Skip to content

ContainerSSH/ContainerSSH

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

251 Commits

.github

.github

 
 

cmd

cmd

 
 

examples @ 2d749aa

examples @ 2d749aa

 
 

.clomonitor.yml

.clomonitor.yml

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

.goreleaser.yaml

.goreleaser.yaml

 
 

CODES.md

CODES.md

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

SECURITY.md

SECURITY.md

 
 

config.example.yaml

config.example.yaml

 
 

containerssh.service

containerssh.service

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

golicense.json

golicense.json

 
 

notice_gen.go

notice_gen.go

 
 

swagger_gen.go

swagger_gen.go

 
 

Repository files navigation

ContainerSSH - Launch Containers on Demand

An SSH Server that Launches Containers in Kubernetes and Docker

Documentation: available GitHub Workflow Status GitHub release (latest SemVer) Docker Image Size (latest by date) Go Report Card License: Apache 2.0 FOSSA Status

ContainerSSH in One Minute

In a hurry? This one-minute video explains everything you need to know about ContainerSSH.

An image with a YouTube play button on it.

Need help?

Join the #containerssh Slack channel on the CNCF Slack »

Use cases

Build a lab

Building a lab environment can be time-consuming. ContainerSSH solves this by providing dynamic SSH access with APIs, automatic cleanup on logout using ephemeral containers, and persistent volumes for storing data. Perfect for vendor and student labs.

Read more »

Debug a production system

Provide production access to your developers, give them their usual tools while logging all changes. Authorize their access and create short-lived credentials for the database using simple webhooks. Clean up the environment on disconnect.

Read more »

Run a honeypot

Study SSH attack patterns up close. Drop attackers safely into network-isolated containers or even virtual machines, and capture their every move using the audit logging ContainerSSH provides. The built-in S3 upload ensures you don't lose your data.

Read more »

How does it work?

  1. The user opens an SSH connection to ContainerSSH.
  2. ContainerSSH calls the authentication server with the users username and password/pubkey to check if its valid.
  3. ContainerSSH calls the config server to obtain backend location and configuration (if configured)
  4. ContainerSSH calls the container backend to launch the container with the specified configuration. All input from the user is sent directly to the backend, output from the container is sent to the user.

▶️ Watch as video » | 🚀 Get started »

Demo

🚀 Get started »

Verify provenance

Each of the releases come with a SLSA provenance data file multiple.intoto.jsonl. This file can be used to verify the source and provenance of the produced artifacts with slsa-verifier.

This aims to ensure the users that the artifacts are coming from containerssh.

An example of verification :

slsa-verifier verify-artifact <artifact-to-verify> \
--provenance-path <path-to-your-provenance> \
--source-uri github.com/containerssh/containerssh

If the verification is successful, the process should produce the following output :

Verifying artifact <artifact-to-verify>: PASSED
PASSED: Verified SLSA provenance

Contributing

If you would like to contribute, please check out our Code of Conduct as well as our contribution documentation.

About

ContainerSSH: Launch containers on demand

containerssh.io/

Topics

docker kubernetes ssh security containers security-tools devsecops

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

2.6k stars

Watchers

23 watching

Forks

69 forks
Report repository

Releases 13

v0.5.0 Latest
Jan 7, 2024
+ 12 releases

Contributors 10

Languages