From 1b4c9ddfe9dfb13ff50786e58cc1abe4ac9ab81b Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Tue, 9 Jan 2018 09:46:27 +0200
Subject: [PATCH] Added post on forwarding the Docker socket with SSH.

---
 content/docker_socket_over_ssh.rst | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 content/docker_socket_over_ssh.rst

diff --git a/content/docker_socket_over_ssh.rst b/content/docker_socket_over_ssh.rst
new file mode 100644
index 0000000..894dde9
--- /dev/null
+++ b/content/docker_socket_over_ssh.rst
@@ -0,0 +1,29 @@
+Docker socket over SSH
+######################
+:date: 2018-01-09
+:summary: Docker socket over SSH
+
+Yesterday I described how to connect to a remote :code:`dockerd` over TCP. I
+didn't touch security considerations at all (firewall, TLS certificate). This
+because, for my use, I prefer a different method, forwarding the Unix socket
+over SSH. Here's how.
+
+First, you need OpenSSH version 6.7 or later (both client and server). Also,
+the login user on the remote instance must have permissions to access the Docker
+socket (in other words, be a member of the :code:`docker` group).
+
+Here's how to forward the remote socket:
+
+.. code:: shell
+
+    ssh -fNTo ExitOnForwardFailure=yes -o ServerAliveInterval=30 -L $HOME/.ssh/docker.sock:/var/run/docker.sock host
+    export DOCKER_HOST=$HOME/.ssh/docker.sock
+
+And to close the connection and return to the local :code:`dockerd` kill the
+:code:`ssh` process that's running in the background, :code:`rm` the docker
+socket under :code:`$HOME/.ssh` and unset :code:`DOCKER_HOST`.
+
+The reason I prefer this method is that it's easier to setup for ad-hoc tasks
+and arguably more secure since you not only authenticate the user and host with
+SSH, but you limit access to only those that are part of the :code:`docker`
+group.
-- 
GitLab