Skip to content

Launch containers
on demand

ContainerSSH launches a new container for each SSH connection in Kubernetes, Podman or Docker. The user is transparently dropped in the container and the container is removed when the user disconnects. Authentication and container configuration are dynamic using webhooks, no system users required.

Oh, and it's free / open source!

Watch video Get started »

Offering web hosting?

ContainerSSH lets you offer full SSH access to your users. Clients are dropped in containers where they can only access their own environment. Authenticate against your existing user database and mount directories based on your existing permission matrix.

Read more »

Teaching the cloud?

With ContainerSSH students can connect to an on-demand environment that you can customize with your own tools and credentials. On disconnect the environment is cleaned up. This is perfect for Linux or cloud learning environments.

Read more »

Building a honeypot?

If you want to understand what attackers do once they breach SSH you can use ContainerSSH to drop them into an isolated environment. You can store their entire audit trail on an S3-compatible storage for later analysis. This includes SFTP file uploads!

Read more »

Building a jump host?

ContainerSSH is being used to provide dynamic console access to an environment with sensitive credentials. Webhooks let you dynamically provision credentials in conjunction with secret management systems such as Hashicorp Vault.

Read more »

How does it work?

  1. The user opens an SSH connection to ContainerSSH.
  2. ContainerSSH calls the authentication server with the user's username and password/pubkey to check if it is valid.
  3. ContainerSSH calls the config server to obtain backend location and configuration (if configured).
  4. ContainerSSH calls the container backend to launch the container with the specified configuration. All input from the user is sent directly to the backend, output from the container is sent to the user.

Watch as Video 🚀 Get started »