5. Docker

Keeto ships a fully configured Docker image providing an easy and fast way for the establishment of an environment in order to become familiar with Keeto. This chapter gives an overview about this environment, describes how to set it up and ultimately use it.

5.1. Overview

The Docker environment consists of the following containers:

Container Description
keeto-openssh Keeto-enabled OpenSSH server
keeto-openldap Directory Service
keeto-syslog-ng Central logging server
keeto-mariadb Audit database

The OpenSSH server obtains access permissions and key material from the Directory Service and sends audit relevant SSH session information to the central logging server which stores the records in the audit database.

5.1.1. Services

The following ports are exposed by the Docker environment:

Container Protocol Ip:Port
keeto-openssh SSH 127.0.0.1:1022
keeto-openldap LDAP Plain/StartTLS 127.0.0.1:1389
keeto-openldap LDAPS 127.0.0.1:1636
keeto-mariadb MariaDB 127.0.0.1:13306

5.1.2. OpenLDAP Settings

Option Value
LDAP URI ldap://127.0.0.1:1389
Base DN dc=keeto,dc=io
Bind DN cn=directory-manager,dc=keeto,dc=io
Bind password test123

5.1.3. MariaDB Settings

Option Value
Ip:Port 127.0.0.1:13306
Database keeto-audit
Username root
Password test123

5.1.4. OpenSSH Access Permissions

Key/User Direct Access Access On Behalf
birgit Yes -
bjoern No keeto
oliver No slapd, opendj
sebastian No keeto
trixi No slapd, opendj
wolfgang Yes -

5.2. Prerequisites

The following software packages are needed in order to run the Keeto Docker environment:

  • Docker
  • Docker Compose
  • SSH client
  • LDAP client (optional)
  • MariaDB client (optional)

Although any LDAP client will do Apache Directory Studio is recommended as Keeto provides an export of the connection settings needed to configure the client for the usage with the Docker environment. The SSH client has to support either PKCS#8 or PuTTY’s .ppk private key format for public key authentication.

5.3. Setup

Grab the source code tarball from https://github.com/flix-/keeto and unpack the distribution. All files needed to setup the Docker environment are included in the ‘samples/docker’ directory:

<user>$ wget https://github.com/flix-/keeto/releases/download/0.4.1-beta/keeto-0.4.1-beta.tar.gz
<user>$ tar xvfz keeto-0.4.1-beta.tar.gz
<user>$ cd keeto-0.4.1-beta/samples/docker

Now start the containers using Docker Compose with the following command:

<root>$ docker-compose up -d

Docker will download the images if they are not already available locally and subsequently start the environment. Finally you should see the following output:

Creating network "docker_keeto-net" with driver "bridge"
Creating keeto-mariadb
Creating keeto-openldap
Creating keeto-syslog-ng
Creating keeto-openssh

Thats it! The Keeto Docker environment is now fully operational.

5.4. Usage

Now that the environment is up and running you are able to play around and gain a better understanding of Keeto. Configure your favourite LDAP client with the settings described in OpenLDAP Settings and browse/modify the content in the OpenLDAP Directory Service. If you are using Apache Directory Studio you might wanna import the connection settings from the ‘samples/docker/misc’ folder. The environment comes with some predefined access permissions as described in OpenSSH Access Permissions. The private key material for the various logins is available in the ‘samples/docker/keys’ folder. Note that some SSH clients require the private key to have certain access permissions. If you are using such a client change permissions of the private key file accordingly.

The following two examples show logins with the OpenSSH SSH client for a user that has direct access and another one that has access on behalf of another account:

<user>$ chmod 600 keys/birgit-key.pem
<user>$ ssh -i keys/birgit-key.pem -p 1022 birgit@localhost
<user>$ chmod 600 keys/oliver-key.pem
<user>$ ssh -i keys/oliver-key.pem -p 1022 slapd@localhost

Connect to the database (see: MariaDB Settings) to have a look at the SSH session logging.