diff --git a/Changelog.md b/Changelog.md
index 110ffe7..f303700 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,5 +1,6 @@
 ## 0.9.11 (not yet released)
 
+ * Introduced the `docker-bash` tool. This is a shortcut tool for logging into a container using SSH. Usage: `docker-bash <CONTAINER ID>`. See the README for details.
  * Fixed various process waiting issues in `my_init`. Closes GH-27, GH-82 and GH-83. Thanks to André Luiz dos Santos and Paul Annesley.
  * The `ca-certificates` package is now installed by default. This is because we include `apt-transport-https`, but Ubuntu 14.04 no longer installs `ca-certificates` by default anymore. Closes GH-73.
  * `add-apt-repository` is now installed by default. Closes GH-74.
diff --git a/README.md b/README.md
index 979fa71..aeb9c51 100644
--- a/README.md
+++ b/README.md
@@ -50,6 +50,7 @@ You can configure the stock `ubuntu` image yourself from your Dockerfile, so why
      * [Using the insecure key for one container only](#using_the_insecure_key_for_one_container_only)
      * [Enabling the insecure key permanently](#enabling_the_insecure_key_permanently)
      * [Using your own key](#using_your_own_key)
+     * [The `docker-bash` tool](#docker_bash)
    * [Disabling SSH](#disabling_ssh)
  * [Building the image yourself](#building)
  * [Conclusion](#conclusion)
@@ -358,6 +359,27 @@ Now SSH into the container as follows:
 
     ssh -i /path-to/your_key root@<IP address>
 
+<a name="docker_attach"></a>
+#### The `docker-bash` tool
+
+Looking up the IP of a container and running an SSH command quickly becomes tedious. Luckily, we provide the `docker-bash` tool which automates this process. This tool is to be run on the *Docker host*, not inside a Docker container.
+
+First, install the tool on the Docker host:
+
+    curl --fail -L -O https://github.com/phusion/baseimage-docker/archive/master.tar.gz && \
+    tar xzf master.tar.gz && \
+    sudo ./baseimage-docker-master/install-tools.sh
+
+Then run the tool as follows to login to a container using SSH:
+
+    docker-bash YOUR-CONTAINER-ID
+
+You can lookup `YOUR-CONTAINER-ID` by running `docker ps`.
+
+By default, `docker-bash` will open a Bash session. You can also tell it to run a command, and then exit:
+
+    docker-bash YOUR-CONTAINER-ID echo hello world
+
 
 <a name="building"></a>
 ## Building the image yourself
diff --git a/install-tools.sh b/install-tools.sh
new file mode 100755
index 0000000..5da8935
--- /dev/null
+++ b/install-tools.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+set -e
+dir=`dirname "$0"`
+cd "$dir"
+
+set -x
+cp tools/* /usr/local/bin/
+mkdir -p /usr/local/share/baseimage-docker
+cp image/insecure_key /usr/local/share/baseimage-docker/
+chmod 644 /usr/local/share/baseimage-docker/insecure_key
diff --git a/tools/docker-bash b/tools/docker-bash
new file mode 100755
index 0000000..6a14d37
--- /dev/null
+++ b/tools/docker-bash
@@ -0,0 +1,82 @@
+#!/bin/bash
+set -e
+set -o pipefail
+
+KNOWN_HOSTS_FILE=
+IP=
+
+function usage()
+{
+	echo "Usage: docker-bash <CONTAINER_ID> [COMMAND...]"
+	echo "Login to a Baseimage-based Docker container using SSH."
+	echo "If COMMAND is not given, opens an interactive shell."
+	echo "Otherwise, runs COMMAND inside the container."
+}
+
+function cleanup()
+{
+	local pids=`jobs -p`
+	if [[ "$pids" != "" ]]; then
+		kill $pids
+	fi
+
+	if [[ "$KNOWN_HOSTS_FILE" != "" ]]; then
+		rm -f "$KNOWN_HOSTS_FILE"
+	fi
+}
+
+if [[ $# = 0 ]]; then
+	usage
+	exit
+fi
+
+CONTAINER_ID="$1"
+shift
+
+trap cleanup EXIT
+
+if ! [[ -e ~/.baseimage_docker_insecure_key ]]; then
+	if [[ -e /usr/local/share/baseimage-docker/insecure_key ]]; then
+		cp /usr/local/share/baseimage-docker/insecure_key ~/.baseimage_docker_insecure_key
+	else
+		dir=`dirname "$0"`
+		dir=`cd "$dir/.." && pwd`
+		if [[ -e "$dir/image/insecure_key" ]]; then
+			cp "$dir/image/insecure_key" ~/.baseimage_docker_insecure_key
+		else
+			echo "*** ERROR ***: Baseimage-docker insecure key not found." >&2
+			echo "You probably didn't install docker-bash properly. Please reinstall it:" >&2
+			echo "" >&2
+			echo "  curl --fail -L -O https://github.com/phusion/baseimage-docker/archive/master.tar.gz && \\" >&2
+			echo "  tar xzf master.tar.gz && \\" >&2
+			echo "  sudo ./baseimage-docker-master/install-tools.sh" >&2
+			exit 1
+		fi
+	fi
+	chown "`whoami`": ~/.baseimage_docker_insecure_key
+	chmod 600 ~/.baseimage_docker_insecure_key
+fi
+
+KNOWN_HOSTS_FILE=`mktemp /tmp/docker-bash.XXXXXXXXX`
+IP=`docker inspect -f "{{ .NetworkSettings.IPAddress }}" "$CONTAINER_ID"`
+
+# Prevent SSH from warning about adding a host to the known_hosts file.
+ssh-keyscan "$IP" >"$KNOWN_HOSTS_FILE" 2>&1
+
+if ! ssh -i ~/.baseimage_docker_insecure_key \
+	-o UserKnownHostsFile="$KNOWN_HOSTS_FILE" \
+	-o StrictHostKeyChecking=no \
+	-o PasswordAuthentication=no \
+	-o KbdInteractiveAuthentication=no \
+	-o ChallengeResponseAuthentication=no \
+	"root@$IP" "$@"
+then
+	STATUS=$?
+	if [[ $# = 0 ]]; then
+		echo "----------------"
+		echo "It appears that login to the Docker container failed. This could be caused by the following reasons:"
+		echo "- The Docker container you're trying to login to is not based on Baseimage-docker. The docker-bash tool only works with Baseimage-docker-based containers."
+		echo "- You did not enable the the insecure key inside the container. Please read https://github.com/phusion/baseimage-docker/blob/master/README.md#login to learn how to enable the insecure key."
+	fi
+	exit $STATUS
+fi