A login shell to forward a user's ssh session into a docker container
Go to file
Mai Lapyst 59ffbfc936 Not a test anymore :3 2023-10-16 05:21:56 +02:00
src Initial commit 2023-10-16 04:57:07 +02:00
.gitignore Initial commit 2023-10-16 04:57:07 +02:00
Dockerfile.alpine Initial commit 2023-10-16 04:57:07 +02:00
LICENSE Initial commit 2023-10-16 04:57:07 +02:00
build.sh Initial commit 2023-10-16 04:57:07 +02:00
readme.md Not a test anymore :3 2023-10-16 05:21:56 +02:00



A login shell to forward a user's ssh session into a docker container


This project is licensed under AGPL-3.0-or-later. See the LICENSE file for more informations.


Run ./build.sh.


Currently, only one docker image can be used; you'll need to create it beforehand:

  1. Upload Dockerfile.alpine and build/containersh_stage2 to the same directory on your server
  2. Run docker build -f Dockerfile.alpine -t containersh:alpine-3.18.4 .
  3. Enjoy your container image!

To use containersh itself:

  1. Install / upload build/containersh to your server; preferabliy to a location such as /usr/local/bin.
  2. Set the root user as owner: chown root:root /usr/local/bin/containersh
  3. Set the suid bit: chmod +s /usr/local/bin/containersh; this is required in order for the binary to run docker commands
  4. Use the binary as login chell for any user you want: chsh -s /usr/local/bin/containersh <user>
  5. Verify it is working by logging in one time
  6. ...
  7. Profit!


  • cleaning up the code from TODO's
    • replacing getgrgid and initgroups with static-linkable equivalents
    • better shell escapeing of inputs for addgroup and adduser
    • do not only rely on SSH_TTY to know if we're in a tty and can use -it in the docker command
  • forward user's home dir & mount it in the container
  • forward ALL of the user's groups into the container
  • make everything configureable
  • allow to use a 'in-between' shell for usecases where we want the connecting user decide what to do
  • allow connecting to containers instead of creating new ones
  • allow specifing the container name; also helps with persistency!
  • allow for persistence containers

and so much more I propably can't think of right now!