Railway Docker Ubuntu SSH Server

A Docker image designed for Railway deployment that provides an Ubuntu 24.04 LTS base with SSH server enabled (SSHD). This allows you to connect to your Railway container via SSH for remote access and management.

Features

• Ubuntu 24.04 LTS base image
• SSH server (OpenSSH) pre-configured
• Clean SSH Login: No welcome messages for direct command line access
• Password authentication enabled
• Root login disabled by default for security
• Created user has sudo permissions
• Network utilities included (ping, telnet, iproute2)
• Development Environment: Claude Code, Node.js 20.x LTS, Ruby 3.3.6, Rails, Python 3.12
• CLI Tools: GitHub CLI, Railway CLI, PostgreSQL client, Redis tools
• Package Managers: npm, pnpm, yarn, bundler, pip
• Automated setup: Git configuration, CLI authentication, repository cloning
• Docker Compose: Local testing support with docker-compose.yml
• Health Monitoring: Built-in health checks for Railway deployment

⚠️ Important Notice

Railway runs Docker containers, not VPS! Any data stored in the container will be lost when redeploying. This includes:

• Files created after deployment
• Installed packages
• Configuration changes
• User data

If you need persistent storage, consider using Railway's volume mounts or external storage solutions.

Setup Instructions

STEP 1: Configure SSH Credentials

Option 1: Modify ssh-user-config.sh

1. Before deploying, edit the ssh-user-config.sh file and change the default values:

   # Change these default values to your desired credentials
   : ${SSH_USERNAME:="myuser"}
   : ${SSH_PASSWORD:="mypassword"}

2. Commit and push your changes to your repository

3. Then deploy to Railway

Option 2: Use Railway Environment Variables

1. Deploy to Railway

2. Go to your project dashboard

3. Navigate to Settings → Variables:

   

4. Add the following environment variables:

   SSH Configuration:

   • SSH_USERNAME - Your desired username
   • SSH_PASSWORD - Your desired password
   • ROOT_PASSWORD - Root password (optional, leave empty if root login is disabled)
   • AUTHORIZED_KEYS - SSH public keys for key-based authentication (optional)

   Development Environment (Optional):

   • GH_TOKEN - GitHub Personal Access Token for GitHub CLI authentication and git push/pull
   • GITHUB_EMAIL - Your git commit email address
   • GITHUB_NAME - Your git commit name
   • TZ - Timezone (e.g., America/New_York, Europe/London)
   • SSH_BANNER - Custom welcome message displayed after SSH login
   • LOG_LEVEL - SSH logging level (DEBUG, INFO, NOTICE, WARN, ERROR)
   • HOST - Host binding address for Railway applications (defaults to 0.0.0.0)
   • HOSTNAME - Hostname binding for Railway applications (defaults to 0.0.0.0)

5. Redeploy your project to apply the new environment variables:

   

STEP 2: Configure TCP Proxy

1. Go to your Railway project dashboard

2. Navigate to Settings → Networking:

   

3. Under Public Networking, click TCP Proxy

4. Enter the exposed port 22 (the default SSH port):

   

5. Click Add Proxy

STEP 3: Redeploy the Project

After configuring the TCP proxy, redeploy your project to apply the networking changes:

STEP 4: Connect via SSH

1. Once deployed, Railway will provide you with a domain and port for TCP access:

   

2. Use the SSH command to connect:

   ssh {username}@{domain} -p {port}

   Example:

   ssh [email protected] -p 30899

3. When prompted about the host authenticity, type yes to accept the new key pair

4. Enter the user password when prompted

5. You're now connected to your Railway container via SSH!

Development Environment

This container comes pre-configured with a complete development environment including:

