docker container ssh setup

1、用户密码认证方式登陆
hsl@ubuntu:~$ sudo docker images
[sudo] hsl 的密码： 
REPOSITORY TAG IMAGE ID CREATED SIZE
hsl/ubuntu 14.04_add_sourcealiyun_git_vim_ssh 7e81fb2f82c5 44 minutes ago 634.2 MB
hsl/ubuntu 14.04_JenkinsWithDocker_key 6fb1d3cb7983 46 hours ago 760 MB
hsl/ubuntu 14.04_JenkinsWithDocker_password 659fcb00b0dc 3 days ago 760.1 MB
ubuntu 14.04 4a725d3b3b1c 8 days ago 188 MB
training/webapp latest 6fae60ef3446 15 months ago 348.8 MB
hsl@ubuntu:~$ sudo docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
hsl@ubuntu:~$ sudo docker run -tid -p 22 -P hsl/ubuntu:14.04_add_sourcealiyun_git_vim_ssh
ea153153c8837a4b0e1a8d0e6945200c7ac820c358d546202f1a95c72f12ca77
hsl@ubuntu:~$ sudo docker exec -ti ea /bin/bash
root@ea153153c883:/# cd /etc/ssh
root@ea153153c883:/etc/ssh# vim sshd_config 
sshd_config Need to pay attention to three places, before modification :
PermitRootLogin without-password
#AuthorizedKeysFile %h/.ssh/authorized_keys
#PasswordAuthentication yes
Description:
#PermitRootLogin yes #Allow root user to log in with any authentication method (username password authentication and public key authentication)
#PermitRootLogin without-password #Only root is allowed Log in with public key authentication
#PermitRootLogin no #Do not allow root users to log in with any authentication method.
Here are two changes:
PermitRootLogin without-password Change to PermitRootLogin yes
#PasswordAuthentication yes Change to PasswordAuthentication yes
root@ea153153c883:/etc/ssh# cd
root@ea153153c883:~# service ssh start
* Starting OpenBSD Secure Shell server sshd [ OK ] 
root@ea153153c883:/# passwd root
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
root@ea153153c883:/# ifconfig
#获得docker的内网地址（inet addr）：172.17.0.2
root@ea153153c883:/# exit
exit
hsl@ubuntu:~$ ssh [email protected]
[email protected]'s password: 
Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-93-generic x86_64)
* Documentation:  https://help.ubuntu.com/
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
root@ea153153c883:~# exit
logout
Connection to 172.17.0.2 closed.
hsl@ubuntu:~$ ifconfig #Get
the host's intranet address (inet address): 192.168.127.159, here try the port mapping method to log in to docker #Because
of the port mapping, you can log in directly from the mapped port, you only need to know the host port mapped with docker's 22 port and the host's ip (if it is with docker 22 uses the default IP mode when doing port mapping, then all IPs of the default host are mapped to the 22 port of docker, so that localhost and subnet IP can be logged in) #ie
ssh [email protected] and ssh -p 32770 root @192.168.127.159 can log in to docker
hsl@ubuntu:~$ ssh -p 32771 [email protected] #The
authenticity
of host '[192.168.127.159]:32771 ([192.168.127.159]:32771 )' can't be established.
ECDSA key fingerprint is SHA256: icDOU4lcWTiFb4eIKUtosFNrqzGMo5ufzqXQfPdtSZg.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.127.159]:32771' (ECDSA) to the list of known hosts.
[email protected]'s password: 
Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 4.4.0-36-generic x86_64)
* Documentation:  https://help.ubuntu.com/
Last login: Sun Sep 4 06:00:37 2016 from 172.17.0.1
root@ea153153c883:~# exit
logout
Connection to 192.168.127.159 closed.
hsl@ubuntu:~$ ssh -p 32771 [email protected]
#再登录一遍就没有警告了
[email protected]'s password: 
Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 4.4.0-36-generic x86_64)
* Documentation:  https://help.ubuntu.com/
Last login: Sun Sep 4 06:01:33 2016 from 192.168.127.159
root@ea153153c883:~# exit
logout
Connection to 192.168.127.159 closed.
