docker_sshd without password

■	docker  - OS
■	OS List
	◎	busybox
	◎	alpine
	◎	debian
	◎	ubuntu
	◎	centos
	◎	fedora
■	SSH service without   password
	◎	ubuntu - 163镜像源
	deb   http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse
	deb   http://mirrors.163.com/ubuntu/ bionic-security main restricted universe   multiverse
	deb   http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe   multiverse
	deb   http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe   multiverse
	deb   http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe   multiverse
	deb-src   http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse
	deb-src   http://mirrors.163.com/ubuntu/ bionic-security main restricted universe   multiverse
	deb-src   http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe   multiverse
	deb-src   http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe   multiverse
	deb-src   http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe   multiverse
	◎	ubuntu - 清华镜像源
	deb   https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe   multiverse
	deb-src   https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe   multiverse
	deb   https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted   universe multiverse
	deb-src   https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted   universe multiverse
	deb   https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted   universe multiverse
	deb-src   https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted   universe multiverse
	deb   https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted   universe multiverse
	deb-src   https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted   universe multiverse
	deb   https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted   universe multiverse
	deb-src   https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted   universe multiverse
	◎	设置使用163镜像源
	user01@ubuntu03:~/.ssh$ docker container run -it ubuntu:latest /bin/bash
	# 去除国外镜像源
		root@d44b543083c9:/# cd /etc/apt
		root@d44b543083c9:/etc/apt#   ls
		apt.conf.d  preferences.d  sources.list   sources.list.d   trusted.gpg.d
		root@d44b543083c9:/etc/apt#   mv sources.list sources.list.bak
		root@d44b543083c9:/etc/apt#   ls
		apt.conf.d  preferences.d  sources.list.bak   sources.list.d  trusted.gpg.d
		root@d44b543083c9:/etc/apt#   apt-get update
		Reading package lists...   Done
	# 添加163镜像源
		root@d44b543083c9:/etc/apt#   cd sources.list.d/
		root@d44b543083c9:/etc/apt/sources.list.d#   touch 163.list
		root@d44b543083c9:/etc/apt/sources.list.d#   echo 'deb http://mirrors.163.com/ubuntu/ bionic main   restricted universe multiverse
		> deb   http://mirrors.163.com/ubuntu/ bionic-security main restricted universe   multiverse
		> deb   http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe   multiverse
		> deb   http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe   multiverse
		> deb   http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe   multiverse
		> deb-src   http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse
		> deb-src   http://mirrors.163.com/ubuntu/ bionic-security main restricted universe   multiverse
		> deb-src   http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe   multiverse
		> deb-src   http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe   multiverse
		> deb-src   http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe   multiverse' > 163.list
		root@d44b543083c9:/etc/apt/sources.list.d#   apt-get update
		Get:1   http://mirrors.163.com/ubuntu bionic InRelease [242 kB]
		Get:2   http://mirrors.163.com/ubuntu bionic-security InRelease [88.7 kB]
		Get:3   http://mirrors.163.com/ubuntu bionic-updates InRelease [88.7 kB]
		.................................................
		Get:35   http://mirrors.163.com/ubuntu bionic-proposed/multiverse amd64 Packages [522   B]
		Get:36   http://mirrors.163.com/ubuntu bionic-backports/universe Sources [2070 B]
		Get:37   http://mirrors.163.com/ubuntu bionic-backports/universe amd64 Packages [3650   B]
		Fetched 29.7 MB in 7s   (4395 kB/s)
		Reading package lists...   Done
	# 安装openssh、net-tools、vim
	root@5faeaf3a1a29:/# apt-get install -y {openssh-server,vim,net-tools}
	Reading package lists...   Done
	Building dependency tree
	Reading state   information... Done
	The following additional   packages will be installed:
	ca-certificates dbus dmsetup file   gir1.2-glib-2.0 krb5-locales libapparmor1 libargon2-0 libbsd0 libcap2   libcryptsetup12
	................................................
	Processing triggers for   libc-bin (2.27-3ubuntu1) ...
	Processing triggers for   ca-certificates (20180409) ...
	Updating certificates in   /etc/ssl/certs...
	0 added, 0 removed; done.
	Running hooks in   /etc/ca-certificates/update.d...
	done.
