为镜像添加SSH服务
本篇主要介绍基于ubuntu镜像来创建提供ssh服务的镜像,创建的方式
- 基于commit命令
- 使用Dockerfile创建
基于commit命令
Docker提供了docker commit命令,支持用户提交自己对制定容器的修改,并生成新的镜像。命令格式为docker commit CONTAINER[REPOSITORY[:TAG]]
1.首先,获取ubuntu:18.04镜像,并创建一个容器:
[root@localhost docker]# docker pull ubuntu:18.04
[root@localhost docker]# docker run -it ubuntu:18.04
2.检查软件源信息
root@7170e6f40f85:/# apt-get update
3.安装和配置SSH服务
更新软件包缓存后可以安装SSH服务了,选择主流的openssh-server作为服务端。
root@7170e6f40f85:/# apt-get install openssh-server
如果需要正常启动SSH服务,则目录/var/run/sshd必须存在。下面手动创建它,并启动SSH服务:以守护进程方式启动
root@7170e6f40f85:/# mkdir -p /var/run/sshd
root@7170e6f40f85:/# /usr/sbin/sshd -D &
安装netstat,并监控22端口
root@7170e6f40f85:/# apt-get install net-tools
root@7170e6f40f85:/# netstat -lntup|grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3919/sshd
tcp6 0 0 :::22 :::* LISTEN 3919/sshd
修改SSH服务的安全登录配置,取消pam登录限制
root@7170e6f40f85:/# sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
在root用户目录下创建.ssh目录,并复制需要登录的公钥信息(一般为本地主机用户目录下的.ssh/id_rsa.pub文件,可由ssh-keygen -t rsa命令生成)到authorized_keys文件中
root@7170e6f40f85:/# mkdir root/.ssh
root@7170e6f40f85:/# ssh-keygen -t rsa
退出容器,在宿主机中生成密钥,并将密钥内容拷贝到容器内部的authorized_keys文件中。
[root@localhost docker]# ssh-keygen -t rsa
[root@localhost docker]# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0fuxjz9NnyJJIlX0m+1ql60Rb66pvUprESE7YZFYCDmcbzncWuN02InpY6kUxz1GjmVdfOz/hwmrup9zkb1z3iYUOmF5/JXLtKRPdZjDeLX1jEb73q7SU60OdW/aih6FgSDjy5575T/UCv7GZ0c6FS682wPVa8uWvBU3Y/WwjedWDnPXm3QOoJR6n/7RMWcHVfc+u41SckozqA5m7YiqnCNNI29/RV9LNzjCdJLe/FQZxl2oNKRFkQpNZkB2euZ24wuPuPNGRq+WNRrDsYwNpcbBcJBsoj7tuJVElw7oJjoYJOUs+P8/PtCiF4xZo/eWMSxfoguOBHb26lBmkgwe5 root@localhost.localdomain
重新进入容器内部,并将主机密钥添加到容器内部
root@7170e6f40f85:~/.ssh# echo "">authorized_keys
root@7170e6f40f85:~/.ssh# cat authorized_keys
root@7170e6f40f85:~/.ssh# echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0fuxjz9NnyJJIlX0m+1ql60Rb66pvUprESE7YZFYCDmcbzncWuN02InpY6kUxz1GjmVdfOz/hwmrup9zkb1z3iYUOmF5/JXLtKRPdZjDeLX1jEb73q7SU60OdW/aih6FgSDjy5575T/UCv7GZ0c6FS682wPVa8uWvBU3Y/WwjedWDnPXm3QOoJR6n/7RMWcHVfc+u41SckozqA5m7YiqnCNNI29/RV9LNzjCdJLe/FQZxl2oNKRFkQpNZkB2euZ24wuPuPNGRq+WNRrDsYwNpcbBcJBsoj7tuJVElw7oJjoYJOUs+P8/PtCiF4xZo/eWMSxfoguOBHb26lBmkgwe5 root@localhost.localdomain">authorized_keys
创建自动启动SSH服务的可执行文件run.sh,并添加可执行权限:
root@7170e6f40f85:/# echo "#! /bin/bash">/run.sh
root@7170e6f40f85:/# echo "/usr/sbin/sshd -D">>/run.sh
root@7170e6f40f85:/# cat run.sh
#! /bin/bash
/usr/sbin/sshd -D
root@7170e6f40f85:/# chmod +x run.sh
root@7170e6f40f85:/# ll *.sh
-rwxr-xr-x 1 root root 31 Mar 23 06:38 run.sh*
退出容器
root@7170e6f40f85:/# exit
exit
4.保存镜像
使用docker commit命令
[root@localhost docker]# docker commit 7170e6f40f85 sshd:ubuntu
sha256:9160eee5b9cf8f5b4ec5a491d229362d8209682003587893465b98474bababb3
查看镜像
[root@localhost docker]# docker images|grep sshd
