第一步:pull一个ubuntu:14:04镜像
[root@localhost ~]# docker pull ubuntu:14.04
14.04: Pulling from library/ubuntu
01a4f8387457: Pull complete
c887940e680c: Pull complete
5432573ac160: Pull complete
027ee9a9665e: Pull complete
5611db80430d: Pull complete
Digest: sha256:3ed36e21dd87806fa6d92f91ae1a172d6b4f76b3471eef09dd847c6110a180b6
Status: Downloaded newer image for ubuntu:14.04
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu 14.04 d6ed29ffda6b 4 days ago 221MB
tomcat latest 11df4b40749f 7 days ago 557MB
adminer <none> faa9618a39a6 2 weeks ago 58.8MB
mysql latest 5709795eeffa 2 weeks ago 408MB
hello-world latest 725dcfab7d63 2 weeks ago 1.84kB
clearlinux latest 32685d114002 2 weeks ago 62.5MB
alpine latest 053cde6e8953 2 weeks ago 3.96MB
第二步:创建一个容器并进入容器
[root@localhost ~]# docker run -ti ubuntu:14.04 /bin/bash
root@e8dccc52cb96:/#
第三步:apt-get update更新软件源信息
root@e8dccc52cb96:/# apt-get update
Get:1 http://security.ubuntu.com trusty-security InRelease [65.9 kB]
Ign http://archive.ubuntu.com trusty InRelease
Get:2 http://archive.ubuntu.com trusty-updates InRelease [65.9 kB]
Get:3 http://security.ubuntu.com trusty-security/universe Sources [79.5 kB]
Get:4 http://archive.ubuntu.com trusty-backports InRelease [65.9 kB]
Get:5 http://archive.ubuntu.com trusty Release.gpg [933 B]
Get:6 http://security.ubuntu.com trusty-security/main amd64 Packages [857 kB]
Get:7 http://archive.ubuntu.com trusty-updates/universe Sources [244 kB]
Get:8 http://security.ubuntu.com trusty-security/restricted amd64 Packages [18.0 kB]
Get:9 http://archive.ubuntu.com trusty-updates/main amd64 Packages [1291 kB]
Get:10 http://security.ubuntu.com trusty-security/universe amd64 Packages [248 kB]
Get:11 http://security.ubuntu.com trusty-security/multiverse amd64 Packages [4716 B]
Get:12 http://archive.ubuntu.com trusty-updates/restricted amd64 Packages [21.4 kB]
Get:13 http://archive.ubuntu.com trusty-updates/universe amd64 Packages [560 kB]
Get:14 http://archive.ubuntu.com trusty-updates/multiverse amd64 Packages [16.3 kB]
Get:15 http://archive.ubuntu.com trusty-backports/main amd64 Packages [14.7 kB]
Get:16 http://archive.ubuntu.com trusty-backports/restricted amd64 Packages [40 B]
Get:17 http://archive.ubuntu.com trusty-backports/universe amd64 Packages [52.5 kB]
Get:18 http://archive.ubuntu.com trusty-backports/multiverse amd64 Packages [1392 B]
Get:19 http://archive.ubuntu.com trusty Release [58.5 kB]
Get:20 http://archive.ubuntu.com trusty/universe Sources [7926 kB]
Get:21 http://archive.ubuntu.com trusty/main amd64 Packages [1743 kB]
Get:22 http://archive.ubuntu.com trusty/restricted amd64 Packages [16.0 kB]
Get:23 http://archive.ubuntu.com trusty/universe amd64 Packages [7589 kB]
Get:24 http://archive.ubuntu.com trusty/multiverse amd64 Packages [169 kB]
Fetched 21.1 MB in 17s (1206 kB/s)
Reading package lists... Done
第四步:安装ssh服务openssh-server
root@e8dccc52cb96:/# apt-get install openssh-server
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
ca-certificates krb5-locales libck-connector0 libedit2 libgssapi-krb5-2
libidn11 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0
libpython-stdlib libpython2.7-minimal libpython2.7-stdlib libwrap0 libx11-6
libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 ncurses-term
openssh-client openssh-sftp-server openssl python python-chardet
python-minimal python-requests python-six python-urllib3 python2.7
python2.7-minimal ssh-import-id tcpd wget xauth
Suggested packages:
krb5-doc krb5-user ssh-askpass libpam-ssh keychain monkeysphere rssh
molly-guard ufw python-doc python-tk python2.7-doc binutils binfmt-support
The following NEW packages will be installed:
ca-certificates krb5-locales libck-connector0 libedit2 libgssapi-krb5-2
libidn11 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0
libpython-stdlib libpython2.7-minimal libpython2.7-stdlib libwrap0 libx11-6
libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 ncurses-term
openssh-client openssh-server openssh-sftp-server openssl python
python-chardet python-minimal python-requests python-six python-urllib3
python2.7 python2.7-minimal ssh-import-id tcpd wget xauth
0 upgraded, 38 newly installed, 0 to remove and 2 not upgraded.
Need to get 7592 kB of archives.
After this operation, 35.3 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
第五步:手动创建/var/run/sshd目录,并启动sshd服务
root@e8dccc52cb96:/# mkdir -p /var/run/sshd
root@e8dccc52cb96:/# /usr/sbin/sshd -D &
[1] 3015
root@e8dccc52cb96:/# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3015/sshd
tcp6 0 0 :::22 :::* LISTEN 3015/sshd
第六步:在宿主机下生成公钥信息,公钥信息保存到文件/root/.ssh/id_rsa.pub中,使用ssh-keygen工具都默认下一步。
[root@localhost .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
28:e6:c8:54:25:d7:f1:4f:41:84:a0:39:0c:a2:b7:66 root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
| . o o.oo ++ |
| . . * o... . |
|. . . = . . |
| . o o o |
| E o . S . |
| = + . |
| o . |
| |
| |
+-----------------+
第七步:查看公钥信息
[root@localhost .ssh]# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBXLx/qrI3hUtYSssRSSrIMLMQpNwlzA99cT2vB+GgcgyJT0pQZydSvXZwve2bYA95xHDJJRxM3fZK5W86nVUtYVU34GG28dRePvbN40EFFeCbrrAbgM+XhbfoWDwLJhQy9bz9CZ2LcODOPZnqK6H77y7xDuy38/9iNln+AErgQ4fAFRMRBacetpKGokkWDjaKQvW8a7f940yUqr2jGiC9l0KVVd/VPw5i5U7HVOnZ0ZwlPEuXUj7zxAOW6aXLeMJ6IrFS4Zg0WUm0CpH6Krq8V+JZsIjqaxk4UF4ymp7TTVbyB+TG9/uSUMyRnga3p5HdYA4TBLXAlq6KM+Gg6GUx root@localhost.localdomain
第八步:将以上公钥信息保存到容器的/root/.ssh/authorized_keys中
root@e8dccc52cb96:~/.ssh# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBXLx/qrI3hUtYSssRSSrIMLMQpNwlzA99cT2vB+GgcgyJT0pQZydSvXZwve2bYA95xHDJJRxM3fZK5W86nVUtYVU34GG28dRePvbN40EFFeCbrrAbgM+XhbfoWDwLJhQy9bz9CZ2LcODOPZnqK6H77y7xDuy38/9iNln+AErgQ4fAFRMRBacetpKGokkWDjaKQvW8a7f940yUqr2jGiC9l0KVVd/VPw5i5U7HVOnZ0ZwlPEuXUj7zxAOW6aXLeMJ6IrFS4Zg0WUm0CpH6Krq8V+JZsIjqaxk4UF4ymp7TTVbyB+TG9/uSUMyRnga3p5HdYA4TBLXAlq6KM+Gg6GUx root@localhost.localdomain
第九步:修改SSH服务安全登录配置,取消pam限制
sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
第十步:创建自启动SSH服务的可执行文件run.sh,并添加可执行权限
root@e8dccc52cb96:~/.ssh# vi /run.sh
root@e8dccc52cb96:~/.ssh# cat /run.sh
#!/bin/bash
/usr/sbin/sshd -D
root@e8dccc52cb96:~/.ssh# chmod +x /run.sh
root@e8dccc52cb96:~/.ssh# exit
第十一步:保存镜像
[root@localhost ~]# docker commit e8d sshd:ubuntu
sha256:ac3169fe4fcf6a0cfbd2a6a50fd11ef12d3c584122d0657a4acbf3695fc26521
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sshd ubuntu ac3169fe4fcf 7 seconds ago 284MB
ubuntu 14.04 d6ed29ffda6b 4 days ago 221MB
tomcat latest 11df4b40749f 7 days ago 557MB
adminer <none> faa9618a39a6 2 weeks ago 58.8MB
mysql latest 5709795eeffa 2 weeks ago 408MB
hello-world latest 725dcfab7d63 2 weeks ago 1.84kB
clearlinux latest 32685d114002 2 weeks ago 62.5MB
alpine latest 053cde6e8953 2 weeks ago 3.96MB
第十二步:验证创建的镜像是否成功
[root@localhost ~]# sudo docker run -p 100:22 -d sshd:ubuntu /run.sh
a878a77a2de3bb12edb2cd8c8121a43221a411b255e4dd7cb530d217684ad26a
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a878a77a2de3 sshd:ubuntu "/run.sh" 16 seconds ago Up 12 seconds 0.0.0.0:100->22/tcp hardcore_boyd
3dcb19a519fe adminer:latest "entrypoint.sh doc..." About an hour ago Up About an hour 8080/tcp mysql_adminer.1.2pz52p76jiykg8yqgjr6psgtp
a334bfbd2f37 mysql:latest "docker-entrypoint..." About an hour ago Up About an hour 3306/tcp mysql_db.1.diaxlly44nq1347uia3gnwo1q
[root@localhost ~]# ssh 192.168.0.107 -p 100
The authenticity of host '[192.168.0.107]:100 ([192.168.0.107]:100)' can't be established.
ECDSA key fingerprint is 08:b9:ed:00:c1:4b:44:42:04:08:15:6b:cd:1f:d4:89.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '[192.168.0.107]:100' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-98-generic x86_64)
* Documentation: https://help.ubuntu.com/
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
root@a878a77a2de3:~#