0

I'm trying to establish an SSH tunnel connection from inside a Docker container.

I created a brief shh-tunnel.sh script that allows the connection:

ssh-tunnel.sh

ssh -4 -q -f -T -M -N -L 127.0.0.1:5433:credentials:more_credentials USER@HOST

Then I run it from inside the .Dockerfile, like this:

FROM ubuntu:20.04

RUN apt-get update && apt-get install -y -qq python3 python3-pip openssh-client

ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get install -y postgresql postgresql-contrib

COPY ssh-tunnel.sh .

(other things ...)

RUN chmod u+x ./ssh-tunnel.sh 
CMD ./ssh-tunnel.sh

All looks fine when I run docker build. My question is... how can I keep the connection established when I run docker run?

Laura
  • 1,192
  • 2
  • 18
  • 36
  • Without seeing the ssh-tunnel script it's hard to see what's going on, so please share if you can. You don't say what actually happens when you run the container, but I'm guessing you've tried this and it exits. You could add `top` to the end of your script if you don't mind wasting a few processor cycles. – Software Engineer Jul 05 '21 at 22:06

1 Answers1

0

Remove the -f from your command line. From the ssh man page:

 -f      Requests ssh to go to background just before command execution...

Docker assumes that your container has finished when there is no longer a foreground process. If your command exits or goes into the background, Docker cleans up the container.

Secondly, your argument to -L looks a little funky. The format for a port forward is -L <local_port>:<remote_address>:<remote_port>; 127.0.0.1:5433:credentials:more_credentials should generate an error along the lines of:

Bad local forwarding specification '127.0.0.1:5433:credentials:more_credentials'

You'll want to fix that up as well.

larsks
  • 277,717
  • 41
  • 399
  • 399
  • Thanks, I did it, but still nothing. – Laura Jul 05 '21 at 23:16
  • When you say "still nothing", what exactly is happening? Are you getting an error message? Something else? – larsks Jul 05 '21 at 23:53
  • As with elsewhere in Docker, the port-forward needs to listen on the special 0.0.0.0 "all interfaces" address to be accessible from outside its container; this is not `ssh -L`'s default. You need to specify something like `-L 0.0.0.0:5432:credentials:5432`. It's okay to use a "normal" port number here since each container runs in an isolated network space. – David Maze Jul 06 '21 at 10:48