Skip to content

thomas-le-goff/transient-ssh-container

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Containerized SSH Server (WIP)

A minimal SSH server built with Twisted Conch that creates a dedicated Docker container for each new SSH connection.

Each user session runs inside its own isolated container. When the session ends, the container is stopped and replaced.

This project is experimental and still evolving.

⚠️ Not suitable for production env at all.

Yet 🙃

Goal

Provide SSH access where:

  • Each connection gets its own container
  • Sessions are isolated from each other
  • Containers are ephemeral
  • The host system remains protected

How It Works

  1. The server listens for SSH connections.

  2. The user authenticates via public key.

  3. A container is claimed from a pool.

  4. The SSH session is attached to /bin/bash inside the container.

  5. When the user disconnects:

    • The container is stopped and removed
    • A new container is created to maintain the pool size

Architecture (Simplified)

SSH Client
    ↓
Twisted Conch SSH Server
    ↓
Container Pool
    ↓
docker exec → /bin/bash

Main Components

  • DockerContainerFactory Creates containers (default image: debian:12).

  • DockerContainerPool Maintains a fixed number of ready containers.

  • DockerizedAvatar Binds the SSH session to a shell running inside a container.

  • Realm Assigns one container per authenticated user.

Requirements

  • Python 3.10+
  • Docker (or compatible runtime)
  • Twisted
  • docker Python SDK

Install dependencies:

pip install twisted docker zope.interface

Running

python server.py

Server listens on:

localhost:8007

Connect with:

ssh -p 8007 user@localhost

Authentication uses system authorized_keys.

Current Limitations

  • Basic container pool logic
  • No advanced security hardening yet
  • Limited error handling
  • No production guarantees

Troubleshooting

AppArmor

Using ACL (on AppArmor)

sudo setfacl -m u:$USER:r-- /etc/ssh/ssh_host_*_key

Restore (to be able to run OpenSsh server for example)

sudo setfacl -b /etc/ssh/ssh_host_*_key

About

A minimal SSH server built with Twisted Conch that creates a dedicated Docker container for each new SSH connection.

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages