I'm planning a server for the students studying Linux and have some rules for this.
All students will get the same server domain/port for SSH, and each own username/password(normal privilege).
4 servers will be clustered, and for all users not an admin it will redirect to each own Docker*.
All students will be able to access to the server through the internal network using a SSH client.
The problem is very simple, "how to access to the designated docker using SSH with the same domain/port for each user". It clearly means the server will have to redirect SSH requests to each own Docker depending only on usernames.
The final goal is that all students can write and build their programs on the Linux environment through Bash shell, and do pretty much everything else within the SSH session.
I have read various Docker and SSH documents but not been able to find an appropriate solution. Any help will be appreciated :).
PS.
While it's possible that it's XY problem, the reason why I want this because I don't want the server ruined by a single user. So you can suggest another way to acquire this requirement, of course.
A similar question was asked that might answer your question:
I've never used this, but a set of directives, one for each user, could make the "SSH gateway" you're proposing.
I'd rather use KVM and ansible/saltstack/puppet and have a master snapshot VM.
The KVM hypervisor is as clever as dokcer and makes sure that every vm doesn't get all the ressources even if one VM tries to go nuts. No need to worry about troubleshooting memory hogs, permission problems, CPU. You can even overcommit like you could with docker, that's so cool.
kvm works great on cli but also has some small gui tools, where you can easily get hold of the root console in no time and also see the ressources used of every virtual machine on one screen. its rudimentary, but works very well.
To automate processes you can use tools like ansible or saltstack. so you could e.g.
Why not docker? Docker is great, I use it too. Docker was meant to be "read-only" and to serve content to customers. This doesn't quite fit the bill?
But remember, there is
The VM behaves like a normal system and there is no easy way to hide for the student, because he has a definite IP adress given to him/her.
As HDD space is one of the lowest costs when it comes to server, I'd rather buy an additional master server or PC/laptop and use it to take full control over the 4 servers, which then run X VM's, each with it's own unique IP and/or even DNS name.
To set this up is more work, but I'd say you have also far more control over the servers and also over your students, because you have direct access to the VM.
Once everything is in place you can control your course from start to end with a few tools and ansible commands (or similar tool).
Oh, and if you add MAAS plus PXE boot to this setup, you would even be prepared for a server loss/replacement, just put in the new machine setup pxe, boot, be happy.
Here you can see a simple setup which will get you started.