Added post on forwarding the Docker socket with SSH.

1b4c9ddf · nimrod · 80c12624 · 1b4c9ddf
Commit 1b4c9ddf authored 7 years ago by nimrod
--- a/content/docker_socket_over_ssh.rst
+++ b/content/docker_socket_over_ssh.rst
+Docker socket over SSH
+######################
+:date: 2018-01-09
+:summary: Docker socket over SSH
+
+Yesterday I described how to connect to a remote :code:`dockerd` over TCP. I
+didn't touch security considerations at all (firewall, TLS certificate). This
+because, for my use, I prefer a different method, forwarding the Unix socket
+over SSH. Here's how.
+
+First, you need OpenSSH version 6.7 or later (both client and server). Also,
+the login user on the remote instance must have permissions to access the Docker
+socket (in other words, be a member of the :code:`docker` group).
+
+Here's how to forward the remote socket:
+
+.. code:: shell
+
+    ssh -fNTo ExitOnForwardFailure=yes -o ServerAliveInterval=30 -L $HOME/.ssh/docker.sock:/var/run/docker.sock host
+    export DOCKER_HOST=$HOME/.ssh/docker.sock
+
+And to close the connection and return to the local :code:`dockerd` kill the
+:code:`ssh` process that's running in the background, :code:`rm` the docker
+socket under :code:`$HOME/.ssh` and unset :code:`DOCKER_HOST`.
+
+The reason I prefer this method is that it's easier to setup for ad-hoc tasks
+and arguably more secure since you not only authenticate the user and host with
+SSH, but you limit access to only those that are part of the :code:`docker`
+group.