■ | docker - OS | | | | | | | |
| | | | | | | | |
■ | OS List | | | | | | | |
| | | | | | | | |
| ◎ | busybox | | | | | | |
| ◎ | alpine | | | | | | |
| ◎ | debian | | | | | | |
| ◎ | ubuntu | | | | | | |
| ◎ | centos | | | | | | |
| ◎ | fedora | | | | | | |
| | | | | | | | |
■ | SSH service without password | | | | | |||
| | | | | | | | |
| ◎ | ubuntu - 163镜像源 | | | | | ||
| deb http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse | |||||||
| deb http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse | |||||||
| deb http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse | |||||||
| deb http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse | |||||||
| deb http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse | |||||||
| deb-src http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse | |||||||
| deb-src http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse | |||||||
| deb-src http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse | |||||||
| deb-src http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse | |||||||
| deb-src http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse | |||||||
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| ◎ | ubuntu - 清华镜像源 | | | | | ||
| deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse | |||||||
| deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse | |||||||
| deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse | |||||||
| deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse | |||||||
| deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse | |||||||
| deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse | |||||||
| deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse | |||||||
| deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse | |||||||
| deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse | |||||||
| deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse | |||||||
| | | | | | | | |
| ◎ | 设置使用163镜像源 | | | | | ||
| user01@ubuntu03:~/.ssh$ docker container run -it ubuntu:latest /bin/bash | |||||||
| | | | | | | | |
| # 去除国外镜像源 | | | | | | ||
| | | | | | | | |
| | root@d44b543083c9:/# cd /etc/apt | | | ||||
| | root@d44b543083c9:/etc/apt# ls | | | | |||
| | apt.conf.d preferences.d sources.list sources.list.d trusted.gpg.d | ||||||
| | root@d44b543083c9:/etc/apt# mv sources.list sources.list.bak | ||||||
| | root@d44b543083c9:/etc/apt# ls | | | | |||
| | apt.conf.d preferences.d sources.list.bak sources.list.d trusted.gpg.d | ||||||
| | root@d44b543083c9:/etc/apt# apt-get update | | |||||
| | Reading package lists... Done | | | | |||
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| # 添加163镜像源 | | | | | | | |
| | | | | | | | |
| | root@d44b543083c9:/etc/apt# cd sources.list.d/ | | |||||
| | root@d44b543083c9:/etc/apt/sources.list.d# touch 163.list | ||||||
| | root@d44b543083c9:/etc/apt/sources.list.d# echo 'deb http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse | ||||||
| | > deb http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse | ||||||
| | > deb http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse | ||||||
| | > deb http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse | ||||||
| | > deb http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse | ||||||
| | > deb-src http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse | ||||||
| | > deb-src http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse | ||||||
| | > deb-src http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse | ||||||
| | > deb-src http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse | ||||||
| | > deb-src http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse' > 163.list | ||||||
| | | | | | | | |
| | | | | | | | |
| | root@d44b543083c9:/etc/apt/sources.list.d# apt-get update | ||||||
| | Get:1 http://mirrors.163.com/ubuntu bionic InRelease [242 kB] | ||||||
| | Get:2 http://mirrors.163.com/ubuntu bionic-security InRelease [88.7 kB] | ||||||
| | Get:3 http://mirrors.163.com/ubuntu bionic-updates InRelease [88.7 kB] | ||||||
| | ................................................. | ||||||
| | Get:35 http://mirrors.163.com/ubuntu bionic-proposed/multiverse amd64 Packages [522 B] | ||||||
| | Get:36 http://mirrors.163.com/ubuntu bionic-backports/universe Sources [2070 B] | ||||||
