# SSH Gateway Docker Installation ## Introduction Soffid allows you to deploy a new docker container with the **ssh gateway**. The configuration is similar to the sync server configuration, the main difference is the ssh container is listening in ssh. ## Prerequisites The SSH Service is only released as a docker service. 1. Install docker ( [https://docs.docker.com/install/](https://docs.docker.com/install/) ) 2. Install Soffid PAM (store container and launcher container)

You can visit the [PAM Jump Server Installation page](https://bookstack.soffid.com/books/pam-install-config/page/pam-jump-server-installation) for more information about how to install PAM

3. Create a Docker network(\*), that network allows you to connect containers to the same bridge network to communicate: ``` sudo docker network create -d bridge NETWORKNAME ``` *\* You can use the same network defined in the Console and Sync Server installation to avoid visibility problems.* ## Installation The steps required to install SSH container are: ### 1. Create a user We need to create a user in the pam store container. To do this, we need to connect to the store container. ```shell sudo docker exec -it soffid-pam-store /bin/bash ``` Once, we are connected to the container, we need to run a script to create the user. This script has two parameters, the user name, and the role. We have to type launcher in the role parameter ```shell root@soffid-pam-store:/# /opt/soffid/tomee/bin/add-user.sh proxysshtest launcher Password: c4ZRcmgemq3nMr1VQJCD1pJRhPbdX5hrmmrP6RX7zBE4HSs3RV3+cGwDdL1WaaqZ root@soffid-pam-store:/# ``` As a result of the script, we receive the password for the created user. This password will be needed later when we create the container. ### 2. Create volume We need to create a volume that will be used by the docker container ```shell sudo docker volume create soffid-ssh ``` ### 3. Create a docker container Finally, we need to execute the command to create the ssh gateway container ```shell docker run \ --name soffid-ssh \ -e SOFFID_SERVER=https://iam-sync.soffidnet:1760 \ -e SOFFID_USER=admin \ -e SOFFID_PASS=changeit \ -e SOFFID_HOSTNAME=ssh-gateway \ -e STORE_SERVER=http://soffid-pam-store:8080 \ -e STORE_PASSWORD=kDH0vh8MFWWn843Vhzmj0Np7uzMEfbqFYM1ELCQqOf++tF0xfd=Ve2eGq81OXvqy \ -e STORE_USER=proxysshtest \ -v soffid-ssh:/opt/soffid/iam-sync/conf \ --publish 2222:22 \ --network=soffidnet \ soffid/pam-ssh:1.4.2 ``` #### Environment Variables To create the new SSH container you need to set the following environment variables:

Variable	Description	Example
SOFFID\_SERVER	Sync Server URL	https://syncserver01.soffid.com:1760
SOFFID\_USER	Soffid user to join the security domain	admin
SOFFID\_PASSWORD	Soffid user password	changeit
SOFFID\_HOSTNAME	The hostname used to access the ssh gateway	ssh-gateway
STORE\_SERVER	Store URL	http://soffid-pam-store:8080
STORE\_PASSWORD	Password received when you created the user in the store container.	\\\\\\\\\\\\
STORE\_USER	Store user	proxyssh