diff --git a/nasp-jumpserver/Dockerfile b/nasp-jumpserver/Dockerfile
new file mode 100644
index 0000000..7894bc7
--- /dev/null
+++ b/nasp-jumpserver/Dockerfile
@@ -0,0 +1,15 @@
+FROM docker.io/alpine
+
+RUN apk add --no-cache openssh git sudo tmux vim bash zsh curl wget coreutils util-linux tzdata \
+  && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && echo "Asia/Shanghai" > /etc/timezone
+
+COPY sshd_config /etc/ssh/sshd_config
+
+RUN cd /opt && git clone https://git.nasp.ob.ac.cn/NASP/registry \
+  && ./registry/scripts/jumpserver_deploy.sh \
+  && curl dotfiles.cn | bash -s - -l -u root \
+  && sed -i 's?root:x:0:0:root:/root:/bin/ash?root:x:0:0:root:/root:/bin/zsh?' /etc/passwd \
+  && sed -i 's?ssh:x:1000:1000:jumpserver user ssh:/home/ssh:/bin/ash?ssh:x:1000:1000:jumpserver user ssh:/home/ssh:/bin/bash?' /etc/passwd
+
+EXPOSE 22
+ENTRYPOINT ["/etc/startup.sh"]
diff --git a/nasp-jumpserver/sshd_config b/nasp-jumpserver/sshd_config
new file mode 100644
index 0000000..04a78e5
--- /dev/null
+++ b/nasp-jumpserver/sshd_config
@@ -0,0 +1,15 @@
+Port 22
+
+# Authentication:
+LoginGraceTime 30s
+PermitRootLogin prohibit-password
+StrictModes yes
+MaxAuthTries 6
+MaxSessions 10
+PubkeyAuthentication yes
+AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
+PasswordAuthentication no
+AllowAgentForwarding yes
+
+# override default of no subsystems
+Subsystem       sftp    internal-sftp
diff --git a/nasp-jumpserver/startup.sh b/nasp-jumpserver/startup.sh
new file mode 100755
index 0000000..44b9337
--- /dev/null
+++ b/nasp-jumpserver/startup.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+set -e
+
+crond
+/etc/init.d/sshd start
+bash
\ No newline at end of file