 
2. Login via public key authentication
hsl@ubuntu:~$ sudo docker run -tid - 22 is -P HSL P / Ubuntu: 14.04_add_sourcealiyun_git_vim_ssh
f2e54200c5c7f3310a27e274d7d8c9585ed3c79f921cb63edb8f3a00d1165e24
HSL Ubuntu @: ~ -a $ the sudo Docker PS
CONTAINER ID PORTS the STATUS the IMAGE CREATED the COMMAND NAMES
f2e54200c5c7 HSL / Ubuntu: 14.04_add_sourcealiyun_git_vim_ssh "/ bin / the bash" 15 seconds The ago Member 10 seconds The Up 0.0 .0.0:32768->22/tcp big_brown
hsl@ubuntu:~$ sudo docker exec -it f2 /bin/bash
root@f2e54200c5c7:/# vim /etc/ssh/sshd_config 
Put the things mentioned in the first step that need attention Make the following modifications in three places:
PermitRootLogin without-password
#AuthorizedKeysFile %h/.ssh/authorized_keys is changed to AuthorizedKeysFile %h/.ssh/authorized_keys
#PasswordAuthentication yes is changed to PasswordAuthentication yes
(If the server is not local, do not PasswordAuthentication yes->no, in case the current ssh link is interrupted, Once the RAS authentication is not done, the password authentication is prohibited again. It can be understood that the public key authentication takes precedence over the user password authentication, but if the public key authentication fails, use the user password authentication just in case)
root@f2e54200c5c7:/# exit
exit
hsl@ubuntu:~$ ssh-keygen -t rsa #Keep
pressing Enter to generate the host's key
hsl@ubuntu:~$ cd .ssh
hsl@ubuntu:~/.ssh$ ls
id_rsa id_rsa.pub
hsl@ubuntu: ~/.ssh$ scp id_rsa.pub [email protected]:~/.ssh/
[email protected]'s password: 
id_rsa.pub 100% 392 0.4KB/s 00:00  
hsl@ubuntu:~/.ssh $ sudo docker exec -it f2 /bin/bash
root@ea153153c883:/# cd  
root@ea153153c883:~# cd .ssh
root@ea153153c883:~/.ssh# ls
id_rsa.pub
root@ea153153c883:~/.ssh# mv id_rsa.pub authorized_keys
root@ea153153c883:~/.ssh# ls
authorized_keys
*** *****You can replace the above method to transfer the public key to docker via scp********* #Or
directly copy the content of the host's id_rsa.pub to docker's /root/.ssh/authorized_keys
hsl @ubuntu:~$ cd .ssh
hsl@ubuntu:~/.ssh$ ls
id_rsa id_rsa.pub known_hosts
hsl@ubuntu:~/.ssh$ cat id_rsa.pub 
#Host's public key
hsl@ubuntu:~/.ssh $ sudo docker exec -it f2 /bin/bash
root@f2e54200c5c7:/# ssh-keygen -t rsa
#This step is just for the convenience of generating docker's .ssh directory
root@f2e54200c5c7:/# cd 
root@f2e54200c5c7:~# cd . ssh
root@f2e54200c5c7:~/.ssh# ls
id_rsa id_rsa.pub
root@f2e54200c5c7:~/.ssh# touch authorized_keys
root@f2e54200c5c7:~/.ssh# ls
authorized_keys id_rsa id_rsa.pub
root@f2e54200c5c7:~/.ssh# vim authorized_keys 
# Put the host's id_rsa.pub content Copy to /root/.ssh/authorized_keys of docker
********You can replace the public key sent to docker via scp method above *********
root@f2e54200c5c7:/# service ssh start
* Starting OpenBSD Secure Shell server sshd [ OK ] 
root@f2e54200c5c7:/# exit
exit
hsl@ubuntu:~/.ssh$ ssh [email protected]
Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 4.4.0-36- generic x86_64)
* Documentation: https://help.ubuntu.com/
Last login: Sun Sep 4 08:18:21 2016 from 172.17.0.1
root@f2e54200c5c7:~# exit
logout