docker 支持ssh远程容器
的docker镜像宿主机系统版本: centos 6.7宿主机内核版本:3.10.5-12.1.x86_64
docker 版本: Docker version 1.7.1, build 786b29d/1.7.1
创建过程:
1.启动镜像:
# docker run -it centos /bin/bash
2.安装openssh服务
# yum -y install openssh-server
3.创建 /var/run/sshd/目录,要不然sshd服务启动会报错
# mkdir /var/run/sshd/
4.启动sshd服务
# /usr/sbin/sshd -D &
WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several problems. (1)
Could not load host key: /etc/ssh/ssh_host_rsa_key (2)
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
启动是会提示以上信息,(1)表示:修改了sshd_conf文件中的UsePAM yes 改成UsePAM no
#cat /etc/ssh/sshd_config|grep UsePA
UsePAM no
(2)表示:没有主机的公私秘钥,重新生成密钥
# rm -rf ssh*key
# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
# ssh-keygen -t ed25519 -f/etc/ssh/ssh_host_ed25519_key
如果没有生成密钥在远程连接的时候也会报错。报主机密钥不匹配错误:Read from socket failed: Connection reset by peer
秘钥文件是根据sshd_conf 配置文件相对应的,可以先查看配置文件在设置相同的密钥
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
5.取消pam登录限制,注释掉#session required pam_loginuid.so,原先没有注释掉
#cat /etc/pam.d/sshd
#session required pam_loginuid.so
6.验证端口是否开启
# ps -ef |grep sshd
root 18 10 01:43 ? 00:00:00 /usr/sbin/sshd -D
root 30 10 01:59 ? 00:00:00 grep --color=auto sshd
7.通过宿主机端口扫描查看sshd端口状态
# nmap 172.17.0.10 -p 22
PORT STATE SERVICE
22/tcp openssh
8.宿主机生成公钥并且导入到容器中
# ssh-keygen-t rsa
会在/root/.ssh/会生成密钥文件和私钥文件 id_rsa,id_rsa.pub或id_dsa,id_dsa.pub
将 .pub 文件复制到容器的 .ssh 目录,并且将内容导入到~/.ssh/authorized_keys
# mkdir /root/.ssh/
# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyFRgchNdCzAUN7FNWdwDxLtFvW5521mMX4r57DCPADtrclyGcnlljxcqFHAYtyyDGmNA8ASrYxiH+0FPe+6BI2U32yNUorLOfsB1VlgMpEx6Xq9g3VFUMo7HLNNgOsj0hBnKlsrWt9VZhQ9rkW8ncof+M0CabP4mNDp7xuKX/AmGvweNapYusDiK3hEoUF9lEKYFyztk85PqNNDSzRZgqulQSYZYCfdz2KO+GJnlDoTfOGB1ShVbNO1Rjo1LpK8jrnSTTubIJMaPGtA/khagbKHhW/+AhFjcGezs2ZJ8pAUqHmeksoBM0smSsiE8F3tZxO39YqOOoxfWWHrxA7/8Nw== root@localhost.localdomain
# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyFRgchNdCzAUN7FNWdwDxLtFvW5521mMX4r57DCPADtrclyGcnlljxcqFHAYtyyDGmNA8ASrYxiH+0FPe+6BI2U32yNUorLOfsB1VlgMpEx6Xq9g3VFUMo7HLNNgOsj0hBnKlsrWt9VZhQ9rkW8ncof+M0CabP4mNDp7xuKX/AmGvweNapYusDiK3hEoUF9lEKYFyztk85PqNNDSzRZgqulQSYZYCfdz2KO+GJnlDoTfOGB1ShVbNO1Rjo1LpK8jrnSTTubIJMaPGtA/khagbKHhW/+AhFjcGezs2ZJ8pAUqHmeksoBM0smSsiE8F3tZxO39YqOOoxfWWHrxA7/8Nw== root@localhost.localdomain
9.编辑ssh服务启动脚本并赋予执行权限
# cat run.sh
#!/bin/bash
/usr/sbin/sshd -D &
# chmod 755 run.sh
10.保存镜像
# docker commit 75a1929a2637 sshd04
11.运行镜像,设置端口映射
#docker run -d -p 11126:22 sshd04 /usr/sbin/sshd -D
# docker ps
d0dc7862e8c9 sshd04 "/usr/sbin/sshd -D" 16 hours ago Up 16 hours 0.0.0.0:11126->22/tcp furious_morse
# ssh 192.168.30.133 -p 11126
#
# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu 1500
inet 172.17.0.9netmask 255.255.0.0broadcast 0.0.0.0
远程登录成功
附:dockerfile 文件
#this is docker sshdimages
FROM centos
MAINTAINER chenyongtao
RUN yum clean all
RUN yum -y install net-tools*
RUN yum -y install openssh-server
RUN mkdir /var/run/sshd
RUN sed -i 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
RUN rm -rf ssh*key
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
RUN ssh-keygen -t ed25519 -f/etc/ssh/ssh_host_ed25519_key
RUN mkdir /root/.ssh/
COPY ./id_rsa.pub /root/.ssh/id_rsa.pub
COPY ./authorized_keys /root/.ssh/authorized_keys
COPY ./run.sh /root/run.sh
EXPOSE 22
CMD /usr/sbin/sshd -D
{:6_404:}{:6_404:}{:6_404:}{:6_404:}{:6_404:}{:6_404:}{:6_404:}{:6_404:}
页:
[1]