Initial commit

.env.sample

+SSH_PUB_KEY=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDM3G38J2JW4dkr+Uk1oI0W+rW0BLJaJcTLjB+5pzXU0axx9sQRoHC5SMzFuCW8Jg/GkOjSde7egNxTl0kJdeeTvEojZhTBg62h5i81CnI/kUOOwp7UrZ+rOll0GKe5ckLB/2iiYJvVK41MTPgvrB9ZeCRCHsp3j8B5XrpzgMYFsz9HryjClrzQs5N8xz0gZ0dWW8ozVFzJU1aDHUARFMpoiKMKfJ4XBsM5iuFgYKnuzS3kTevcVXlD5fllrLZViRLm+W8yjnV8nVqCchSVZfM85QKShIrPLALh7p5UWlyukYQ5bvJ51if1+Bcbc3VcGVxTD6lUDSlkAZosPOZEozSV3xqZAwjb5NGqJhcwQBxicg1a12P2ocgQY+okxmd93waw8+ZSw/U4dMdSwI1Kl3J/a+Inq/OZ8AptoYc98X5/fpXeq5NyMg03AD783IgIG4N8HGkM+f02a/6SSJ3eiVZ7XZgvQRuJTEOipwaJhNtxaE7Hv96GC5ZVrxW/G8/tB5c= david@chocard
+HOSTS=`somehost.fqdn`,`otherhost.fqdn`
+SSHPORT=2222
+HTTPSPORT=4443
+NAME=ReverseSSHProxy

.gitignore

+.env
+.*.sw?

docker-compose.yml

+version: "3"
+
+services:
+  sshproxy:
+    build:
+      context: docker
+    environment:
+      SSH_PUB_KEY:
+    ports:
+      - ${SSHPORT}:22
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.routers.${NAME}.rule=Host(${HOSTS})"
+      - "traefik.http.routers.${NAME}.tls.certresolver=myresolver"
+      - "traefik.http.routers.${NAME}.entrypoints=web,websecure"
+      - "traefik.http.routers.${NAME}.middlewares=hardening@docker"
+      - "traefik.http.services.${NAME}.loadbalancer.server.port=${HTTPSPORT}"
+

docker/Dockerfile

+FROM debian:latest
+
+RUN apt-get update && apt-get upgrade -y && apt-get install -y openssh-server
+
+COPY proxy /etc/ssh/ssh_config.d/proxy.conf
+
+COPY entrypoint /entrypoint
+
+RUN useradd sshuser && \
+    mkdir -p /home/sshuser/.ssh && \
+    chown -R sshuser:sshuser /home/sshuser
+
+ENTRYPOINT ["/entrypoint"]

docker/entrypoint

+#!/bin/bash
+echo $SSH_PUB_KEY > /home/sshuser/.ssh/authorized_keys && \
+chmod 644 /home/sshuser/.ssh/authorized_keys
+/usr/sbin/service ssh start
+while true; do
+    sleep 30;
+done

docker/proxy

+PasswordAuthentication no
+AllowTcpForwarding yes
+GatewayPorts yes