| | Get:37 http://mirrors.163.com/ubuntu bionic-backports/universe amd64 Packages [3650 B] | ||||||
| | Fetched 29.7 MB in 7s (4395 kB/s) | | | ||||
| | Reading package lists... Done | | | | |||
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| # 安装openssh、net-tools、vim | | | | | |||
| | | | | | | | |
| root@5faeaf3a1a29:/# apt-get install -y {openssh-server,vim,net-tools} | |||||||
| Reading package lists... Done | | | | | |||
| Building dependency tree | | | | | |||
| Reading state information... Done | | | | ||||
| The following additional packages will be installed: | | ||||||
| ca-certificates dbus dmsetup file gir1.2-glib-2.0 krb5-locales libapparmor1 libargon2-0 libbsd0 libcap2 libcryptsetup12 | |||||||
| ................................................ | | ||||||
| Processing triggers for libc-bin (2.27-3ubuntu1) ... | | ||||||
| Processing triggers for ca-certificates (20180409) ... | | ||||||
| Updating certificates in /etc/ssl/certs... | | | |||||
| 0 added, 0 removed; done. | | | | | |||
| Running hooks in /etc/ca-certificates/update.d... | | ||||||
| done. | | | | | | | |
| Processing triggers for systemd (237-3ubuntu10.15) ... | | ||||||
| | | | | | | | |
| root@d44b543083c9:/etc/apt/sources.list.d# dpkg -l openssh* | |||||||
| Desired=Unknown/Install/Remove/Purge/Hold | | | |||||
| | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend | |||||||
| |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) | |||||||
| ||/ Name Version Architecture Description | |||||||
| +++-========================-=================-=================-====================================================== | |||||||
| ii openssh-client 1:7.6p1-4ubuntu0. amd64 secure shell (SSH) client, for secure access to remote | |||||||
| ii openssh-server 1:7.6p1-4ubuntu0. amd64 secure shell (SSH) server, for secure access from remo | |||||||
| ii openssh-sftp-server 1:7.6p1-4ubuntu0. amd64 secure shell (SSH) sftp server module, for SFTP access | |||||||
| root@d44b543083c9:/etc/apt/sources.list.d# /etc/init.d/ssh restart | |||||||
| * Restarting OpenBSD Secure Shell server sshd | |||||||
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| root@5faeaf3a1a29:/# mkdir -p /var/run/sshd | | | |||||
| root@5faeaf3a1a29:/# /usr/sbin/sshd -D & | | | |||||
| [1] 4199 | | | | | | | |
| | | | | | | | |
| root@5faeaf3a1a29:/# netstat -tunlp | | | | ||||
| Active Internet connections (only servers) | | | |||||
| Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name | |||||||
| tcp 0 0 0.0.0.0: 22 0.0.0.0:* LISTEN 4199/sshd | |||||||
| tcp6 0 0 ::: 22 :::* LISTEN 4199/sshd | |||||||
| | | | | | | | |
| ■ 修改SSH服务的安全登录配置,取消pam登陆限制 | | | |||||
| | | | | | | | |
| root@5faeaf3a1a29:/# sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd | |||||||
| | | | | | | | |
| ■ 进入宿主机root用户,生成秘钥 | | | | | |||
| ■ 在root用户目录下创建.ssh目录,并复制需要登录的公钥信息(一般为本地主机用户目录下的.ssh/id_rsd.pub文件,可由ssh-keygen -t rsa命令生成)到authorized_keys文件中 | | | |||||
| | | | | | | | |
| root@ubuntu03:/home/user01/.ssh# cd | | | ★ | ||||
| root@ubuntu03:~# ls | | | | | | ||
| root@ubuntu03:~# ls -a | | | | | | ||
| . .. .bash_history .bashrc .nano .profile .ssh .vim .viminfo | |||||||
| root@ubuntu03:~# cd .ssh/ | | | | | |||
| | | | | | | | |
| root@ubuntu03:~/.ssh# pwd | | | | | |||
| /root/.ssh | | | | | | | |
| root@ubuntu03:~/.ssh# ssh-keygen -t rsa | | | | ||||
| Generating public/private rsa key pair. | | | | ||||
| Enter file in which to save the key (/root/.ssh/id_rsa): | |||||||
| Enter passphrase (empty for no passphrase): | | | |||||
| Enter same passphrase again: | | | | | |||
| Your identification has been saved in /root/.ssh/id_rsa. | |||||||
| Your public key has been saved in /root/.ssh/id_rsa.pub. | |||||||
| The key fingerprint is: | | | | | | ||
| SHA256:ogRDOyPSnK7a/X4r8HPKMjAHyn453Hs8sxtrdx56hCs root@ubuntu03 | |||||||
| The key's randomart image is: | | | | | |||
| +---[RSA 2048]----+ | | | | | | ||
| | . | | | | | | | ||
| | + o | | | | | | | ||
| |o X | | | | | | | ||
| |.o.= | | | | | | | ||
| |..... . S . | | | | | | | ||
| |.oo.o. . . . | | | | | | | ||
| |o .++o.. o. | | | | | | | ||
| |.o *oo+E=o.o. | | | | | | | ||
| |. o o*OXOo+. | | | | | | | ||
| +----[SHA256]-----+ | | | | | | ||
| root@ubuntu03:~/.ssh# ls | | | | | |||
| id_rsa id_rsa.pub | | | | | | ||
| | | | | | | | |
| root@ubuntu03:~/.ssh# cat id_rsa.pub > authorized_keys | | ||||||
