tor-ssh-poc-dockerfile

#
# # This is a Dockerfile which implements the basics for creating a ssh hidden service in a docker container
# 
# # Usage:
#
# docker build --pull --rm -f "Dockerfile" -t torssh:latest "."
# docker run torssh:latest
# 
# # It will output for you the onion url as well as the 100character random password
# # You have ~60 seconds to establish the connection before the service dies.
# # To connect do something like this (with your onion url obviously)
#
# torify ssh root@6lywzt5n3mhg5yb64zvw4vbmgyxthaps7yykvtzlppvsipyhi7zeujyd.onion
#

FROM debian:buster-slim AS base
WORKDIR /app

RUN apt update
RUN apt install tor openssh-server --yes
RUN sed -i s/#PermitRootLogin.*/PermitRootLogin\ yes/ /etc/ssh/sshd_config
RUN ssh-keygen -A
RUN mkdir /run/sshd

RUN echo "HiddenServiceDir /var/lib/tor/ssh" >> /etc/tor/torrc
RUN echo "HiddenServicePort 22" >> /etc/tor/torrc

RUN echo "#!/bin/bash" > /app/entrypoint.sh
RUN echo "echo \"root:\$(cat /dev/urandom | env LC_CTYPE=C tr -dc 'a-z' | fold -w 100 | head -n 1)\" > /root/.rndpasswd" >> /app/entrypoint.sh
RUN echo "cat /root/.rndpasswd | chpasswd" >> /app/entrypoint.sh
RUN echo "/usr/bin/tor &" >> /app/entrypoint.sh
RUN echo "sleep 5" >> /app/entrypoint.sh
RUN echo "/usr/sbin/sshd & " >> /app/entrypoint.sh
RUN echo "death_counter () {"
RUN echo "  counter=6; while [ \$counter -gt 0 ]; do counter=\$(( \$counter - 1 )); cat /var/lib/tor/ssh/hostname; cat /root/.rndpasswd; sleep 10s; while true; do if ps -x | grep -q 'sshd\:'; then echo 'connection established'; sleep 10s; else break; fi; done done" >> /app/entrypoint.sh
RUN echo "}"
RUN echo "death_counter"
RUN chmod +x /app/entrypoint.sh

ENTRYPOINT ["/bin/bash", "/app/entrypoint.sh"]