diff --git a/home/.chezmoiscripts/ubuntu/run_once_11-docker-ssh-server.sh.tmpl b/home/.chezmoiscripts/ubuntu/run_once_11-docker-ssh-server.sh.tmpl
new file mode 100644
index 00000000..75c0a556
--- /dev/null
+++ b/home/.chezmoiscripts/ubuntu/run_once_11-docker-ssh-server.sh.tmpl
@@ -0,0 +1,7 @@
+{{ if eq .chezmoi.os "linux" -}}
+{{   if eq .chezmoi.osRelease.idLike "debian" -}}
+{{     if eq .system "server" -}}
+{{       include "../install/ubuntu/server/ssh_server.sh" }}
+{{     end -}}
+{{   end -}}
+{{ end -}}
diff --git a/install/ubuntu/server/ssh_server.sh b/install/ubuntu/server/ssh_server.sh
new file mode 100644
index 00000000..d1e70db5
--- /dev/null
+++ b/install/ubuntu/server/ssh_server.sh
@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+
+set -Eeuo pipefail
+
+if [ "${DOTFILES_DEBUG:-}" ]; then
+    set -x
+fi
+ 
+function install_openssh_server() {
+    # install openssh-server
+    apt-get update && apt-get install --no-install-recommends -y vim openssh-server
+}
+ 
+function setup_sshd() {
+    mkdir -p /var/run/sshd
+    mkdir -p /root/.ssh
+ 
+    sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config &&
+        sed -i 's/^#Port 22/Port 22/' /etc/ssh/sshd_config &&
+        sed -i 's/^#ListenAddress 0.0.0.0/ListenAddress 0.0.0.0/' /etc/ssh/sshd_config &&
+        sed -i 's/^#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config &&
+        sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
+ 
+    # check the /etc/ssh/sshd_config
+    /usr/sbin/sshd -t
+ 
+    # create .ssh/authorized_keys if not exists
+    touch ~/.ssh/authorized_keys
+}
+ 
+function run_sshd() {
+    # run sshd
+    /usr/sbin/sshd
+}
+ 
+function main() {
+    install_openssh_server
+    setup_sshd
+    run_sshd
+}
+
+if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
+    if [ -f "/.dockerenv" ]; then
+        main
+    fi
+fi