docker 支持ssh远程容器

                                              制作支持ssh的docker镜像

宿主机系统版本： centos 6.7

宿主机内核版本：3.10.5-12.1.x86_64

docker 版本：     Docker version 1.7.1, build 786b29d/1.7.1

创建过程：

1.启动镜像：

        [root@localhost ~]# docker run -it centos /bin/bash

2.安装openssh服务

        [root@75a1929a2637 /]# yum -y install openssh-server

3.创建 /var/run/sshd/目录，要不然sshd服务启动会报错
        [root@75a1929a2637 /]# mkdir /var/run/sshd/
4.启动sshd服务

        [root@75a1929a2637 /]# /usr/sbin/sshd -D &

        WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several problems.    （1）
        Could not load host key: /etc/ssh/ssh_host_rsa_key   （2）
        Could not load host key: /etc/ssh/ssh_host_ecdsa_key
        Could not load host key: /etc/ssh/ssh_host_ed25519_key

启动是会提示以上信息，（1）表示：修改了sshd_conf文件中的UsePAM yes 改成UsePAM no

         [root@75a1929a2637 /]#cat /etc/ssh/sshd_config|grep UsePA

        UsePAM no

        （2）表示：没有主机的公私秘钥，重新生成密钥

        [root@75a1929a2637 /]# rm -rf ssh*key

        [root@75a1929a2637 /]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key

        [root@75a1929a2637 /]# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key

        [root@75a1929a2637 /]# ssh-keygen -t ed25519 -f  /etc/ssh/ssh_host_ed25519_key

如果没有生成密钥在远程连接的时候也会报错。报主机密钥不匹配错误：Read from socket failed: Connection reset by peer

        秘钥文件是根据sshd_conf 配置文件相对应的，可以先查看配置文件在设置相同的密钥

        #HostKey /etc/ssh/ssh_host_key
        # HostKeys for protocol version 2
        HostKey /etc/ssh/ssh_host_rsa_key
        #HostKey /etc/ssh/ssh_host_dsa_key
        HostKey /etc/ssh/ssh_host_ecdsa_key
        HostKey /etc/ssh/ssh_host_ed25519_key
5.取消pam登录限制，注释掉#session    required     pam_loginuid.so，原先没有注释掉

        [root@75a1929a2637 /]#cat /etc/pam.d/sshd

        #session    required     pam_loginuid.so

6.验证端口是否开启

        [root@75a1929a2637 /]# ps -ef |grep sshd
        root        18     1  0 01:43 ?        00:00:00 /usr/sbin/sshd -D
        root        30     1  0 01:59 ?        00:00:00 grep --color=auto sshd

7.通过宿主机端口扫描查看sshd端口状态

        [root@localhost ~]# nmap 172.17.0.10 -p 22

        PORT   STATE SERVICE
        22/tcp open  ssh

8.宿主机生成公钥并且导入到容器中

        [root@localhost ~]# ssh-keygen  -t rsa

        会在/root/.ssh/会生成密钥文件和私钥文件 id_rsa,id_rsa.pub或id_dsa,id_dsa.pub

        将 .pub 文件复制到容器的 .ssh 目录，并且将内容导入到~/.ssh/authorized_keys

        [root@localhost .ssh]# mkdir /root/.ssh/

        [root@localhost .ssh]# cat authorized_keys
ssh-rsa                           AAAAB3NzaC1yc2EAAAABIwAAAQEAyFRgchNdCzAUN7FNWdwDxLtFvW5521mMX4r57DCPADtrclyGcnlljxcqFHAYtyyDGmNA8ASrYxiH+0FPe+6BI2U32yNUorLOfsB1VlgMpEx6Xq9g3VFUMo7HLNNgOsj0hBnKlsrWt9VZhQ9rkW8ncof+M0CabP4mNDp7xuKX/AmGvweNapYusDiK3hEoUF9lEKYFyztk85PqNNDSzRZgqulQSYZYCfdz2KO+GJnlDoTfOGB1ShVbNO1Rjo1LpK8jrnSTTubIJMaPGtA/khagbKHhW/+AhFjcGezs2ZJ8pAUqHmeksoBM0smSsiE8F3tZxO39YqOOoxfWWHrxA7/8Nw== root@localhost.localdomain

        [root@75a1929a2637 /]# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyFRgchNdCzAUN7FNWdwDxLtFvW5521mMX4r57DCPADtrclyGcnlljxcqFHAYtyyDGmNA8ASrYxiH+0FPe+6BI2U32yNUorLOfsB1VlgMpEx6Xq9g3VFUMo7HLNNgOsj0hBnKlsrWt9VZhQ9rkW8ncof+M0CabP4mNDp7xuKX/AmGvweNapYusDiK3hEoUF9lEKYFyztk85PqNNDSzRZgqulQSYZYCfdz2KO+GJnlDoTfOGB1ShVbNO1Rjo1LpK8jrnSTTubIJMaPGtA/khagbKHhW/+AhFjcGezs2ZJ8pAUqHmeksoBM0smSsiE8F3tZxO39YqOOoxfWWHrxA7/8Nw== root@localhost.localdomain

9.编辑ssh服务启动脚本并赋予执行权限

        [root@localhost ~]# cat run.sh
        #!/bin/bash
         /usr/sbin/sshd -D &
         [root@localhost ~]# chmod 755 run.sh

10.保存镜像

        [root@localhost ~]# docker commit 75a1929a2637 sshd04

11.运行镜像，设置端口映射

        [root@localhost ~]#docker run -d -p 11126:22 sshd04 /usr/sbin/sshd -D

        [root@localhost ~]# docker ps

        d0dc7862e8c9        sshd04              "/usr/sbin/sshd -D"   16 hours ago        Up 16 hours         0.0.0.0:11126->22/tcp   furious_morse

        [root@localhost ~]# ssh 192.168.30.133 -p 11126
        [root@d0dc7862e8c9 ~]#

        [root@d0dc7862e8c9 ~]# ifconfig
        eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.9  netmask 255.255.0.0  broadcast 0.0.0.0
远程登录成功

        附：dockerfile 文件

        #this is docker sshdp_w_picpaths
        FROM centos
        MAINTAINER chenyongtao
        RUN yum clean all
        RUN yum -y install net-tools*
        RUN yum -y install openssh-server
        RUN mkdir /var/run/sshd
        RUN sed -i 's/session    required     pam_loginuid.so/#session    required             pam_loginuid.so/g' /etc/pam.d/sshd
        RUN rm -rf ssh*key
        RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
        RUN ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
        RUN ssh-keygen -t ed25519 -f  /etc/ssh/ssh_host_ed25519_key
        RUN mkdir /root/.ssh/
        COPY ./id_rsa.pub /root/.ssh/id_rsa.pub
        COPY ./authorized_keys /root/.ssh/authorized_keys
        COPY ./run.sh /root/run.sh
        EXPOSE 22
        CMD /usr/sbin/sshd -D

        

        

        

        

       

转载于:https://blog.51cto.com/9052689/1854349