Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support connecting to docker host via ssh #38

Open
Gibby opened this issue Oct 7, 2020 · 3 comments
Open

Support connecting to docker host via ssh #38

Gibby opened this issue Oct 7, 2020 · 3 comments
Labels
enhancement New feature or request

Comments

@Gibby
Copy link

Gibby commented Oct 7, 2020

Per https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-socket-option starting in Docker version 18.09 the following can be used to connect to a remote docker host:

$ docker -H ssh://[email protected]:22 ps
$ docker -H ssh://[email protected] ps
$ docker -H ssh://example.com ps

When I tried to specify ssh://[email protected] in the URL, I get the following error:

2020-10-07 12:33:25 ERROR (Thread-6) [custom_components.monitor_docker.helpers] Can not connect to Docker API (Missing protocol scheme in docker_host.)                                                       
Traceback (most recent call last):
  File "/config/custom_components/monitor_docker/helpers.py", line 140, in __init__                    
    self._api = aiodocker.Docker(url=url)
  File "/usr/local/lib/python3.8/site-packages/aiodocker/docker.py", line 125, in __init__             
    raise ValueError("Missing protocol scheme in docker_host.")                                        
ValueError: Missing protocol scheme in docker_host. 
@ualex73
Copy link
Owner

ualex73 commented Oct 7, 2020

The underlying library used for the Docker API doesn't support the "ssh://" option, sorry. You need to use tcp with certificates for security.

@ualex73 ualex73 added the enhancement New feature or request label Oct 10, 2020
@Garulf
Copy link

Garulf commented May 28, 2021

I was able to work around this limitation using socat over SSH.

Instructions here: https://serverfault.com/a/362833

Just incase anyone else is in a similar situation

@SciLor
Copy link

SciLor commented Jan 23, 2023

For a bit more convenience, I created a systemd daemon

Do everything as root.
location: /etc/systemd/system/[email protected]

Description=Setup a secure tunnel for docker.sock to %i
After=network.target

[Service]
Group=docker
ExecStart=ssh -o StreamLocalBindUnlink=yes -o StreamLocalBindMask=0117 -nNT -L /var/run/docker.%i.sock:/var/run/docker.sock %i

RestartSec=30
Restart=always

[Install]
WantedBy=multi-user.target

Enable it on boot with systemctl enable docker-remote-sock@server
Be sure you have placed the id_rsa.pub into the authorized_keys file for the root of the other server, so no login is needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

4 participants