制作支持ssh的docker镜像
宿主机系统版本: centos 6.7
宿主机内核版本:3.10.5-12.1.x86_64
docker 版本: Docker version 1.7.1, build 786b29d/1.7.1
创建过程:
1.启动镜像:
[root@localhost ~]# docker run -it centos /bin/bash
2.安装openssh服务
[root@75a1929a2637 /]# yum -y install openssh-server
3.创建 /var/run/sshd/目录,要不然sshd服务启动会报错
[root@75a1929a2637 /]# mkdir /var/run/sshd/
4.启动sshd服务
[root@75a1929a2637 /]# /usr/sbin/sshd -D &
WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several problems. (1)
Could not load host key: /etc/ssh/ssh_host_rsa_key (2)
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
启动是会提示以上信息,(1)表示:修改了sshd_conf文件中的UsePAM yes 改成UsePAM no
[root@75a1929a2637 /]#cat /etc/ssh/sshd_config|grep UsePA
UsePAM no
(2)表示:没有主机的公私秘钥,重新生成密钥
[root@75a1929a2637 /]# rm -rf ssh*key
[root@75a1929a2637 /]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
[root@75a1929a2637 /]# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
[root@75a1929a2637 /]# ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
如果没有生成密钥在远程连接的时候也会报错。报主机密钥不匹配错误:Read from socket failed: Connection reset by peer
秘钥文件是根据sshd_conf 配置文件相对应的,可以先查看配置文件在设置相同的密钥
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
5.取消pam登录限制,注释掉#session required pam_loginuid.so,原先没有注释掉
[root@75a1929a2637 /]#cat /etc/pam.d/sshd
#session required pam_loginuid.so
6.验证端口是否开启
[root@75a1929a2637 /]# ps -ef |grep sshd
root 18 1 0 01:43 ? 00:00:00 /usr/sbin/sshd -D
root 30 1 0 01:59 ? 00:00:00 grep --color=auto sshd
7.通过宿主机端口扫描查看sshd端口状态
[root@localhost ~]# nmap 172.17.0.10 -p 22
PORT STATE SERVICE
22/tcp open ssh
8.宿主机生成公钥并且导入到容器中
[root@localhost ~]# ssh-keygen -t rsa
会在/root/.ssh/会生成密钥文件和私钥文件 id_rsa,id_rsa.pub或id_dsa,id_dsa.pub
将 .pub 文件复制到容器的 .ssh 目录,并且将内容导入到~/.ssh/authorized_keys
[root@localhost .ssh]# mkdir /root/.ssh/
[root@localhost .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyFRgchNdCzAUN7FNWdwDxLtFvW5521mMX4r57DCPADtrclyGcnlljxcqFHAYtyyDGmNA8ASrYxiH+0FPe+6BI2U32yNUorLOfsB1VlgMpEx6Xq9g3VFUMo7HLNNgOsj0hBnKlsrWt9VZhQ9rkW8ncof+M0CabP4mNDp7xuKX/AmGvweNapYusDiK3hEoUF9lEKYFyztk85PqNNDSzRZgqulQSYZYCfdz2KO+GJnlDoTfOGB1ShVbNO1Rjo1LpK8jrnSTTubIJMaPGtA/khagbKHhW/+AhFjcGezs2ZJ8pAUqHmeksoBM0smSsiE8F3tZxO39YqOOoxfWWHrxA7/8Nw== [email protected]
[root@75a1929a2637 /]# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyFRgchNdCzAUN7FNWdwDxLtFvW5521mMX4r57DCPADtrclyGcnlljxcqFHAYtyyDGmNA8ASrYxiH+0FPe+6BI2U32yNUorLOfsB1VlgMpEx6Xq9g3VFUMo7HLNNgOsj0hBnKlsrWt9VZhQ9rkW8ncof+M0CabP4mNDp7xuKX/AmGvweNapYusDiK3hEoUF9lEKYFyztk85PqNNDSzRZgqulQSYZYCfdz2KO+GJnlDoTfOGB1ShVbNO1Rjo1LpK8jrnSTTubIJMaPGtA/khagbKHhW/+AhFjcGezs2ZJ8pAUqHmeksoBM0smSsiE8F3tZxO39YqOOoxfWWHrxA7/8Nw== [email protected]
9.编辑ssh服务启动脚本并赋予执行权限
[root@localhost ~]# cat run.sh
#!/bin/bash
/usr/sbin/sshd -D &
[root@localhost ~]# chmod 755 run.sh
10.保存镜像
[root@localhost ~]# docker commit 75a1929a2637 sshd04
11.运行镜像,设置端口映射
[root@localhost ~]#docker run -d -p 11126:22 sshd04 /usr/sbin/sshd -D
[root@localhost ~]# docker ps
d0dc7862e8c9 sshd04 "/usr/sbin/sshd -D" 16 hours ago Up 16 hours 0.0.0.0:11126->22/tcp furious_morse
[root@localhost ~]# ssh 192.168.30.133 -p 11126
[root@d0dc7862e8c9 ~]#
[root@d0dc7862e8c9 ~]# ifconfig
eth0: flags=4163
inet 172.17.0.9 netmask 255.255.0.0 broadcast 0.0.0.0
远程登录成功
附:dockerfile 文件
#this is docker sshdp_w_picpaths
FROM centos
MAINTAINER chenyongtao
RUN yum clean all
RUN yum -y install net-tools*
RUN yum -y install openssh-server
RUN mkdir /var/run/sshd
RUN sed -i 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
RUN rm -rf ssh*key
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
RUN ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
RUN mkdir /root/.ssh/
COPY ./id_rsa.pub /root/.ssh/id_rsa.pub
COPY ./authorized_keys /root/.ssh/authorized_keys
COPY ./run.sh /root/run.sh
EXPOSE 22
CMD /usr/sbin/sshd -D