Details
SSH server should not be running within the container. You should SSH into the Docker host, and use nsenter tool to enter a container from a remote host.
Rationale:
Running SSH within the container increases the complexity of security management by making it
Difficult to manage access policies and security compliance for SSH server
Difficult to manage keys and passwords across various containers
Difficult to manage security upgrades for SSH server
It is possible to have shell access to a container without using SSH, the needlessly increasing the complexity of security management should be avoided.
Solution
Uninstall SSH server from the container and use nsenteror any other commands such as docker exec or docker attach to interact with the container instance.
docker exec –interactive –tty $INSTANCE_ID sh
OR
docker attach $INSTANCE_ID
Impact:
None.
Default Value:
By default, SSH server is not running inside the container. Only one process per container is allowed.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.