sftp
sftp copied to clipboard
atmoz
allowing an option for a limited ssh shell instead of internal-sftp
Allowing an option for a limited ssh shell (scponly for instance) instead of internal-sftp in order to allow to use scp instead of sftp .
The use case is to be able to use rsync over ssh to transfer bunch of data in an efficient manner.
I'd second the idea. Although my use case is a bit different but being able to ssh into the container would be awesome.
I will consider opening up so it's possible to use scp/rsync. I agree that would be useful.
Let me know what configuration is needed.
It is not just so easy to change only sshd_config, two parameters matter:
-
comment ForceCommand internal-sftp : this would let us to connect with scp/ssh. However due to current configuration of users (permissions and id sharing), all users can access to data of all users => review process of creating and managing users.
-
ChrootDirectory %h : the best option would be to keep chrooting users but a chroot environment is needed to run bash shell or scponly or rssh and not so simple on Alpine:
- to get a bash : there is no static version of bash so need to copy/to bind mount some /lib /dev /proc under user home
- there is no version available of scponly or rssh => need to compile scponly in a multi-stage builds?
Is there a willingness to use only Alpine? Or still to build the system on the two operating systems?
Regarding the first point: by current configuration of users, you mean the provided user arguments to the entrypoint script and not the default sshd_config?
Looks like rssh is available on both Debian and Alpine?
- https://packages.debian.org/stretch/rssh
- https://pkgs.alpinelinux.org/package/edge/community/x86_64/rssh
yes, I mean the script that is managing them on the entrypoint.
Good news about rssh on both system. That might help :-)
Any update on this? I have a similar use case requiring both sftp and rsync.
Hi, chiming in with others.
I have a use case where I'd like to use scp instead of sftp + script but maybe it's out of scope. I could mount the same volume from a different container tailored for scp (or rsync).
I have replaced sshd_config and commented out ForceCommand internal-sftp - I can initiate ssh connection but after login I am getting
/bin/sh: No such file or directory
Any way to resolve that?
looks like @gangefors attempted to do do it with https://github.com/gangefors/docker-rssh
not sure if it worked though…
I have replaced
sshd_configand commented outForceCommand internal-sftp- I can initiate ssh connection but after login I am getting/bin/sh: No such file or directoryAny way to resolve that?
Same
I have replaced
sshd_configand commented outForceCommand internal-sftp- I can initiate ssh connection but after login I am getting/bin/sh: No such file or directoryAny way to resolve that?
Same
This is due to the ChrootDirectory %h argument which prevent user to see anything above user's home.
rssh does not seem to exist anymore in debian buster. But it shouldn't be to hard to change the Dockerfile to create a skeleton that contains all binaries and libraries needed to run bash and rsync within the chroot. The skeleton could than be used whenever a user is created. To create the skeleton/a chroot that contains the aforementioned, we could use one of the scripts from https://github.com/McSim85/make_chroot_jail.
@atmoz Would you be open to remove the ForceCommand from sshd as long as the chroot stays intact? Or would you prefer a fork?
I just see there is also a replacement for rssh: https://packages.debian.org/buster/rush
Hello, any update on this issue ? I have a similar use case requiring sftp and scp/rsync.
regards,
I submitted a PR to add SCP support.
Pending review and approval, as a temporary solution only, I have posted both the Debian and Alpine versions to Docker Hub which can be found here. They are also published with multi-platform for ARMv7 and ARM64 support on top of x64 support.
Functionality is the same; it simply permits copying files to it via scp.
