Giter Club home page Giter Club logo

ContainerSSH - Launch Containers on Demand

An SSH Server that Launches Containers in Kubernetes and Docker

Documentation: available GitHub Workflow Status GitHub release (latest SemVer) Docker Image Size (latest by date) Go Report Card License: Apache 2.0 FOSSA Status

ContainerSSH in One Minute

In a hurry? This one-minute video explains everything you need to know about ContainerSSH.

An image with a YouTube play button on it.

Need help?

Join the #containerssh Slack channel on the CNCF Slack »

Use cases

Build a lab

Building a lab environment can be time-consuming. ContainerSSH solves this by providing dynamic SSH access with APIs, automatic cleanup on logout using ephemeral containers, and persistent volumes for storing data. Perfect for vendor and student labs.

Read more »

Debug a production system

Provide production access to your developers, give them their usual tools while logging all changes. Authorize their access and create short-lived credentials for the database using simple webhooks. Clean up the environment on disconnect.

Read more »

Run a honeypot

Study SSH attack patterns up close. Drop attackers safely into network-isolated containers or even virtual machines, and capture their every move using the audit logging ContainerSSH provides. The built-in S3 upload ensures you don't lose your data.

Read more »

How does it work?

  1. The user opens an SSH connection to ContainerSSH.
  2. ContainerSSH calls the authentication server with the users username and password/pubkey to check if its valid.
  3. ContainerSSH calls the config server to obtain backend location and configuration (if configured)
  4. ContainerSSH calls the container backend to launch the container with the specified configuration. All input from the user is sent directly to the backend, output from the container is sent to the user.

▶️ Watch as video » | 🚀 Get started »

Demo

🚀 Get started »

Verify provenance

Each of the releases come with a SLSA provenance data file multiple.intoto.jsonl. This file can be used to verify the source and provenance of the produced artifacts with slsa-verifier.

This aims to ensure the users that the artifacts are coming from containerssh.

An example of verification :

slsa-verifier verify-artifact <artifact-to-verify> \
--provenance-path <path-to-your-provenance> \
--source-uri github.com/containerssh/containerssh

If the verification is successful, the process should produce the following output :

Verifying artifact <artifact-to-verify>: PASSED
PASSED: Verified SLSA provenance

Contributing

If you would like to contribute, please check out our Code of Conduct as well as our contribution documentation.

ContainerSSH's Projects

.github icon .github

ContainerSSH organization-wide repository

agent icon agent

The guest agent for ContainerSSH

auth icon auth

ContainerSSH authentication library

authconfig icon authconfig

The Authentication and Configuration Server for ContainerSSH

backend icon backend

Container backend abstraction library for ContainerSSH

crypto icon crypto

[mirror] Go supplementary cryptography libraries

docker icon docker

The Docker backend for ContainerSSH

geoip icon geoip

The GeoIP lookup library for ContainerSSH

gokrb5 icon gokrb5

Pure Go Kerberos library for clients and services

guest-image icon guest-image

The source code of the default ContainerSSH guest image

health icon health

Healthz server for ContainerSSH

http icon http

Common HTTP library for ContainerSSH

images icon images

The ContainerSSH container images

kuberun icon kuberun

The legacy Kubernetes backend for ContainerSSH

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.