sshd ubuntu 9160eee5b9cf 37 seconds ago 215 MB
[root@localhost docker]#
5.使用镜像
启动容器,并添加端口映射10022–>22。其中10022是宿主主机的端口,22是容器的SSH服务监听端口
[root@localhost docker]# docker run -d -p 10022:22 -d sshd:ubuntu /run.sh
57874113591e533ed9c02ca8c8c71e6c361c91bf03f71247ead05e1c0354660e
[root@localhost docker]# docker ps |grep "sshd"
57874113591e sshd:ubuntu "/run.sh" 14 seconds ago Up 13 seconds 0.0.0.0:10022->22/tcp
宿主机连接容器
[root@localhost ~]# ssh 192.168.15.79 -p 10022
Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 3.10.0-1160.21.1.el7.x86_64 x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.
To restore this content, you can run the 'unminimize' command.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
root@6727f8b724cb:~#
使用Dockerfile创建
1.创建工作目录sshd_ubuntu和run.sh,authorized_keys文件
[root@localhost docker]# mkdir sshd_ubuntu
[root@localhost docker]# cd sshd_ubuntu/
[root@localhost sshd_ubuntu]# touch Dockerfile run.sh
[root@localhost sshd_ubuntu]# ls
Dockerfile run.sh
[root@localhost sshd_ubuntu]# vim run.sh
[root@localhost sshd_ubuntu]# cat run.sh
#! /bin/bash
/usr/sbin/sshd -D
[root@localhost sshd_ubuntu]# cp /root/.ssh/id_rsa.pub ./authorized_keys
2.编写Dockerfile文件
[root@localhost sshd_ubuntu]# cat Dockerfile
#设置继承镜像
FROM ubuntu:18.04
#提供作者信息
MAINTAINER docker_user(user@docker.com)
#更新软件源
RUN apt-get update
#安装ssh服务
RUN apt-get install -y openssh-server
RUN mkdir -p /var/run/sshd
RUN mkdir -p /root/.ssh
#取消pam限制
RUN sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
#复制宿主机配置文件到容器内部,并给与可执行权限
ADD authorized_keys /root/.ssh/authorized_keys
ADD run.sh /run.sh
RUN chmod +x /run.sh
#开放端口
EXPOSE 22
#设置自启动命令
CMD ["/run.sh"]
3.在工作目录下执行docker build命令
[root@localhost sshd_ubuntu]# docker build -t sshd:dockerfile .
4.查看镜像
[root@localhost sshd_ubuntu]# docker images|grep "dockerfile"
sshd dockerfile 5687f765e4c7 About a minute ago 215 MB
5.启动容器
[root@localhost sshd_ubuntu]# docker run -d -p 10122:22 sshd:dockerfile
f9c967dd918a742d75e93e9580325f3e0386b5d443de7a15d4b91e25a99c813d
[root@localhost sshd_ubuntu]# docker ps |grep sshd
f9c967dd918a sshd:dockerfile "/run.sh" About a minute ago Up About a minute 0.0.0.0:10122->22/tcp affectionate_roentgen
6.使用ssh连接
[root@localhost sshd_ubuntu]# ssh 192.168.15.79 -p 10122
The authenticity of host '[192.168.15.79]:10122 ([192.168.15.79]:10122)' can't be established.
ECDSA key fingerprint is SHA256:ss//kMFFTymKUYtaVs18d0gfDUT/uz8tEYjWuQpf23w.
ECDSA key fingerprint is MD5:27:e2:57:6a:11:bd:5c:59:09:5d:5b:b1:cd:cf:7a:52.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.15.79]:10122' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 3.10.0-1160.21.1.el7.x86_64 x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.
To restore this content, you can run the 'unminimize' command.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
root@f9c967dd918a:~#