A lightweight, containerized workspace designed for AI Agents to operate autonomously. Built on Ubuntu 24.04, this sandbox provides a persistent, SSH-accessible environment where agents can clone repositories, run scripts, manage files, and execute tasks β all within an isolated and reproducible Docker container.
Modern AI Agents need a safe, controlled environment to perform real work: writing and running code, interacting with Git repositories, managing files, and executing shell commands. This project provides exactly that β a ready-to-use sandbox that any agent can connect to via SSH and treat as its own workspace.
- π³ Docker-based β fully isolated, reproducible, and easy to spin up anywhere
- π§ Git pre-installed β agents can clone, commit, push, and pull out of the box
- π SSH access on port 22 β connect any agent or client remotely
- πΎ Persistent
/home/ubuntu/workspacevolume β work survives container restarts - π¦ Auto-published to GHCR β GitHub Actions builds and pushes the image on every release
docker pull ghcr.io/nhatnice/docker-ubuntu-sandbox:latestdocker run -d \
-p 2222:22 \
-v ssh_host_keys:/var/lib/ssh-host-keys \
-v ssh_authorized_keys:/root/.ssh \
-v workspace:/home/ubuntu/workspace \
-e ROOT_PASSWORD=yourpassword \
-e SSH_PUBLIC_KEY="$(cat ~/.ssh/id_ed25519.pub)" \
--name docker-ubuntu-sandbox \
ghcr.io/nhatnice/docker-ubuntu-sandbox:latestssh root@localhost
# password: whatever you set in ROOT_PASSWORD (default: changeme)
β οΈ Always setROOT_PASSWORDbefore exposing this container to any network.
The root password is set at container startup via the ROOT_PASSWORD environment variable. If not provided, it defaults to changeme.
docker run -d -e ROOT_PASSWORD=yourpassword ...Copy .env.example to .env and fill in your values:
cp .env.example .envROOT_PASSWORD=yourpassword
SSH_PUBLIC_KEY=ssh-ed25519 AAAA... your_email@example.comOr pass inline:
ROOT_PASSWORD=yourpassword docker compose up -dKey-based auth is more secure than passwords. Pass your public key via SSH_PUBLIC_KEY and it will be written to /root/.ssh/authorized_keys at startup.
cat ~/.ssh/id_ed25519.pub
# or
cat ~/.ssh/id_rsa.pubIf you don't have a key yet, generate one:
ssh-keygen -t ed25519 -C "your_email@example.com"docker run:
docker run -d \
-p 2222:22 \
-v ssh_host_keys:/var/lib/ssh-host-keys \
-v ssh_authorized_keys:/root/.ssh \
-v workspace:/home/ubuntu/workspace \
-e ROOT_PASSWORD=yourpassword \
-e SSH_PUBLIC_KEY="$(cat ~/.ssh/id_ed25519.pub)" \
--name docker-ubuntu-sandbox \
ghcr.io/nhatnice/docker-ubuntu-sandbox:latestdocker-compose: add the key to your .env file:
SSH_PUBLIC_KEY=ssh-ed25519 AAAA... your_email@example.comThen start:
docker compose up -dssh -p 2222 root@localhostThe
authorized_keysfile is stored in thessh_authorized_keysnamed volume so it persists across container restarts. UpdatingSSH_PUBLIC_KEYand restarting the container will overwrite it with the new key.
The /home/ubuntu/workspace directory is the agent's persistent home. Everything written here survives container restarts thanks to a Docker named volume.
This sandbox is designed for development and experimentation. Before using in any production or networked environment:
- Always set
ROOT_PASSWORDto a strong value via the environment variable - Set
SSH_PUBLIC_KEYto your public key and disable password auth (PasswordAuthentication no) for stronger security - Consider creating a non-root user for the agent
- Restrict
PermitRootLoginin/etc/ssh/sshd_config
docker build -t docker-ubuntu-sandbox .docker run -d \
-p 2222:22 \
-e ROOT_PASSWORD=devpassword \
-v $(pwd)/workspace:/home/ubuntu/workspace \
--name docker-ubuntu-sandbox-dev \
docker-ubuntu-sandbox- Docker 20.10+
This project is licensed under the MIT License.