| | | | | | | | |
| root@ubuntu03:~/.ssh# ls | | | | | |||
| authorized_keys id_rsa id_rsa.pub | | | | ||||
| | | | | | | | |
| root@ubuntu03:~/.ssh# cat authorized_keys | | | |||||
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPtBiq9uRPdtt5CEYGiyJj51hUnBXCyQCkMDYJZGXH67nX12h7XX1QAVC6PNQmqi7otgF16KdiFyBS5RAMxhprVrOB4YsGzoszE3fYKI25TFK3+R+ug423h9IXGP3mNjR6WRhuhzILgaB+zDloF06OJvL07UtPsHzz8+98NIgKgA5hU7zeNAjxCAzsSJgoMyM1Wnu7VqEBCP+ch7z2hQ8zCi03jJguwfRngS1CmYOgKoVPGZhnmbzImi7KacSOeP8w6T0DR1mKDFOKGdvJvTKYE1cPoKqTLBVzUlX4KRufY3a2YGT/HYqfkejK4kTGwI1EC991OS/Wn+j4D9NWQgFp root@ubuntu03 | |||||||
| | | | | | | | |
| ■ 进入容器 | | | | | | | |
| user01@ubuntu03:/$ docker container exec -it 5fa /bin/bash | |||||||
| | | | | | | | |
| | | | | | | | |
| ■ 将宿主机生成的秘钥拷贝至容器内root用户下的authorized_keys文件中 | |||||||
| root@5faeaf3a1a29:~/.ssh# pwd | | | | | |||
| /root/.ssh | | | | | | | |
| root@5faeaf3a1a29:~/.ssh# vi authorized_keys | | | |||||
| | | | | | | | |
| root@5faeaf3a1a29:~/.ssh# cat authorized_keys | | | |||||
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPtBiq9uRPdtt5CEYGiyJj51hUnBXCyQCkMDYJZGXH67nX12h7XX1QAVC6PNQmqi7otgF16KdiFyBS5RAMxhprVrOB4YsGzoszE3fYKI25TFK3+R+ug423h9IXGP3mNjR6WRhuhzILgaB+zDloF06OJvL07UtPsHzz8+98NIgKgA5hU7zeNAjxCAzsSJgoMyM1Wnu7VqEBCP+ch7z2hQ8zCi03jJguwfRngS1CmYOgKoVPGZhnmbzImi7KacSOeP8w6T0DR1mKDFOKGdvJvTKYE1cPoKqTLBVzUlX4KRufY3a2YGT/HYqfkejK4kTGwI1EC991OS/Wn+j4D9NWQgFp root@ubuntu03 | |||||||
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| root@5faeaf3a1a29:/# vi /run.sh | | | | | |||
| | | | | | | | |
| root@5faeaf3a1a29:/# cat /run.sh | | | | ||||
| #!/bin/bash | | | | | | | |
| /usr/sbin/sshd -D | | | | | | ||
| | | | | | | | |
| | | | | | | | |
| root@5faeaf3a1a29:/# chmod +x run.sh | | | | ||||
| | | | | | | | |
| root@5faeaf3a1a29:/# exit | | | | | |||
| exit | | | | | | | |
| | | | | | | | |
| user01@ubuntu03:/$ docker container ps | | | | ||||
| CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES | |||||||
| 5faeaf3a1a29 ubuntu:latest "/bin/bash" About an hour ago Up About an hour brave_mendel | |||||||
| | | | | | | | |
| user01@ubuntu03:/$ docker container commit 5fa sshd:ubuntu | |||||||
| sha256:fa04a332239e6a9758386b46ae3db7122d2510df1a40c7ca5cf09c26b5018471 | |||||||
| | | | | | | | |
| user01@ubuntu03:/$ docker container run -it -d -p 10022:22 sshd:ubuntu /run.sh | |||||||
| 4da43dac8ee7f7aa32d245859c65e837b4699e3fbf086ad7f5a07b1a6ceb65e2 | |||||||
| | | | | | | | |
| user01@ubuntu03:/$ docker container ps | | | | ||||
| CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES | |||||||
| 4da43dac8ee7 sshd:ubuntu "/run.sh" 8 seconds ago Up 7 seconds 0.0.0.0:10022->22/tcp clever_fermat | |||||||
| 5faeaf3a1a29 ubuntu:latest "/bin/bash" About an hour ago Up About an hour brave_mendel | |||||||
| | | | | | | | |
| root@ubuntu03:/# ssh 192.168.152.135 -p 10022 | | | |||||
| The authenticity of host '[192.168.152.135]:10022 ([192.168.152.135]:10022)' can't be established. | |||||||
| ECDSA key fingerprint is SHA256:FQ3oHqh4bJPXCb7RnNGt+eZd6yf2U2LqFQRd95PoUpU. | |||||||
| Are you sure you want to continue connecting (yes/no)? yes | |||||||
| Warning: Permanently added '[192.168.152.135]:10022' (ECDSA) to the list of known hosts. | |||||||
| Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.4.0-142-generic x86_64) | |||||||
| | | | | | | | |
| * Documentation: https://help.ubuntu.com | | | |||||
| * Management: https://landscape.canonical.com | | ||||||
| * Support: https://ubuntu.com/advantage | | | |||||
| This system has been minimized by removing packages and content that are | |||||||
| not required on a system that users do not log into. | | ||||||
| | | | | | | | |
| To restore this content, you can run the 'unminimize' command. | |||||||
| | | | | | | | |
| The programs included with the Ubuntu system are free software; | |||||||
| the exact distribution terms for each program are described in the | |||||||
| individual files in /usr/share/doc/*/copyright. | | | |||||
| | | | | | | | |
| Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by | |||||||
| applicable law. | | | | | | | |
| | | | | | | | |
| root@4da43dac8ee7:~# | | | | | | ||
| | | | | | | | |
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/10551346/viewspace-2641036/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/10551346/viewspace-2641036/