diff --git a/.gitignore b/.gitignore
index e69de29..f7b85c6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/etc/ssh/*key*
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..1e919e0
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,2 @@
+FROM ajoergensen/openssh-server
+RUN useradd -d /etc/ssh sqlproxy && usermod -p '*' sqlproxy
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 646b927..4db19b5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,7 +7,28 @@ services:
     volumes:
       - /var/run/docker.sock:/tmp/docker.sock:ro
       - /etc/hosts:/tmp/hosts:rw
-      - ./hostman.sh:/hostman.sh
+      - ./script/hostman.sh:/hostman.sh:ro
+  sshd:
+    build:
+      context: .
+      dockerfile: ./Dockerfile
+    command: ["./sqlproxy.sh", "&", "wait", "$!" ]
+    ports:
+      - 22:22
+    volumes:
+      - ./etc/ssh:/etc/ssh/
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+      - ./script/hostman.sh:/hostman.sh:ro
+      - ./script/sqlproxy.sh:/sqlproxy.sh:ro
+    environment:
+      DISABLE_KEYGEN: true
+      DISABLE_CONFIG_GEN: true
+      HOST_CONF_PATH: /etc/hosts
+      RESOLVE_DOCKERHOST: true
+      DOCKER_HOSTNAME_VAR: DB_VHOST
+    networks:
+      - proxy
+    restart: unless-stopped
   nginx-proxy:
     image: jwilder/nginx-proxy
     ports:
diff --git a/etc/ssh/.ssh/authorized_keys b/etc/ssh/.ssh/authorized_keys
new file mode 100644
index 0000000..e69de29
diff --git a/etc/ssh/sshd_config b/etc/ssh/sshd_config
new file mode 100644
index 0000000..9b8afcd
--- /dev/null
+++ b/etc/ssh/sshd_config
@@ -0,0 +1,13 @@
+PasswordAuthentication no
+PubkeyAuthentication yes
+Port 22
+X11Forwarding no
+PermitRootLogin no
+GatewayPorts no
+AllowTcpForwarding yes
+PermitOpen any
+
+PidFile /config/sshd.pid
+Subsystem	sftp	/usr/lib/ssh/sftp-server -u 022
+
+AllowUsers sqlproxy
diff --git a/hostman.sh b/script/hostman.sh
similarity index 100%
rename from hostman.sh
rename to script/hostman.sh
diff --git a/script/sqlproxy.sh b/script/sqlproxy.sh
new file mode 100755
index 0000000..90be21b
--- /dev/null
+++ b/script/sqlproxy.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env sh
+# ensure permissions
+chown sqlproxy:sqlproxy /etc/ssh
+chown -R sqlproxy:sqlproxy /etc/ssh/.ssh
+chmod 0700 /etc/ssh/.ssh
+chmod 0600 /etc/ssh/.ssh/authorized_keys
+
+source ./hostman.sh
diff --git a/sqlproxy_setup.sh b/sqlproxy_setup.sh
new file mode 100755
index 0000000..9bdd492
--- /dev/null
+++ b/sqlproxy_setup.sh
@@ -0,0 +1,18 @@
+if [ ! -f ./etc/ssh/ssh_host_ed25519_key ]
+then
+    echo "Generating sqlproxy SSHD keys"
+    ssh-keygen -f ./ -A
+fi
+
+read -r -p "Auto generate client keys+config? [Y/n] " GEN_KEYS
+case $GEN_KEYS in
+    [yY]*)
+        mkdir -p ~/.ssh
+        read -r -p "Key Name (should not already exist in ~/.ssh): " KEY_NAME
+        ssh-keygen -t ed25519 -f ~/.ssh/$KEY_NAME.key
+        read -r -p "Target Host: " HOST_NAME
+        echo -ne "\n\nHost $HOST_NAME\n  User sqlproxy\n  IdentityFile ~/.ssh/$KEY_NAME.key" >> ~/.ssh/config
+        cat ~/.ssh/$KEY_NAME.key.pub >> ./etc/ssh/.ssh/authorized_keys
+        break;;
+       *) echo "Not generating client ssh key.\nPlease put your desired public keys into ./etc/ssh/.ssh/authorized_keys";;
+esac