Have sshd forward logins of git user to a (GitLab) Docker container

Question

I would like to configure sshd on my host machine to forward public key logins of a certain user to a Docker container that runs its own sshd service.

To give some conte

Answer 1

I found a simple workaround to this. Just create a Git user on the host machine and provide a proxy script that executes the given Git commands in the GitLab container using the host's SSH daemon and the .ssh/authorized_keys from the container volume.

1. On the host machine, add the user git using the same UID & GID as in the GitLab docker container (998) and set your GitLab data directory as the user's home:

   useradd -u 998 -s /bin/bash -d /your/gitlab/path/data git
   

2. Add the git user to the docker group

   usermod -G docker git
   

3. Add a proxy script /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell on the host machine with the following contents:

   #!/bin/bash
   docker exec -i -u git  sh -c "SSH_CONNECTION='$SSH_CONNECTION' SSH_ORIGINAL_COMMAND='$SSH_ORIGINAL_COMMAND' $0 $1"