Contact supportSign in

Adding SSH support to an image

Adding SSH support to an image that doesn't support it is possible.

Ensure Docker is correctly installed in your environment. If the base image requiring SSH support is in a private registry, authenticate with that registry.

Create a new folder for your Docker project. Inside this folder, create a Dockerfile. We will use this file to extend the base image with SSH support.

Here is an example. You will need to make the necessary modifications to your own image.

# Use your base image
FROM your/base-image

# Install OpenSSH and necessary utilities
RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd

# Default SSH configuration
# Disable password authentication by default; it can be enabled via an environment variable
RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
RUN echo "PasswordAuthentication no" >> /etc/ssh/sshd_config

# Script to set up user, password, or SSH key, and configure password authentication
COPY /usr/local/bin/
RUN chmod +x /usr/local/bin/

# Expose the SSH port

# Command to run the setup script and start the SSH server
CMD ["/usr/local/bin/"]

# Define SSH_USER to 'root' if it is not set

# Check if SSH_USER exists, if not create it
if ! id "$SSH_USER" &>/dev/null; then
    useradd -m $SSH_USER

# Enable or disable password authentication based on SSH_PASSWORD_AUTH environment variable
if [ "$SSH_PASSWORD_AUTH" = "yes" ]; then
    sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config

# If SSH_PASSWORD environment variable is provided, set the password for SSH_USER
if [ -n "$SSH_PASSWORD" ]; then
    echo "$SSH_USER:$SSH_PASSWORD" | chpasswd

# If an SSH_KEY environment variable is provided, add the key to the SSH_USER
if [ -n "$SSH_KEY" ]; then
    mkdir -p /home/$SSH_USER/.ssh
    echo $SSH_KEY > /home/$SSH_USER/.ssh/authorized_keys
    chown -R $SSH_USER:$SSH_USER /home/$SSH_USER/.ssh
    chmod 700 /home/$SSH_USER/.ssh
    chmod 600 /home/$SSH_USER/.ssh/authorized_keys

# Start the SSH service
exec /usr/sbin/sshd -D

# Define your entry point commands

Make sure you add the file in the same location of the Dockerfile.

This script defines the following environment variables that you can use during deployment.

Variable nameValueDescription
SSH_USERstring(Optional) Defines the user who will be logged in. Default value is root.
SSH_PASSWORDstring(Optional if public key is defined) Password to connect to the SSH shell.
SSH_KEYstring(Optional if password is defined) String of your public SSH key.
SSH_PASSWORD_AUTHboolean(Optional) Determines whether the SSH connection accepts a password as an access key.

The script is set to run as CMD, as specified in the Dockerfile. This step is essential since these configurations must be applied post-container startup. However, this action supersedes the original image's CMD. Consequently, to operate the container akin to the base image's default behavior, it's crucial to establish the original image's entry point after the script runs.

With the Dockerfile established, the next step involves creating its image.

Access the folder where the files were saved and run the following command:

docker build -t your-image:tag .

Navigate to the directory where the files are saved. Run the following command:

docker tag your-image:tag

Finally, the newly created image equipped with SSH support can be pushed to the registry:

docker push username/your-image:tag

Now that the new image has been defined, you can create your container and access it via SSH. Ensure you configure TCP port 22, or the port you defined on your Dockerfile.