Merge pull request #2 from binlab/add-custom-address-port

Add configuration for custom address and port

Author: binlab

Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.9
+FROM alpine:3.11.6
 
 LABEL maintainer="Mark <mark.binlab@gmail.com>"
 

README.md

@@ -40,6 +40,10 @@ behind a `NAT`. This image based on `Alpine Linux` last version.
 
 * `AGENT_FORWARDING [true | false]` - Specifies whether `ssh-agent` forwarding is permitted. The default is `true`. Note that disabling agent forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders.
 
+* `LISTEN_ADDRESS [0.0.0.0]` - Specifies the local addresses should listen on. By default it **0.0.0.0**. Useful when Docker container runs in `Host mode`
+
+* `LISTEN_PORT [22]` - Specifies the port number that listens on. The default is **22**. Useful when Docker container runs in `Host mode`
+
 ###  Run Bastion and `expose` port `22222` to outside a host machine
 
 The container assumes your `authorized_keys` file with `644` permissions and mounted under `/var/lib/bastion/authorized_keys`.

bastion

@@ -54,6 +54,18 @@ if [ ! -f "$HOST_KEYS_PATH/ssh_host_rsa_key" ]; then
     /usr/bin/ssh-keygen -A -f "$HOST_KEYS_PATH_PREFIX"
 fi
 
+if [ -n "$LISTEN_ADDRESS" ]; then
+    CONFIG_LISTEN_ADDRESS="-o ListenAddress=$LISTEN_ADDRESS"
+else
+    CONFIG_LISTEN_ADDRESS="-o ListenAddress=0.0.0.0"
+fi
+
+if [ -n "$LISTEN_PORT" ]; then
+    CONFIG_LISTEN_PORT="-o Port=$LISTEN_PORT"
+else
+    CONFIG_LISTEN_PORT="-o Port=22"
+fi
+
 /usr/sbin/sshd -D -e -4 \
     -o "HostKey=$HOST_KEYS_PATH/ssh_host_rsa_key" \
     -o "HostKey=$HOST_KEYS_PATH/ssh_host_dsa_key" \
@@ -70,4 +82,6 @@ fi
     $CONFIG_AGENT_FORWARDING \
     $CONFIG_TCP_FORWARDING \
     $CONFIG_TRUSTED_USER_CA_KEYS \
-    $CONFIG_AUTHORIZED_PRINCIPALS_FILE
+    $CONFIG_AUTHORIZED_PRINCIPALS_FILE \
+    $CONFIG_LISTEN_ADDRESS \
+    $CONFIG_LISTEN_PORT