	Processing triggers for   systemd (237-3ubuntu10.15) ...
	root@d44b543083c9:/etc/apt/sources.list.d#   dpkg -l openssh*
	Desired=Unknown/Install/Remove/Purge/Hold
	|   Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
	|/   Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
	||/ Name                     Version           Architecture      Description
	+++-========================-=================-=================-======================================================
	ii  openssh-client           1:7.6p1-4ubuntu0. amd64             secure shell (SSH) client, for   secure access to remote
	ii  openssh-server           1:7.6p1-4ubuntu0. amd64             secure shell (SSH) server, for   secure access from remo
	ii  openssh-sftp-server      1:7.6p1-4ubuntu0. amd64             secure shell (SSH) sftp server   module, for SFTP access
	root@d44b543083c9:/etc/apt/sources.list.d#   /etc/init.d/ssh restart
	* Restarting OpenBSD Secure Shell server   sshd
	root@5faeaf3a1a29:/# mkdir -p /var/run/sshd
	root@5faeaf3a1a29:/# /usr/sbin/sshd -D &
	[1] 4199
	root@5faeaf3a1a29:/# netstat -tunlp
	Active Internet   connections (only servers)
	Proto Recv-Q Send-Q Local   Address           Foreign Address         State       PID/Program name
	tcp        0        0 0.0.0.0: 22               0.0.0.0:*               LISTEN      4199/sshd
	tcp6       0        0 ::: 22                    :::*                    LISTEN      4199/sshd
	■   修改SSH服务的安全登录配置，取消pam登陆限制
	root@5faeaf3a1a29:/# sed -ri 's/session required pam_loginuid.so/#session required   pam_loginuid.so/g' /etc/pam.d/sshd
	■ 进入宿主机root用户，生成秘钥
	■   在root用户目录下创建.ssh目录，并复制需要登录的公钥信息（一般为本地主机用户目录下的.ssh/id_rsd.pub文件，可由ssh-keygen   -t rsa命令生成）到authorized_keys文件中
	root@ubuntu03:/home/user01/.ssh#   cd							★
	root@ubuntu03:~# ls
	root@ubuntu03:~# ls -a
	.  ..    .bash_history  .bashrc  .nano    .profile  .ssh  .vim    .viminfo
	root@ubuntu03:~# cd .ssh/
	root@ubuntu03:~/.ssh# pwd
	/root/.ssh
	root@ubuntu03:~/.ssh# ssh-keygen -t rsa
	Generating public/private   rsa key pair.
	Enter file in which to   save the key (/root/.ssh/id_rsa):
	Enter passphrase (empty   for no passphrase):
	Enter same passphrase   again:
	Your identification has   been saved in /root/.ssh/id_rsa.
	Your public key has been   saved in /root/.ssh/id_rsa.pub.
	The key fingerprint is:
	SHA256:ogRDOyPSnK7a/X4r8HPKMjAHyn453Hs8sxtrdx56hCs   root@ubuntu03
	The key's randomart image   is:
	+---[RSA 2048]----+
	|  .              |
	| + o             |
	|o X              |
	|.o.=             |
	|..... . S .      |
	|.oo.o. . . .     |
	|o .++o..  o.       |
	|.o *oo+E=o.o.    |
	|. o o*OXOo+.     |
	+----[SHA256]-----+
	root@ubuntu03:~/.ssh# ls
	id_rsa  id_rsa.pub
	root@ubuntu03:~/.ssh# cat id_rsa.pub > authorized_keys
	root@ubuntu03:~/.ssh# ls
	authorized_keys  id_rsa    id_rsa.pub
	root@ubuntu03:~/.ssh# cat   authorized_keys
	ssh-rsa   AAAAB3NzaC1yc2EAAAADAQABAAABAQDPtBiq9uRPdtt5CEYGiyJj51hUnBXCyQCkMDYJZGXH67nX12h7XX1QAVC6PNQmqi7otgF16KdiFyBS5RAMxhprVrOB4YsGzoszE3fYKI25TFK3+R+ug423h9IXGP3mNjR6WRhuhzILgaB+zDloF06OJvL07UtPsHzz8+98NIgKgA5hU7zeNAjxCAzsSJgoMyM1Wnu7VqEBCP+ch7z2hQ8zCi03jJguwfRngS1CmYOgKoVPGZhnmbzImi7KacSOeP8w6T0DR1mKDFOKGdvJvTKYE1cPoKqTLBVzUlX4KRufY3a2YGT/HYqfkejK4kTGwI1EC991OS/Wn+j4D9NWQgFp   root@ubuntu03
