03-03 周五 镜像安装sshd和jupyter以及修改密码

本文档详细记录了在Ubuntu和CentOS的Docker镜像中安装sshd服务和jupyter的过程,包括密码设置、密钥生成以及服务启动。同时,提到了密码加密方法和jupyter密码的argon2加密方式,以及如何通过Dockerfile创建支持ssh服务的容器镜像。
摘要由CSDN通过智能技术生成
03-03 周五 镜像安装sshd和jupyter以及修改密码
时间版本修改人描述
2023年3月3日15:34:49V0.1宋全恒新建文档

简介

 由于在镜像中需要进行jupyter和sshd的安装,并且需要进行密码的修改,因此在该文档中记录了这两个交互方式的工程设计。

在线加密

 在线加密网址可以参考 sha1

sshd

安装

Ubuntu

 参考 [Linux上安装使用SSH(ubuntu&&redhat)](https://www.cnblogs.com/x_wukong/p/4475567.html)

 安装

 sudo apt-get install openssh-server openssh-client

 启动

xjj@xjj-desktop:~$ sudo /etc/init.d/ssh start 
FROM ubuntu:latest

RUN apt update && apt install  openssh-server sudo -y

RUN useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo -u 1000 test 

RUN  echo 'test:test' | chpasswd

RUN service ssh start

EXPOSE 22

CMD ["/usr/sbin/sshd","-D"]

ubuntu:18.04

root@39bfd410e593:~/install# /usr/sbin/sshd               
Missing privilege separation directory: /run/sshd

 ubuntu有该文件

root@39bfd410e593:~/install# service ssh start     
 * Starting OpenBSD Secure Shell server sshd   
/etc/systemd/system/sshd.service

 文件内容为:

[Unit]
Description=OpenBSD Secure Shell server
After=network.target auditd.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run

[Service]
EnvironmentFile=-/etc/default/ssh
ExecStartPre=/usr/sbin/sshd -t
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
ExecReload=/usr/sbin/sshd -t
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartPreventExitStatus=255
Type=notify
RuntimeDirectory=sshd
RuntimeDirectoryMode=0755

[Install]
WantedBy=multi-user.target
Alias=sshd.service

ARG DEBIAN_FRONTEND=noninteractive
FROM ubuntu:18.04
  
ENV DEBIAN_FRONTEND noninteractive

RUN apt-get update && apt-get install -y dialog openssh-server ssh vim

RUN echo "root:123456" | chpasswd  \
&& sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config \
&& sed -i 's/^#\(PermitRootLogin.*\)/\1/' /etc/ssh/sshd_config

RUN /etc/init.d/ssh start

# RUN mkdir /var/run/sshd

EXPOSE 22

COPY ./test/start_ssh.sh /root/start_ssh.sh
RUN chmod +x /root/start_ssh.sh

RUN sed -i '$a\if [ -f /root/start_ssh.sh ]; then ' /root/.bashrc \
&& sed -i '$a\     . /root/start_ssh.sh' /root/.bashrc \
&& sed -i '$a\fi' /root/.bashrc



Centos

Centos Dockerfile参见

yum源清理

目录/var/cache/yum为yum的缓存目录,当前看一共385M

[root@0c8e199606b3 7]# ls
base  extras  timedhosts  timedhosts.txt  updates
[root@0c8e199606b3 7]# du -sh .
385M	.
[root@0c8e199606b3 7]# du -sh ./*
112M	./base
4.8M	./extras
4.0K	./timedhosts
4.0K	./timedhosts.txt
269M	./updates
[root@0c8e199606b3 7]# cd updates/
[root@0c8e199606b3 updates]# ls
07b8602634b5cbac7f8388d06be56f28723393ab172b028ff7ad8d5bd57f2e59-filelists.sqlite.bz2  bc8950506fb13622afd9eb93c811884b6e2e7570afd5fac946f708ac01ae0cff-primary.sqlite.bz2  gen       repomd.xml
33c5109226f2c5e469c8519c6102af5a7fe9fa4064ef8621e296da454197f370-other.sqlite.bz2      cachecookie                                                                          packages
[root@0c8e199606b3 updates]# du -sh ./*
12M	./07b8602634b5cbac7f8388d06be56f28723393ab172b028ff7ad8d5bd57f2e59-filelists.sqlite.bz2
1.4M	./33c5109226f2c5e469c8519c6102af5a7fe9fa4064ef8621e296da454197f370-other.sqlite.bz2
21M	./bc8950506fb13622afd9eb93c811884b6e2e7570afd5fac946f708ac01ae0cff-primary.sqlite.bz2
0	./cachecookie
236M	./gen
4.0K	./packages
8.0K	./repomd.xml
[root@0c8e199606b3 updates]# cd gen/
[root@0c8e199606b3 gen]# ls
filelists_db.sqlite  other_db.sqlite  primary_db.sqlite
[root@0c8e199606b3 gen]# du -sh ./*
108M	./filelists_db.sqlite
16M	./other_db.sqlite
113M	./primary_db.sqlite

