Docker入门-为镜像添加SSH服务

最新推荐文章于 2022-05-18 16:55:37 发布

春刀c

最新推荐文章于 2022-05-18 16:55:37 发布

阅读量396

点赞数 1

分类专栏： Java 文章标签： docker

本文链接：https://blog.csdn.net/weixin_43169156/article/details/115127894

版权

Java 专栏收录该内容

28 篇文章 2 订阅

订阅专栏

为镜像添加SSH服务

本篇主要介绍基于ubuntu镜像来创建提供ssh服务的镜像，创建的方式

基于commit命令
使用Dockerfile创建

基于commit命令

Docker提供了docker commit命令，支持用户提交自己对制定容器的修改，并生成新的镜像。命令格式为docker commit CONTAINER[REPOSITORY[:TAG]]

1.首先，获取ubuntu:18.04镜像，并创建一个容器：

[root@localhost docker]# docker pull ubuntu:18.04
[root@localhost docker]# docker run -it ubuntu:18.04

2.检查软件源信息

root@7170e6f40f85:/# apt-get update

3.安装和配置SSH服务

更新软件包缓存后可以安装SSH服务了，选择主流的openssh-server作为服务端。

root@7170e6f40f85:/# apt-get install openssh-server

如果需要正常启动SSH服务，则目录/var/run/sshd必须存在。下面手动创建它，并启动SSH服务：以守护进程方式启动

root@7170e6f40f85:/# mkdir -p /var/run/sshd
root@7170e6f40f85:/# /usr/sbin/sshd -D &

安装netstat，并监控22端口

root@7170e6f40f85:/# apt-get install net-tools
root@7170e6f40f85:/# netstat -lntup|grep 22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      3919/sshd           
tcp6       0      0 :::22                   :::*                    LISTEN      3919/sshd

修改SSH服务的安全登录配置，取消pam登录限制

root@7170e6f40f85:/# sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd

在root用户目录下创建.ssh目录，并复制需要登录的公钥信息（一般为本地主机用户目录下的.ssh/id_rsa.pub文件，可由ssh-keygen -t rsa命令生成）到authorized_keys文件中

root@7170e6f40f85:/# mkdir root/.ssh
root@7170e6f40f85:/# ssh-keygen -t rsa

退出容器，在宿主机中生成密钥，并将密钥内容拷贝到容器内部的authorized_keys文件中。

[root@localhost docker]# ssh-keygen -t rsa
[root@localhost docker]# cat /root/.ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0fuxjz9NnyJJIlX0m+1ql60Rb66pvUprESE7YZFYCDmcbzncWuN02InpY6kUxz1GjmVdfOz/hwmrup9zkb1z3iYUOmF5/JXLtKRPdZjDeLX1jEb73q7SU60OdW/aih6FgSDjy5575T/UCv7GZ0c6FS682wPVa8uWvBU3Y/WwjedWDnPXm3QOoJR6n/7RMWcHVfc+u41SckozqA5m7YiqnCNNI29/RV9LNzjCdJLe/FQZxl2oNKRFkQpNZkB2euZ24wuPuPNGRq+WNRrDsYwNpcbBcJBsoj7tuJVElw7oJjoYJOUs+P8/PtCiF4xZo/eWMSxfoguOBHb26lBmkgwe5 root@localhost.localdomain

重新进入容器内部，并将主机密钥添加到容器内部

root@7170e6f40f85:~/.ssh# echo "">authorized_keys 
root@7170e6f40f85:~/.ssh# cat authorized_keys 

root@7170e6f40f85:~/.ssh# echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0fuxjz9NnyJJIlX0m+1ql60Rb66pvUprESE7YZFYCDmcbzncWuN02InpY6kUxz1GjmVdfOz/hwmrup9zkb1z3iYUOmF5/JXLtKRPdZjDeLX1jEb73q7SU60OdW/aih6FgSDjy5575T/UCv7GZ0c6FS682wPVa8uWvBU3Y/WwjedWDnPXm3QOoJR6n/7RMWcHVfc+u41SckozqA5m7YiqnCNNI29/RV9LNzjCdJLe/FQZxl2oNKRFkQpNZkB2euZ24wuPuPNGRq+WNRrDsYwNpcbBcJBsoj7tuJVElw7oJjoYJOUs+P8/PtCiF4xZo/eWMSxfoguOBHb26lBmkgwe5 root@localhost.localdomain">authorized_keys

