ContainerSSH: Launch containers on demand
Offering SSH in a web hosting service?
ContainerSSH lets you dynamically create and destroy containers when your users connect. Authenticate against your existing user database and mount directories based on your existing permission matrix.
Looking for a Linux learning environment?
With ContainerSSH you can launch Linux-based containers on demand when your students connect. You can supply your own container image and mount folders with learning and testing material as needed.
Building a honeypot?
With the dynamic authentication server of ContainerSSH you can capture usernames and passwords, and you container environment can log commands that are executed.
Building a high security environment?
ContainerSSH is being used to provide dynamic console access to an environment with sensitive credentials. Use the authentication and configuration server to dynamically provision credentials in conjunction with secret management systems such as Hashicorp Vault.
How does it work?¶
+------+ +--------------+ 2. +-------------------+
| | | | -----> | Auth server |
| | | | +-------------------+
| | | |
| | 1. | | 3. +-------------------+
| User | -----> | ContainerSSH | -----> | Config server |
| | | | +-------------------+
| | | |
| | | | 4. +-------------------+
| | | | -----> | Container Backend |
+------+ +--------------+ +-------------------+
- The user opens an SSH connection to ContainerSSH.
- ContainerSSH calls the authentication server with the users username and password/pubkey to check if it is valid.
- ContainerSSH calls the config server to obtain backend location and configuration (if configured).
- ContainerSSH calls the container backend to launch the container with the specified configuration. All input from the user is sent directly to the backend, output from the container is sent to the user.