 使用yum clean all清理一下:

[root@0c8e199606b3 gen]# yum clean all
Loaded plugins: fastestmirror, ovl
Cleaning repos: base extras updates
Cleaning up list of fastest mirrors
[root@0c8e199606b3 gen]# cd ..
[root@0c8e199606b3 updates]# cd gen/
[root@0c8e199606b3 gen]# ls
[root@0c8e199606b3 gen]# cd ..
[root@0c8e199606b3 updates]# cd ..
[root@0c8e199606b3 7]# cd ..
[root@0c8e199606b3 x86_64]# ls   
7
[root@0c8e199606b3 x86_64]# ls -R
.:
7

./7:
base  extras  timedhosts  updates

./7/base:
gen  packages

./7/base/gen:

./7/base/packages:

./7/extras:
gen  packages

./7/extras/gen:

./7/extras/packages:

./7/updates:
gen  packages

./7/updates/gen:

./7/updates/packages:

 安装

yum install openssh openssh-clients openssh-server -y
[root@3622437dec5d /]# /usr/sbin/sshd
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
sshd: no hostkeys available -- exiting.

  解决 [启动sshd时,报“Could not load host key”错](https://www.cnblogs.com/netonline/p/7410586.html)

[root@aefe8007a17d ~]# ll /etc/ssh/
total 252
-rw-r--r-- 1 root root 242153 Mar 21 22:18 moduli
-rw-r--r-- 1 root root 2208 Mar 21 22:18 ssh_config
-rw------- 1 root root 4361 Mar 21 22:18 sshd_config


  1. 生成rsa_key (-t表示生成的密钥所使用的加密类型;-f项后接要生成的密钥文件名);
[root@aefe8007a17d ~]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
5e:2d:19:51:b1:e3:e0:60:65:53:e4:14:f8:d8:38:af root@aefe8007a17d
The key's randomart image is:
+--[ RSA 2048]----+
| ==Bo |
| o.= . |
| o o=+ |
| . o+*o. |
| S =oo |
| . . .. |
| . . |
| E |
| |
+-----------------+
[root@aefe8007a17d ~]# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key

  1. 生成ecdsa_key;
[root@aefe8007a17d ~]# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key

  1. 生成ed25519_key。
[root@aefe8007a17d ~]# ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key

Centos 8开启sshd服务

ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''  
ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N ''
/usr/sbin/sshd -D & # 此时应该不会报错

 -A 对于不存在主机密钥的每种密钥类型(rsa、dsa、ecdsa ed25519),生成具有默认密钥文件路径、空密码、密钥类型的默认位和默认注释的主机密钥。如果还指定-f,则其参数用作生成的主机密钥文件的默认路径的前缀。系统管理脚本使用它来生成新的主机密钥
ssh-keygen 用法

root@39bfd410e593:/etc/ssh# ssh-keygen -A
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519 
root@39bfd410e593:/etc/ssh# /usr/sbin/sshd 
Missing privilege separation directory: /run/sshd
root@39bfd410e593:/etc/ssh# mkdir /run/sshd
root@39bfd410e593:/etc/ssh# /usr/sbin/sshd 
root@39bfd410e593:/etc/ssh# ps -ef | grep sshd
root      1262     1  0 08:09 pts/0    00:00:00 /usr/sbin/sshd -D
root      1319     1  0 08:21 pts/0    00:00:00 grep --color=auto sshd

 启动

Docker使用Dockerfile创建支持ssh服务自启动的容器镜像

CentOS Linux release 8.4.2105

[root@513371c0d378 install]# ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''  
[root@513371c0d378 install]# ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
[root@513371c0d378 install]# ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N ''
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_ed25519_key.
Your public key has been saved in /etc/ssh/ssh_host_ed25519_key.pub.
The key fingerprint is:
SHA256:UJXr6ry8Zzs4WPLHuyanSgoxTxUGpWefAFVJ6dLeRek root@513371c0d378
The key's randomart image is:
+---[DSA 1024]----+
|    o+=o++.. .   |
|     + oo . o    |
|    . *o   +     |
|     +.+o.. E    |
|  o .  oSo .     |
|   =  . o o      |
|  . . .= +       |
|   . o.o* O      |
|    . .oB%+=     |
+----[SHA256]-----+
[root@513371c0d378 install]# /usr/sbin/sshd 
[root@513371c0d378 install]# /usr/sbin/sshd 
[root@513371c0d378 install]# ps -ef 
UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0  0 07:33 pts/0    00:00:00 bash
root        66     1  0 07:35 ?        00:00:00 /usr/sbin/sshd
root        69     1  0 07:36 pts/0    00:00:00 ps -ef