创建自动启动SSH服务的可执行文件run.sh，并添加可执行权限：

root@7170e6f40f85:/# echo "#! /bin/bash">/run.sh
root@7170e6f40f85:/# echo "/usr/sbin/sshd -D">>/run.sh 
root@7170e6f40f85:/# cat run.sh 
#! /bin/bash
/usr/sbin/sshd -D
root@7170e6f40f85:/# chmod +x run.sh 
root@7170e6f40f85:/# ll *.sh
-rwxr-xr-x 1 root root 31 Mar 23 06:38 run.sh*

退出容器

root@7170e6f40f85:/# exit
exit

4.保存镜像

使用docker commit命令

[root@localhost docker]# docker commit 7170e6f40f85 sshd:ubuntu 
sha256:9160eee5b9cf8f5b4ec5a491d229362d8209682003587893465b98474bababb3

查看镜像

[root@localhost docker]# docker images|grep sshd
sshd                                              ubuntu              9160eee5b9cf        37 seconds ago      215 MB
[root@localhost docker]#

5.使用镜像

启动容器，并添加端口映射10022–>22。其中10022是宿主主机的端口，22是容器的SSH服务监听端口

[root@localhost docker]# docker run -d -p 10022:22 -d sshd:ubuntu /run.sh
57874113591e533ed9c02ca8c8c71e6c361c91bf03f71247ead05e1c0354660e
[root@localhost docker]# docker ps |grep "sshd"
57874113591e        sshd:ubuntu                "/run.sh"                14 seconds ago      Up 13 seconds       0.0.0.0:10022->22/tcp

宿主机连接容器

[root@localhost ~]# ssh 192.168.15.79 -p 10022
Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 3.10.0-1160.21.1.el7.x86_64 x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.

To restore this content, you can run the 'unminimize' command.

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

root@6727f8b724cb:~#

使用Dockerfile创建

1.创建工作目录sshd_ubuntu和run.sh，authorized_keys文件

[root@localhost docker]# mkdir sshd_ubuntu
[root@localhost docker]# cd sshd_ubuntu/
[root@localhost sshd_ubuntu]# touch Dockerfile run.sh
[root@localhost sshd_ubuntu]# ls
Dockerfile  run.sh
[root@localhost sshd_ubuntu]# vim run.sh
[root@localhost sshd_ubuntu]# cat run.sh 
#! /bin/bash
/usr/sbin/sshd -D 
[root@localhost sshd_ubuntu]# cp /root/.ssh/id_rsa.pub ./authorized_keys

2.编写Dockerfile文件

[root@localhost sshd_ubuntu]# cat Dockerfile 
#设置继承镜像
FROM ubuntu:18.04

#提供作者信息
MAINTAINER docker_user(user@docker.com)

#更新软件源
RUN apt-get update

#安装ssh服务
RUN apt-get install -y openssh-server
RUN mkdir -p /var/run/sshd
RUN mkdir -p /root/.ssh

#取消pam限制
RUN sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd

#复制宿主机配置文件到容器内部，并给与可执行权限
ADD authorized_keys /root/.ssh/authorized_keys
ADD run.sh /run.sh
RUN chmod +x /run.sh

#开放端口
EXPOSE 22

#设置自启动命令
CMD ["/run.sh"]

3.在工作目录下执行docker build命令

[root@localhost sshd_ubuntu]# docker build -t sshd:dockerfile .

4.查看镜像

[root@localhost sshd_ubuntu]# docker images|grep "dockerfile"
sshd                                              dockerfile          5687f765e4c7        About a minute ago   215 MB

5.启动容器

[root@localhost sshd_ubuntu]# docker run -d -p 10122:22 sshd:dockerfile
f9c967dd918a742d75e93e9580325f3e0386b5d443de7a15d4b91e25a99c813d
[root@localhost sshd_ubuntu]# docker ps |grep sshd
f9c967dd918a        sshd:dockerfile            "/run.sh"                About a minute ago   Up About a minute   0.0.0.0:10122->22/tcp                                                                        affectionate_roentgen

6.使用ssh连接

[root@localhost sshd_ubuntu]# ssh 192.168.15.79 -p 10122
The authenticity of host '[192.168.15.79]:10122 ([192.168.15.79]:10122)' can't be established.
ECDSA key fingerprint is SHA256:ss//kMFFTymKUYtaVs18d0gfDUT/uz8tEYjWuQpf23w.
ECDSA key fingerprint is MD5:27:e2:57:6a:11:bd:5c:59:09:5d:5b:b1:cd:cf:7a:52.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.15.79]:10122' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 3.10.0-1160.21.1.el7.x86_64 x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.

To restore this content, you can run the 'unminimize' command.

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

root@f9c967dd918a:~#