access host’s ssh tunnel from docker container

by

Using your hosts network as network for your containers via --net=host or in docker-compose via network_mode: host is one option but this has the unwanted side effect that (a) you now expose the container ports in your host system and (b) that you cannot connect to those containers anymore that are not mapped to your host network.

In your case, a quick and cleaner solution would be to make your ssh tunnel “available” to your docker containers (e.g. by binding ssh to the docker0 bridge) instead of exposing your docker containers in your host environment (as suggested in the accepted answer).

Setting up the tunnel:

For this to work, retrieve the ip your docker0 bridge is using via:

ifconfig

you will see something like this:

docker0   Link encap:Ethernet  HWaddr 03:41:4a:26:b7:31  
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0

Now you need to tell ssh to bind to this ip to listen for traffic directed towards port 9000 via

ssh -L 172.17.0.1:9000:host-ip:9999

Without setting the bind_address, :9000 would only be available to your host’s loopback interface and not per se to your docker containers.

Side note: You could also bind your tunnel to 0.0.0.0, which will make ssh listen to all interfaces.

Setting up your application:

In your containerized application use the same docker0 ip to connect to the server: 172.17.0.1:9000. Now traffic being routed through your docker0 bridge will also reach your ssh tunnel 🙂

For example, if you have a “DOT.NET Core” application that needs to connect to a remote db located at :9000, your “ConnectionString” would contain "server=172.17.0.1,9000;.

Forwarding multiple connections:

When dealing with multiple outgoing connections (e.g. a docker container needs to connect to multiple remote DB’s via tunnel), several valid techniques exist but an easy and straightforward way is to simply create multiple tunnels listening to traffic arriving at different docker0 bridge ports.

Within your ssh tunnel command (ssh -L [bind_address:]port:host:hostport] [user@]hostname), the port part of the bind_address does not have to match the hostport of the host and, therefore, can be freely chosen by you. So within your docker containers just channel the traffic to different ports of your docker0 bridge and then create several ssh tunnel commands (one for each port you are listening to) that intercept data at these ports and then forward it to the different hosts and hostports of your choice.

More Related Contents:

  1. Pass commands as input to another command (su, ssh, sh, etc)
  2. While loop stops reading after the first line in Bash
  3. What is the cleanest way to ssh and run multiple commands in Bash?
  4. How to mount a host directory in a Docker container
  5. ssh breaks out of while-loop in bash [duplicate]
  6. Getting ssh to execute a command in the background on target machine
  7. How to run the sftp command with a password from Bash script?
  8. Clone private git repo with dockerfile
  9. How to create User/Database in script for Docker Postgres
  10. Using the RUN instruction in a Dockerfile with ‘source’ does not work
  11. Openssh Private Key to RSA Private Key
  12. How to enter ssh password using bash? [duplicate]
  13. Minimal web server using netcat
  14. How to create a bash script to check the SSH connection?
  15. How to pass arguments to Shell Script through docker run
  16. Check if image:tag combination already exists on docker hub
  17. Running a Bash script over ssh
  18. Loop only iterates once with `ssh` in the body [duplicate]
  19. Docker: How to use bash with an Alpine based docker image?
  20. How to escape the single quote character in an ssh / remote bash command?
  21. Passing a variable to a remote host in a bash script with ssh and EOF [duplicate]
  22. How to wait for an open port with netcat?
  23. while loop to read file ends prematurely
  24. Permission denied to Docker daemon socket at unix:///var/run/docker.sock
  25. Using a variable’s value as password for scp, ssh etc. instead of prompting for user input every time
  26. Missing Carriage Return in Docker for Mac Containers
  27. docker entrypoint running bash script gets “permission denied”
  28. Get Environment Variable from Docker Container
  29. How to set uid and gid in Docker Compose?
  30. How do I kill a backgrounded/detached ssh session?

Leave a Comment