comment
Per-Arne Posted November 10, 2021 Share Posted November 10, 2021 On 8/28/2021 at 10:08 PM, texanman said: Looks like using a ssh key pair is not working? Added my public key file using the specific variable and double checked its addition via /config/.ssh/authorized_keys by connecting to the console which looks to have been added. However using both putty from Windows or my ssh app on my ipad gives me an the error that no authentication method error. I took the same public key and added it to a raspberry pi I used for various testing of things. Once it was added I then tried the same two apps to connect and both immediately worked. Is there a setting that needs to be changed in the /config folder to allow authentication via key files? Tried even using ssh from within the container to login using the same username and I get the same error when specifying the key. If you changed the parameter "Password Access" to false it means that password authentication is then disabled. If you then try to connect with a client that doesn't use a certificate to authenticate then you will get the "no authentication method" error. If using putty to connect you need to setup putty to use the private key when connecting and also if you used a password to protect the certificates with (entered during creation) you need to enter the same password to putty, if not then putty will not be able to use the certificate. Good luck. Quote Link to comment
yankeeLeon Posted January 28, 2022 Share Posted January 28, 2022 How does this openssh container avoid the "chroot" before ssh authentication? I tried to create a container from a ubuntu 18.04 base image and install openssh-server inside the container so that I can ssh into the container. However, my seccomp rule does not allow syscal "chroot" and I get this error log "fatal: chroot("/run/sshd"): Operation not permitted [preauth]" from /var/log/auth.log. This error indicates that ssh-server tries to run "chroot" before authentication (ssh client log shows "connection reset" before authentication) but failed because of permission issue. I also tried openssh container image without providing "chroot" in seccomp but I have no issue. I access into the openssh container as root and tried to manually run "chroot" and I have no permission to do that. This tells me that ssh-server inside openssh container does not run "chroot" when establishing the connection. 1. Why does openssh-server try to chroot to /run/sshd inside ubuntu container? This "chroot" before authentication is different from the "chroot" that could be ran after authentication and can be configed inside /etc/ssh/sshd_config file. 2. What is the change that ssh-server, inside openssh container, have made to avoid using "chroot"? Thanks Quote Link to comment
Darkguy Posted June 11, 2022 Share Posted June 11, 2022 I can't seem to find this container within the Apps section in Unraid. It's still available from DockerHub. Has the template for Unraid been removed for some reason? 1 Quote Link to comment
djismgaming Posted July 23, 2022 Share Posted July 23, 2022 (edited) On 6/11/2022 at 1:55 PM, Darkguy said: I can't seem to find this container within the Apps section in Unraid. It's still available from DockerHub. Has the template for Unraid been removed for some reason? Same question here. I just uploaded a version of it using the repository version as base: https://github.com/linuxserver/docker-templates/blob/master/linuxserver.io/openssh-server.xml It's working perfectly so far and available in the Community Applications tab. Edited July 23, 2022 by djismgaming Quote Link to comment
djismgaming Posted July 24, 2022 Share Posted July 24, 2022 (edited) Is there a way to use the docker mod linuxserver/mods:universal-cloudflared with this container to have SSH access via CGNAT? I tried with my version and get repeating error: s6-envuidgid: fatal: unknown user: abc I've seen this user "abc" in other linuxserver docker containers. Edited July 24, 2022 by djismgaming Quote Link to comment
Opawesome Posted November 2, 2022 Share Posted November 2, 2022 On 8/7/2021 at 7:13 PM, absolute_badger said: I am trying to use this docker to set up a reverse SSH tunnel so I can access remote hosts that are behind NAT. But no matter what I always get this error and the tunnel is not created: pi@piaware:~ $ ssh -i ~/.ssh/my_key -R 10022:localhost:2222 [email protected] -p 2222 Warning: remote port forwarding failed for listen port 10022 Welcome to OpenSSH Server 758869fae143:~$ I tested creating a reverse SSH tunnel to a normal Ubuntu host and it worked fine. Where I am I going wrong with the docker? Hi all, I have exactly the same problem, trying to achieve exactly the same thing. Is there any solution? @absolute_badger, have you managed to setup a reverse SSH tunnel after all ? With thanks, OP Quote Link to comment
Opawesome Posted November 3, 2022 Share Posted November 3, 2022 On 8/7/2021 at 7:13 PM, absolute_badger said: I am trying to use this docker to set up a reverse SSH tunnel so I can access remote hosts that are behind NAT. But no matter what I always get this error and the tunnel is not created: pi@piaware:~ $ ssh -i ~/.ssh/my_key -R 10022:localhost:2222 [email protected] -p 2222 Warning: remote port forwarding failed for listen port 10022 Welcome to OpenSSH Server 758869fae143:~$ I tested creating a reverse SSH tunnel to a normal Ubuntu host and it worked fine. Where I am I going wrong with the docker? Folks at linuxserver.io actually made a mod to enable reverse ssh tunneling: https://github.com/linuxserver/docker-mods/tree/openssh-server-ssh-tunnel To use it, you should add the following variable: DOCKER_MODS=linuxserver/mods:openssh-server-ssh-tunnel as well as an extra port (the 10022 forwarding port in your case) to your docker container configuration. With regards, OP Quote Link to comment
enk Posted July 10, 2023 Share Posted July 10, 2023 Good Day, perhaps you have an idea what my problem could be. I successfully connected to the the openssh server, but i have no file access. Nowhere in the docker container, even not in folder I specifically shared with read/write permissions. Do you have a clue what the issue might be? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.