Is there a way to proxy an authenticated ssh user into an already running docker container upon ssh connection?

Question

I have a Dockerized Jupyter Notebook always running on a Linux host (where I have ssh access).

docker run -d \
    --hostname="$(logname)-sandbox" \
    -e NB_UID="$(id -u $(logname))" \
    -e NB_GID="$(id -g $(logname))" \
    -e GRANT_SUDO=1 \
    -e NB_USER="$(id -un $(logname))" \
    -e NB_GROUP="$(id -gn $(logname))" \
    --user=root \
    --restart=always \
    --name="$(logname)-sandbox" \
    -v "${HOME}":"/home/$(logname)" \
    -p 8010:8888 \
    jupyter/base-notebook:latest \
    start-notebook.sh --notebook-dir="/home/$(logname)"

Currently I need to first ssh into the host, then I do something like docker exec -it <container-name> bash to start a bash shell within the Docker container.

I was wondering if there was a way of proxying the initial ssh command into the container, in much the same way as ProxyCommand does to connect to a second host indirectly.

Answer 1

I found a solution which seems to be working for my needs.

Add this to the top of ~/.bashrc

# Enter Container if SANDBOX=1, else continue as normal
if [[ "${SANDBOX}" -eq "1" ]]; then
    # Only allocate tty if one is detected, see: https://stackoverflow.com/questions/911168
    if [[ -t 0 ]]; then DOCKER_RUN_OPTIONS+=(-i); fi
    if [[ -t 1 ]]; then DOCKER_RUN_OPTIONS+=(-t); fi
    exec docker exec "${DOCKER_RUN_OPTIONS[@]}" "$(logname)-sandbox" bash "$@"
fi

Now set up a ssh config on the client like this:

Host vm1
    User my_user
    HostName my_host
Host vm1-sandbox
    User my_user
    HostName my_host
    RemoteCommand export SANDBOX=1; bash
    RequestTTY force

I also tested that it works as expected in combination with JumpHost:

Host vm2_jump
    User jump_user
    HostName jump_host
Host vm2
    User my_user
    HostName my_host
    ProxyJump vm2_jump
Host vm2-sandbox
    User my_user
    HostName my_host
    ProxyJump vm2_jump
    RemoteCommand export SANDBOX=1; bash
    RequestTTY force