Installed Tools

• Claude Code: AI-powered development assistant
• Node.js 20.x LTS: JavaScript runtime with npm, pnpm, and yarn
• Python 3.12: Python runtime with pip and venv
• Ruby 3.3.6: Latest stable Ruby via rbenv with Rails and bundler pre-installed
• GitHub CLI: Authenticated and ready to use (if GH_TOKEN provided)
• Railway CLI: Available (requires manual login: railway login)
• Database Clients: PostgreSQL and Redis clients
• Build Tools: ripgrep, build-essential, git, curl, wget

Automatic Setup

When the container starts, it automatically:

1. Configures git with your identity (if GITHUB_EMAIL and GITHUB_NAME provided)
2. Authenticates GitHub CLI and configures git for push/pull (if GH_TOKEN provided)
3. Installs Railway CLI (manual login required after SSH connection)
4. Installs Claude Code globally for the SSH user
5. Creates a ~/dev/ directory for your projects
6. Clones all your GitHub repositories to ~/dev/ (if GH_TOKEN provided)

Clean Login

SSH login goes directly to command prompt with no welcome messages for a clean development experience.

Usage

After SSH connection:

# Claude Code is ready to use
claude

# GitHub CLI is authenticated (git push/pull work automatically)
gh repo list
git push  # Works without additional authentication

# Railway CLI (requires manual login in SSH session)
railway login
railway list

# Clone your repos to ~/dev/
cd ~/dev
gh repo clone owner/repo

# Ruby and Rails are ready
ruby --version
rails --version

# Python is ready
python3 --version
pip --version

# Node.js tools are ready
node --version
npm --version
pnpm --version

Local Development

Docker Compose Setup

For local testing, use the included docker-compose.yml:

# Build and start the container
docker-compose up --build

# Connect via SSH (in another terminal)
ssh testuser@localhost -p 2222

# Stop the container
docker-compose down

The Docker Compose setup includes:

• Pre-configured test user credentials
• Port mapping (2222:22)
• Environment variables for development
• Health checks
• Optional volume mounting for persistent development

Environment File

Copy .env.example to .env and customize your settings:

cp .env.example .env
# Edit .env with your preferred settings

Configuration Details

Default Values

The current default values in ssh-user-config.sh are:

• SSH_USERNAME=myuser
• SSH_PASSWORD=mypassword

⚠️ Important: Change default values before deploying to production.

Environment Variable Priority

The system checks for credentials in this order:

1. Railway environment variables (highest priority)
2. Values set directly in ssh-user-config.sh (default if no environment variables)

Root Access

Root login is disabled by default for security reasons. If you need to enable root login, you can modify the Dockerfile by changing:

&& echo "PermitRootLogin no" >> /etc/ssh/sshd_config

to:

&& echo "PermitRootLogin yes" >> /etc/ssh/sshd_config

Note: The created user already has sudo permissions and is added to the sudo group, so root access is typically unnecessary.

Security Considerations

• CRITICAL: Always change the default SSH credentials in ssh-user-config.sh before deploying to production
• Root login is disabled by default
• SSH security hardening included:
  • Max 3 authentication attempts
  • Client timeout protection (5 minutes idle)
  • Protocol 2 enforcement
• Only password authentication is enabled by default
• The default user has sudo privileges for administrative tasks
• Consider using SSH keys (AUTHORIZED_KEYS) instead of passwords for better security
• When using AUTHORIZED_KEYS, password authentication is automatically disabled
• Configurable logging levels for security monitoring

Container Limitations

• No persistent storage: All data is lost when redeploying.
• Not a VPS: This is a containerized environment, not a virtual private server
• Temporary file system: Any files created inside the image will be lost on restart/redeploy

Important: Conside using Railway Volume Mount for persistent storage

Troubleshooting

• Ensure the TCP proxy is configured correctly on Railway
• Verify the correct domain and port are being used
• Check that the container is running and healthy
• Confirm firewall settings allow SSH connections
• Verify credentials are set correctly in ssh-user-config.sh or Railway environment variables
• Remember that data loss occurs on every redeploy

License

This project is licensed under the terms included in the LICENSE file.