Offering web hosting?
ContainerSSH lets you offer full SSH access to your users. Clients are dropped in containers where they can only access their own environment. Authenticate against your existing user database and mount directories based on your existing permission matrix.
Teaching the cloud?
With ContainerSSH students can connect to an on-demand environment that you can customize with your own tools and credentials. On disconnect the environment is cleaned up. This is perfect for Linux or cloud learning environments.
Building a honeypot?
If you want to understand what attackers do once they breach SSH you can use ContainerSSH to drop them into an isolated environment. You can store their entire audit trail on an S3-compatible storage for later analysis. This includes SFTP file uploads!
Building a jump host?
ContainerSSH is being used to provide dynamic console access to an environment with sensitive credentials. Webhooks let you dynamically provision credentials in conjunction with secret management systems such as Hashicorp Vault.
How does it work?¶
- The user opens an SSH connection to ContainerSSH.
- ContainerSSH calls the authentication server with the user's username and password/pubkey to check if it is valid.
- ContainerSSH calls the config server to obtain backend location and configuration (if configured).
- ContainerSSH calls the container backend to launch the container with the specified configuration. All input from the user is sent directly to the backend, output from the container is sent to the user.