A jail for your ssh users
- Pull the jail docker image :
docker pull saddokm/docker-jail:0.1 - Add sshjailed group
addgroup sshjailed - Prepare your sshd_config
Match Group sshjailed X11Forwarding no AllowTcpForwarding no ForceCommand docker run --rm -ti -v /etc/group:/etc/group:ro -v /etc/passwd:/etc/passwd:ro -v $HOME:$HOME --workdir $HOME --hostname $HOSTNAME -u $( id -u $USER ):$( id -g $USER ) saddokm/docker-jail:0.1 bash - Restart openssh :
service ssh restart - Add an user which is in docker and sshjailed group :
adduser prisoner usermod -aG sshjailed docker - Test it :
ssh prisoner@host
Voilà !