Geek Answers Handbook

Access ssh host node from docker container

Using ubuntu tusty, a service is running on the remote computer through which I can access through forwarding through the ssh tunnel from localhost:9999 .

I have a docker container running. I need to access this remote service through a host tunnel from a container.

I tried tunneling from the container to the host with -L 9000:host-ip:9999 , and then access to the service through 127.0.0.1:9000 from the container failed to connect. To check if port mapping is enabled, I tried nc -luv -p 9999 # at host nc -luv -p 9000 # at container

after this, parag. 2 , but there was no perceived message even when nc -luv host-ip -p 9000 in the container

I also tried to map the ports using docker run -p 9999:9000 , but this reports that the binding failed because the host port is already in use (presumably from the host tunnel to the remote machine).

So my questions

1 - How do I reach a connection? Do I need to configure the ssh tunnel on the host, or can this be achieved only with docker port mapping?

2 - What is a quick way to test the connection? Via bash, preferably.

Thanks.

+32
source share
3 answers

I think you can do this by adding --net=host to your --net=host pass. But see also this question: Move host port to docker container

+15
source

Using your host network as a network for your containers via --net=host or docker-compose via network_mode: host is one option, but it has an undesirable side effect: (a) you are now exposing container ports in your host system and (b) that you can no longer connect to those containers that are not mapped to your host network.

In your case, a quicker and cleaner solution would be to make your ssh tunnel “accessible” to your docker containers (for example, by connecting ssh to the docker0 bridge) instead of exposing your dock containers in your host environment (as suggested in the accepted answer).

Tunnel Setup:

For this to work, find the ip that uses your docker0 bridge through:

 ifconfig

you will see something like this:

 docker0 Link encap:Ethernet HWaddr 03:41:4a:26:b7:31 inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0

Now you need to specify ssh to bind to this ip to listen for traffic directed to port 9000 through

 ssh -L 172.17.0.1:9000:host-ip:9999

Without setting the binding address,: :9000 will only be available for your host's feedback interface, and not for your dock containers.

Note: you can also bind your tunnel to 0.0.0.0 , which will force ssh to listen on all interfaces.

Setting up your application:

In your container application, use the same ip docker0 to connect to the server: 172.17.0.1:9000 . Now traffic passing through your docker0 bridge docker0 also reach your ssh tunnel :)

For example, if you have a "DOT.NET Core" application that needs to connect to a remote database located at :9000 , your "ConnectionString" will contain "server=172.17.0.1,9000;

+18
source

on MacOS (tested on v19.03.2 )

1) create a tunnel on the host

 ssh -i key.pem username@jump _server -L 3336:mysql_host:3306 -N

2) from the container, you can use host.docker.internal or docker.for.mac.localhost or docker.for.mac.host.internal to refer to the host.

example,

 mysql -h host.docker.internal -P 3336 -u admin -p

note from Docker-for-Mac white paper

I WANT TO CONNECT FROM CONTAINER TO SERVICE ON ECONOMY

The host has a changing IP address (or does not, if you do not have network access). Since host.docker.internal , we recommend connecting to a special DNS name host.docker.internal , which allows the internal IP address used by the host. This is for development purposes and will not work in a production environment outside of Docker Desktop for Mac.

A gateway is also available as gateway.docker.internal .

0
source

More articles:


All Articles