[root@395005f196c3 /]# yum -y install openssh-server openssh-clients passwd iproute net-tools#注释:
openssh-server:我们本机的服务器
openssh-clients:客户端
passwd:为容器设置密码
iproute:安装这个可以查看容器的IP
net-tools:过滤端口号
[root@395005f196c3 /]# passwd root #设置密码
Changing password for user root.
New password: #新密码
BAD PASSWORD: The password fails the dictionary check - it is too simplistic/systematic
Retype new password: #重新输入密码
passwd: all authentication tokens updated successfully.
[root@395005f196c3 /]# cat /usr/lib/systemd/system/sshd.service [Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.service
Wants=sshd-keygen.service
[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D $OPTIONS#启动ssh服务
ExecReload=/bin/kill -HUP $MAINPID#关闭ssh服务
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
[root@395005f196c3 /]# /usr/sbin/sshd -D $OPTIONS #启动ssh服务,使用yum安装的服务否可以使用这个方法来启动服务#执行了启动命令后会发现有以下的错误
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
sshd: no hostkeys available -- exiting.
#解决方法[root@395005f196c3 /]# ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''[root@395005f196c3 /]# ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''[root@395005f196c3 /]# ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_ed25519_key -N ''#注释:
-q: 不显示内容,是否显示在显示屏上
-t:指定密钥的类型
-b:密钥长度
-f:生成密钥文件的存放位置
-N:原始数据替换
[root@395005f196c3 /]# vi /etc/ssh/sshd_config#修改以下内容#解开注释,允许root用户登录
38 PermitRootLogin yes#这是pam模块使用sshd,容器中没有这个模块,所以需要注释
96 # UsePAM no#解开以下注释并修改值为no
109 UsePrivilegeSeparation no
[root@395005f196c3 /]# cat /usr/lib/systemd/system/sshd.service#找到这一行,查看启动服务的命令
ExecStart=/usr/sbin/sshd -D $OPTIONS[root@395005f196c3 /]# /usr/sbin/sshd -D $OPTIONS & #&符号代表的是后台运行[1] 128
[root@395005f196c3 /]# exitexit
使用ssh登录容器实现管理
[root@Docker1 ~]# ssh root@172.17.0.2
The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established.
ECDSA key fingerprint is SHA256:lGmRsDAbE90+JyqAMMPD3iuXyZGVEIvzbfuwIH93TMU.
ECDSA key fingerprint is MD5:48:ae:b2:07:ec:e0:66:97:45:e3:ad:86:dc:f0:34:06.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts.
root@172.17.0.2's password: