Skip to main content

SSH Gateway Docker Compose Installation

Introduction

Soffid allows you to deploy a new docker container with the ssh gateway. The configuration is similar to the sync server configuration, the main difference is the ssh container is listening in ssh.

Prerequisites

The SSH Service is only released as a docker service.

1. Install docker (https://docs.docker.com/install/)

2. Install docker compose (https://docs.docker.com/compose/install/)

3. Install Soffid PAM (store container and launcher container) 

You can visit the PAM Jump Server Installation page for more information about how to install PAM

Installation

The steps required to install SSH container are:

1. Create a user

We need to create a user in the pam store container. To do this, we need to connect to the store container.

sudo docker exec -it soffid-pam-store /bin/bash

Once, we are connected to the container, we need to run a script to create the user. This script has two parameters, the user name, and the role. We have to type launcher in the role parameter

root@soffid-pam-store:/# /opt/soffid/tomee/bin/add-user.sh proxyssh-user launcher
Password: c4ZRcmgemq3nMr1VQJCD1pJRhPbdX5hrmmrP6RX7zBE4HSs3RV3+cGwDdL1WaaqZ
root@soffid-pam-store:/#

As a result of the script, we receive the password for the created user. This password will be needed later when we create the container.

2. Execute the YAML

version: '3.8'

services:
  ssh-gateway:
    image: soffid/pam-ssh:1.4.47
    environment:
      SOFFID_SERVER: https://sync-server.netcompose:syncserver01.soffid.com:1760
      SOFFID_USER: soffidUser
      SOFFID_PASS: SoffidPassword
      SOFFID_HOSTNAME: ssh-gateway
      STORE_SERVER: https://soffid-pam-store:8443
      STORE_PASSWORD: c4ZRcmgemq3nMr1VQJCD1pJRhPbdX5hrmmrP6RX7zBE4HSs3RV3+cGwDdL1WaaqZ
      STORE_USER: proxyssh-user
    ports: 
      - "2222:22"
    networks:
      - network
    volumes:
      - ssh-gateway-data:/opt/soffid/iam-sync/conf
     
networks:
  network:
    name: netcompose
    driver: bridge

volumes:
  ssh-gateway-data:
    name: compose-ssh-gateway-data

Execute:

sudo docker compose up -d

Environment Variables

To create the new SSH container you need to set the following environment variables:

Variable Description Example

SOFFID_SERVER

Sync Server URL

https://syncserver01.soffid.com:1760

SOFFID_USER

Soffid user to join the security domain

admin

SOFFID_PASSWORD

Soffid user password

*********

SOFFID_HOSTNAME

The hostname used to access the ssh gateway

ssh-gateway

STORE_SERVER

Store URL

http://soffid-pam-store:8080

STORE_PASSWORD

Password received when you created the user in the store container.

************

STORE_USER

Store user

proxyssh