修改密码

echo 123456 | passwd --stdin user002
echo "user003:123456" | chpasswd

 但是第一种用法在ubuntu的高级版本上已经不再支持了。

 首先执行密码修改:

root@d71bdfe8a2e4:~/.jupyter# echo root:123457|chpasswd 
root@d71bdfe8a2e4:~/.jupyter# /etc/init.d/ssh restart
 * Restarting OpenBSD Secure Shell server sshd       

jupyterlab

安装

环境变量

08-01 周一Pytorch镜像中Jupyter部署.md

FROM ubuntu:20.04
MAINTAINER yxd "413643409@qq.com"
RUN mkdir -p /root/.local/share && mkdir -p /root/.config/autostart \
&& mv /etc/apt/sources.list /etc/apt/sources.list.bk
COPY sources.list /etc/apt/sources.list
COPY kite-autostart.desktop /root/.config/autostart/kite-autostart.desktop
COPY kite /root/.local/share/kite
COPY service.sh /root
RUN apt-get update && apt-get -y install python3 && apt-get -y install pip \
&& pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple \
&& pip install --upgrade pip setuptools && pip install jupyterlab==3.2.6 \
&& pip install jupyterlab-language-pack-zh-CN && pip install 'jupyterlab-kite>=2.0.2' \
&& jupyter lab --generate-config \
&& sed -i "602a c.ServerApp.allow_root = True" /root/.jupyter/jupyter_lab_config.py \
&& sed -i "755a c.ServerApp.ip = '0.0.0.0'" /root/.jupyter/jupyter_lab_config.py \
&& sed -i "971a c.ServerApp.token = ''" /root/.jupyter/jupyter_lab_config.py
ENTRYPOINT /root/service.sh
EXPOSE 8888
root@0a6c83a092c3:~/.jupyter# vim jupyter_server_config.json 
root@0a6c83a092c3:~/.jupyter# ll
total 56
drwx------ 2 root root  4096 Mar 10 07:23 ./
drwx------ 1 root root  4096 Mar 10 07:23 ../
-rw-r--r-- 1 root root 37510 Mar 10 07:17 jupyter_lab_config.py
-rw------- 1 root root   162 Mar 10 07:21 jupyter_server_config.json

{
  "IdentityProvider": {
    "hashed_password": "argon2:$argon2id$v=19$m=10240,t=10,p=8$seLP/azPKPymYf+pSNZJeA$iccHG6K+4zKjbHRYWkfg/9/mmYYsB58XSWrt8letlVc"
  }
}

修改密码

密码设置参考

 貌似jupyterlab使用argon2的加密方式进行加密的。

 通过验证将该密码设置到文件

root@d71bdfe8a2e4:~/.jupyter# cat jupyter_server_config.json 
{
  "ServerApp": {
    "password": "argon2:$argon2id$v=19$m=10240,t=10,p=8$0YkbvHJ6AJT0BJnU7Y+BBA$dK3tt/3V6gMhhW6LCy+XO5IolrIz/CIJ2kUABHd+vkw"
  }
}




root@d71bdfe8a2e4:~/.jupyter# supervisorctl restart jupyter                    
jupyter: stopped
jupyter: started
root@d71bdfe8a2e4:~/.jupyter# cat jupyter_server_config.json 
{
  "ServerApp": {
    "password": "sha1:3868455546ad:deaf84d33c1d2cdf27988e00e20cd219258df764"
  }
}

 这样重启了jupyter之后,使用123456是可以登录进去的。

 这样就变成了加密的密文是否有随机性。

 另外加密sha256可以参考 设置使用 SHA 256 加密的 Jupyter Lab 密码

 但是这个salt和密文会同时变化

 加盐

 至此,jupyter加密的方式就完成了修改。

 并且可以实现重启之后,进行密码的验证。重新进入。

supervisor

安装

supervisor管理sshd和jupyter

问题出现

无法使用ssh验证?

 这是因为ssh 把10.101.14.37:9922当成了主机名,而这不符合我们的想法,通过参数来指定端口即可完成。

评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值