	■ 进入容器
	user01@ubuntu03:/$ docker container exec -it 5fa /bin/bash
	■   将宿主机生成的秘钥拷贝至容器内root用户下的authorized_keys文件中
	root@5faeaf3a1a29:~/.ssh#   pwd
	/root/.ssh
	root@5faeaf3a1a29:~/.ssh#   vi authorized_keys
	root@5faeaf3a1a29:~/.ssh#   cat authorized_keys
	ssh-rsa   AAAAB3NzaC1yc2EAAAADAQABAAABAQDPtBiq9uRPdtt5CEYGiyJj51hUnBXCyQCkMDYJZGXH67nX12h7XX1QAVC6PNQmqi7otgF16KdiFyBS5RAMxhprVrOB4YsGzoszE3fYKI25TFK3+R+ug423h9IXGP3mNjR6WRhuhzILgaB+zDloF06OJvL07UtPsHzz8+98NIgKgA5hU7zeNAjxCAzsSJgoMyM1Wnu7VqEBCP+ch7z2hQ8zCi03jJguwfRngS1CmYOgKoVPGZhnmbzImi7KacSOeP8w6T0DR1mKDFOKGdvJvTKYE1cPoKqTLBVzUlX4KRufY3a2YGT/HYqfkejK4kTGwI1EC991OS/Wn+j4D9NWQgFp   root@ubuntu03
	root@5faeaf3a1a29:/# vi /run.sh
	root@5faeaf3a1a29:/# cat /run.sh
	#!/bin/bash
	/usr/sbin/sshd -D
	root@5faeaf3a1a29:/# chmod +x run.sh
	root@5faeaf3a1a29:/# exit
	exit
	user01@ubuntu03:/$ docker container ps
	CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
	5faeaf3a1a29        ubuntu:latest       "/bin/bash"         About an hour ago   Up About an hour                        brave_mendel
	user01@ubuntu03:/$ docker container commit 5fa sshd:ubuntu
	sha256:fa04a332239e6a9758386b46ae3db7122d2510df1a40c7ca5cf09c26b5018471
	user01@ubuntu03:/$ docker container run -it -d -p 10022:22 sshd:ubuntu /run.sh
	4da43dac8ee7f7aa32d245859c65e837b4699e3fbf086ad7f5a07b1a6ceb65e2
	user01@ubuntu03:/$ docker container ps
	CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                   NAMES
	4da43dac8ee7        sshd:ubuntu         "/run.sh"           8 seconds ago       Up 7 seconds        0.0.0.0:10022->22/tcp   clever_fermat
	5faeaf3a1a29        ubuntu:latest       "/bin/bash"         About an hour ago   Up About an hour                            brave_mendel
	root@ubuntu03:/# ssh 192.168.152.135 -p 10022
	The authenticity of host   '[192.168.152.135]:10022 ([192.168.152.135]:10022)' can't be established.
	ECDSA key fingerprint is   SHA256:FQ3oHqh4bJPXCb7RnNGt+eZd6yf2U2LqFQRd95PoUpU.
	Are you sure you want to   continue connecting (yes/no)? yes
	Warning: Permanently   added '[192.168.152.135]:10022' (ECDSA) to the list of known hosts.
	Welcome to Ubuntu 18.04.2   LTS (GNU/Linux 4.4.0-142-generic x86_64)
	* Documentation:  https://help.ubuntu.com
	* Management:     https://landscape.canonical.com
	* Support:        https://ubuntu.com/advantage
	This system has been   minimized by removing packages and content that are
	not required on a system   that users do not log into.
	To restore this content,   you can run the 'unminimize' command.
	The programs included   with the Ubuntu system are free software;
	the exact distribution   terms for each program are described in the
	individual files in   /usr/share/doc/*/copyright.
	Ubuntu comes with   ABSOLUTELY NO WARRANTY, to the extent permitted by
	applicable law.
	root@4da43dac8ee7:~#

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/10551346/viewspace-2641036/，如需转载，请注明出处，否则将追究法律责任。

转载于:http://blog.itpub.net/10551346/viewspace-2641036/