选择主流的openssh-server作为服务端:
root@161f67ccad50:/# apt-get install openssh-server -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
openssh-server is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded. root@161f67ccad50:/#
如果需要正常启动SSH服务,则目录/var/run/sshd必须存在。手动创建并启动SSH服务:
root@161f67ccad50:/# mkdir -p /var/run/sshd
root@161f67ccad50:/# /usr/sbin/sshd -D &
[1] 3020
root@161f67ccad50:/#
此时查看容器的22端口:
root@161f67ccad50:/# netstat -lnutp|grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3020/sshd
tcp6 0 0 :::22 :::* LISTEN 3020/sshd
root@161f67ccad50:/#
在root用户家目录创建.ssh目录,并复制需要登录的公钥信息到.ssh目录下的authorized_keys中:
root@161f67ccad50:/# mkdir /root/.ssh
root@161f67ccad50:/# cd /root/.ssh
root@161f67ccad50:~/.ssh# ls root@161f67ccad50:~/.ssh# vi /root/.ssh/authorized_keys
创建自启动的SSH服务可执行文件run.sh,并添加可执行权限:
root@161f67ccad50:/# cat run.sh
#!/bin/bash
/usr/sbin/sshd -D &
root@161f67ccad50:/# chmod +x run.sh root@161f67ccad50:/#
退出容器:
root@161f67ccad50:/# exit
exit
[root@docker ~]#
3.保存镜像
将退出的容器用docker commit命令保存为一个新的sshd:ubuntu镜像:
[root@docker ~]# docker commit 161f67ccad50 sshd:ubuntu
sha256:f328073a034ae63f93114a92b62141f22a578131ecb663702ac17916bde456a2
[root@docker ~]#
使用docker images查看本地生成的新镜像sshd:ubuntu:
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sshd ubuntu f328073a034a 2 minutes ago 284MB
centos 7 3fa822599e10 3 hours ago 204MB
mariadb latest d29cee62e770 26 hours ago 398MB nginx latest 9e7424e5dbae 7 days ago 108MB ubuntu 16.04 20c44cd7596f 12 days ago 123MB ubuntu latest 20c44cd7596f 12 days ago 123MB ubuntu 14.04 d6ed29ffda6b 12 days ago 221MB busybox latest 6ad733544a63 3 weeks ago 1.13MB centos latest d123f4e55e12 3 weeks ago 197MB alpine latest 053cde6e8953 3 weeks ago 3.96MB [root@docker ~]#
4.使用镜像
启动容器,并添加端口映射到容器的22端口:
[root@docker ~]# docker run -it --name sshd_ubuntu -p 10022:22 sshd:ubuntu
root@0f8481ffd0d0:/# netstat -lnutp|grep 22
root@0f8481ffd0d0:/# /usr/sbin/sshd -D & [1] 16 root@0f8481ffd0d0:/# netstat -lnutp|grep 22 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 16/sshd tcp6 0 0 :::22 :::* LISTEN 16/sshd root@0f8481ffd0d0:/#
在宿主机通过ssh连接10022端口:
[root@docker ~]# ssh 10.0.0.31 -p 10022
The authenticity of host '[10.0.0.31]:10022 ([10.0.0.31]:10022)' can't be established. ECDSA key fingerprint is 74:a1:80:00:85:17:d5:ec:57:7a:cb:cb:1e:7d:4a:1f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[10.0.0.31]:10022' (ECDSA) to the list of known hosts. Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-98-generic x86_64) * Documentation: https://help.ubuntu.com/ The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. root@0f8481ffd0d0:~#
2、使用Dockerfile创建
1.创建工作目录
[root@docker ~]# mkdir -p sshd_ubuntu
[root@docker ~]# ls
anaconda-ks.cfg daemon.json docker-pid sshd_ubuntu
[root@docker ~]#
在其中创建Dockerfile和run.sh文件:
[root@docker ~]# cd sshd_ubuntu/ && touch Dockerfile run.sh
[root@docker sshd_ubuntu]# ls
Dockerfile run.sh
[root@docker sshd_ubuntu]#
2.编写run.sh脚本和authorized_keys文件
[root@docker sshd_ubuntu]# vim run.sh
[root@docker sshd_ubuntu]# cat run.sh
#!/bin/bash /usr/sbin/sshd -D & [root@docker sshd_ubuntu]# cat /root/.ssh/id_rsa.pub > ./authorized_keys [root@docker sshd_ubuntu]#
3.编写Dockerfile
[root@docker sshd_ubuntu]# cat Dockerfile
# 基础镜像信息
FROM ubuntu:14.04
# 维护者信息 MAINTAINER staryjie staryjie@163.com # 更新apt缓存、安装ssh服务 RUN apt-get update && apt-get install -y openssh-server RUN mkdir -p /var/run/sshd /root/.ssh RUN sed -ri 's#session required pam_loginuid.so#session required pam_loginuid.so#g' /etc/pam.d/sshd # 配置免密要和自启动脚本 ADD authorized_keys /root/.ssh/authorized_keys ADD run.sh /run.sh RUN chmod 755 /run.sh # 暴露22端口 EXPOSE 22 # 设置脚本自启动 CMD ["/run.sh"] [root@docker sshd_ubuntu]#
4.创建镜像
[root@docker ~]# cd ~/sshd_ubuntu/ && docker build -t sshd:ubuntu2 .
Removing intermediate container e86118d7da77
Successfully built 12abdcc3350f
Successfully tagged sshd:ubuntu2
[root@docker sshd_ubuntu]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE sshd ubuntu2 12abdcc3350f 7 seconds ago 284MB sshd ubuntu f328073a034a About an hour ago 284MB centos 7 3fa822599e10 4 hours ago 204MB mariadb latest d29cee62e770 27 hours ago 398MB nginx latest 9e7424e5dbae 7 days ago 108MB ubuntu 16.04 20c44cd7596f 12 days ago 123MB ubuntu latest 20c44cd7596f 12 days ago 123MB ubuntu 14.04 d6ed29ffda6b 12 days ago 221MB busybox latest 6ad733544a63 3 weeks ago 1.13MB centos latest d123f4e55e12 3 weeks ago 197MB alpine latest 053cde6e8953 3 weeks ago 3.96MB [root@docker sshd_ubuntu]#
5.测试镜像,运行容器
[root@docker sshd_ubuntu]# docker run -it --name ssh_test -p 10122:22 sshd:ubuntu2 bash
root@c03d5c93ec84:/# netstat -lnutp|grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 17/sshd
tcp6 0 0 :::22 :::* LISTEN 17/sshd root@c03d5c93ec84:/#
宿主机ssh连接:
[root@docker ~]# ssh 10.0.0.31 -p 10122
The authenticity of host '[10.0.0.31]:10122 ([10.0.0.31]:10122)' can't be established. ECDSA key fingerprint is 13:3a:46:78:aa:b0:ac:9b:75:1f:ba:99:82:c6:8b:76. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[10.0.0.31]:10122' (ECDSA) to the list of known hosts. Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-98-generic x86_64) * Documentation: https://help.ubuntu.com/ The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. root@c03d5c93ec84:~#
305
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
