Skip to content

Instantly share code, notes, and snippets.

@MartinSGill

MartinSGill/dockerfile

Created January 13, 2018 20:17
Show Gist options
  • Save MartinSGill/0d29fbddfae9f742abfd04ce83dd7f67 to your computer and use it in GitHub Desktop.
Save MartinSGill/0d29fbddfae9f742abfd04ce83dd7f67 to your computer and use it in GitHub Desktop.
Download ZIP
Example Dockerfile for SSH Server on Windows Server Core
Raw
dockerfile
FROM microsoft/windowsservercore:1709
# Install Powershell
ADD https://github.com/PowerShell/PowerShell/releases/download/v6.0.0/PowerShell-6.0.0-win-x64.zip c:/powershell.zip
RUN powershell.exe -Command Expand-Archive c:/powershell.zip c:/PS6 ; Remove-Item c:/powershell.zip
RUN C:/PS6/pwsh.EXE -Command C:/PS6/Install-PowerShellRemoting.ps1
# Install SSH
ADD https://github.com/PowerShell/Win32-OpenSSH/releases/download/0.0.24.0/OpenSSH-Win64.zip c:/openssh.zip
RUN c:/PS6/pwsh.exe -Command Expand-Archive c:/openssh.zip c:/ ; Remove-Item c:/openssh.zip
RUN c:/PS6/pwsh.exe -Command c:/OpenSSH-Win64/Install-SSHd.ps1
# Configure SSH
COPY sshd_config c:/OpenSSH-Win64/sshd_config
COPY sshd_banner c:/OpenSSH-Win64/sshd_banner
WORKDIR c:/OpenSSH-Win64/
# Don't use powershell as -f paramtere causes problems.
RUN c:/OpenSSH-Win64/ssh-keygen.exe -t dsa -N "" -f ssh_host_dsa_key && \
c:/OpenSSH-Win64/ssh-keygen.exe -t rsa -N "" -f ssh_host_rsa_key && \
c:/OpenSSH-Win64/ssh-keygen.exe -t ecdsa -N "" -f ssh_host_ecdsa_key && \
c:/OpenSSH-Win64/ssh-keygen.exe -t ed25519 -N "" -f ssh_host_ed25519_key
# Create a user to login, as containeradministrator password is unknown
RUN net USER ssh "Passw0rd" /ADD && net localgroup "Administrators" "ssh" /ADD
# Set PS6 as default shell
RUN C:/PS6/pwsh.EXE -Command \
New-Item -Path HKLM:\SOFTWARE -Name OpenSSH -Force; \
New-ItemProperty -Path HKLM:\SOFTWARE\OpenSSH -Name DefaultShell -Value c:\ps6\pwsh.exe -PropertyType string -Force ;
RUN C:/PS6/pwsh.EXE -Command \
./Install-sshd.ps1; \
./FixHostFilePermissions.ps1 -Confirm:$false;
EXPOSE 22
# For some reason SSH stops after build. So start it again when container runs.
CMD [ "c:/ps6/pwsh.exe", "-NoExit", "-Command", "Start-Service" ,"sshd" ]
Raw
sshd_banner
=============================================================================================
##### ##### # # # # ###
# # # # # # ##### #### # # # # # # ##### #### # # #### ###
# # # # # # # # # # # ## # # # # # # # # ###
##### ##### ####### # # # # # # # # # # # # # # # # #### #
# # # # # # # # # # # # # # # # # # # ## # #
# # # # # # # # # # # # # # ## # # # # ## ## # # ###
##### ##### # # # #### ## ## # # # ##### #### # # #### ###
=============================================================================================
* login as ssh / Passw0rd
Raw
sshd_config
Port 22
Protocol 2
LogLevel DEBUG
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords yes
Banner sshd_banner
Subsystem sftp sftp-server.exe
hostkeyagent \\.\pipe\openssh-ssh-agent
@JamesParrott
Copy link

JamesParrott commented Feb 1, 2024
edited
Loading

Great work Martin et al, thanks ever so much. This is really helpful. Love the banner!

For applications that only require Powershell 5.1, I've been able to produce a much simpler Dockerfile, based on these commands:
https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=powershell
I've got it to run based on a servercore:ltsc2022 image, and carried out a basic test of it within a Github Actions windows-2022 runner (sshing from a different process in the job using Python & Fabric). FYI there are official Powershell images now to use, if you do want a later Powershell version. You just need to figure out the path to powershell.exe if you want it as the log in shell - the docker files are on Github.

# escape=`

FROM mcr.microsoft.com/windows/servercore:ltsc2022
# hadolint shell=powershell

USER ContainerAdministrator

SHELL ["cmd.exe", "/C"]

RUN net USER ssh "Passw0rd" /ADD && net localgroup "Administrators" "ssh" /ADD

SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]

RUN New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force

RUN Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0; `
    Start-Service sshd; `
    Set-Service -Name sshd -StartupType 'Automatic'

EXPOSE 22

# Ping self to keep container alive
CMD ["cmd.exe", "/c", "ping", "-t", "localhost", ">", "NUL"]

The same Dockerfile with more comments, a Github Action workflow, a Python test script, and test results are in this repo:
https://github.com/JamesParrott/Windows__ssh_server_with_powershell/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment