Study notes --- "Docker technology introduction and practice" --- mirrored add SSH service

Speaking before landing container can attach and by two exec command, but if you encounter scene requires remote login via ssh container, you need to manually add the ssh service.

 

Here are two ways to create a mirror with ssh services, commit command creates and is created by Dockerfile.

 

First, create a mirror commit command

docker provides a docker commit command, allowing users to submit their own modifications to the container, and generate a new image. The command format is docker commit CONTAINER [REPOSITORY [: TAG]].

 

Here's how to ubuntu: 18.04 Mirror added SSH service process.

 

1.1, ready to work

First, get ubuntu18: 04 Mirror and create a container

$ docker pull ubuntu:18.04

$ docker run -it ubuntu:18.04 bash

 

1.2, configuration software source

If too slow official source can be replaced by domestic sources, for example here at the source Ali

First, the backup file /etc/apt/sources.list, and then replace the contents.

root@99c04606894d:/# cp /etc/apt/sources.list /etc/apt/sources.list.bak

root@99c04606894d:/# echo "deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse" > /etc/apt/sources.list
root@99c04606894d:/# echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse" >> /etc/apt/sources.list
root@99c04606894d:/# echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse" >> /etc/apt/sources.list
root@99c04606894d:/# echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse" >> /etc/apt/sources.list
root@99c04606894d:/# echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse" >> /etc/apt/sources.list
root@99c04606894d:/# echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse" >> /etc/apt/sources.list
root@99c04606894d:/# echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse" >> /etc/apt/sources.list
root@99c04606894d:/# echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse" >> /etc/apt/sources.list
root@99c04606894d:/# echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse" >> /etc/apt/sources.list
root@99c04606894d:/# echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse" >> /etc/apt/sources.list

 

Software update information source

root@99c04606894d:/# apt-get update 

 

1.3, install and configure SSH service

Install openssh-server

root@99c04606894d:/# apt install openssh-server

 

In order to serve normal start, you need to create the directory / var / run / sshd

root@99c04606894d:/# mkdir -p /var/run/sshd

 

Background start the service:

root@99c04606894d:/# /usr/sbin/sshd -D & 

 

Want to use netstat to see ssh port 22 occupied service, but found no command, you need to first install the required software, using the apt-file viewing software needs to be installed.

@ 99c04606894d root: / # APT-GET install APT- File following this step must be done 
root @ 99c04606894d: / # APT- File Update 
root @ 99c04606894d: / # APT- File Search / bin / netstat 
NET -tools: / bin / the netstat 
the netstat -nat: / usr / bin / the netstat-NAT 

 

You can see the net-tools package needs to be installed, install the package and view ports:

root@99c04606894d:/# apt-get install net-tools

root@99c04606894d:/# netstat -an | grep :22

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN

 

Modify SSH security services landing configuration, cancel pam landing restrictions:

root@99c04606894d:/# sed -ri 's/session  required  pam_loginuid.so/#session  required  pam_loginuid.so/g' /etc/pam.d/sshd

 

Create the .ssh directory in the container root user's home directory, and copy the public key information required landing (usually host the user's home directory .ssh / id_rsa.pub file can be generated using ssh-keygen -t rsa command) to the authorized_keys file in:

root@99c04606894d:/# mkdir root/.ssh

root@99c04606894d:/# vi /root/.ssh/authorized_keys

If there is no vi command, you can install vim tool, apt-get install vim

 

Create an executable file to automatically start the SSH services run.sh, and add executable permissions

root@99c04606894d:/# touch /run.sh
root@99c04606894d:/# chmod +x /run.sh
root@99c04606894d:/# vi /run.sh 
#!/bin/bash
/usr/sbin/sshd -D

 

Finally, exit the container:

root@ce21cd862b7e:/# exit

 

1.4, save image

View container

$ docker ps -a

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                     PORTS               NAMES
99c04606894d        ubuntu:18.04        "bash"              About an hour ago   Exited (0) 9 seconds ago                       elegant_mendeleev

 

Generate a new image sshd: ubuntu

$ docker commit 99c04606894d sshd:ubuntu
sha256:275da5f9600434f238c2d455a8fd103e0c55ad5c6113d2739a56839985832363

 

View Mirror

$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
sshd                ubuntu              275da5f96004        7 seconds ago       494MB

 

1.5, using a mirror

Starting container, and mapping the host port 22 to the container port 10022:

$ docker run -p 10022:22 -d sshd:ubuntu /run.sh
ce21cd862b7edc64c0cd3853dc4a7c2fffe977a21254cd4b866748dac516b371

 

View container

$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                   NAMES
ce21cd862b7e        sshd:ubuntu         "/run.sh"           4 seconds ago       Up 2 seconds        0.0.0.0:10022->22/tcp   fervent_jennings

 

Landing container, no need to enter a password to login

$ ssh root@192.168.121.121 -p 10022

The authenticity of host '[192.168.121.121]:10022 ([192.168.121.121]:10022)' can't be established.
ECDSA key fingerprint is SHA256:a5DBqdYJ+WuBgJh5GhRb/fXgrtZcgDpL0dzZZqzKy88.
ECDSA key fingerprint is MD5:e2:d3:99:0b:d4:ce:9e:ea:f2:4b:18:d9:25:8d:08:fe.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.121.121]:10022' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 3.10.0-693.el7.x86_64 x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.

To restore this content, you can run the 'unminimize' command.

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

root@18ff1392f000:~# 

 

Second, the use Dockerfile create

2.1, create a working directory

First, create a working directory sshd_ubuntu

$ mkdir sshd_ubuntu

 

Creating Dockerfile and run.sh

$ cd sshd_ubuntu/
$ touch Dockerfile run.sh

$ vi run.sh 
#!/bin/bash
/usr/sbin/sshd -D

 

2.2, write authorized_keys file

Generated on the SSH host key pair and create authorized_keys file:

$ ssh-keygen -t rsa
$ cat ~/.ssh/id_rsa.pub >authorized_keys

 

2.3, write Dockerfile 

$ We Dockerfile

# Settings are inherited mirroring 
the FROM ubuntu: 18.04 

# to provide some information about the author 
MAINTAINER shangxiaozhou ([email protected]) 

# starts running the following command to change the source of ubuntu here for domestic source Ali 
RUN echo  " deb HTTP: // Mirrors. Bionic main Tel Restricted Universe Multiverse aliyun.com/ubuntu/ " > / etc / APT / sources.list 
RUN echo  " deb-src http://mirrors.aliyun.com/ubuntu/ Bionic main Tel Restricted Universe Multiverse " >> / etc / APT / sources.list 
RUN echo  " deb http://mirrors.aliyun.com/ubuntu/ Bionic-Security main Tel Restricted Universe Multiverse " >> / etc / APT / sources.list 
RUNecho "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse" /etc/apt/sources.list
RUN echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse" >> /etc/apt/sources.list
RUN apt-get update

# 安装ssh服务
RUN apt-get install -y openssh-server
RUN mkdir-p / var / RUN / the sshd 
the RUN mkdir -p / the root /. SSH 
the RUN Sed -ri ' S / required pam_loginuid.so/#session the session required pam_loginuid.so/g ' /etc/pam.d/ the sshd 

# copy configuration files to the appropriate location, and given the script executable permissions to 
the ADD authorized_keys / root /. SSH / authorized_keys 
the ADD RUN. SH / RUN. SH 
RUN chmod  755 / RUN. SH 

# open ports 
EXPOSE 22 
 
# set from the start command 
CMD [ " / RUN .sh " ]

View Code

 

2.4, create a mirror

$ docker build -t sshd:dockerfile .

 

View mirror created

$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
sshd                dockerfile          828c78d68a36        9 seconds ago       231MB
ubuntu              18.04               4c108a37151f        4 weeks ago         64.2MB

 

2.5, running container

$ docker run -d -p 10022:22 sshd:dockerfile
b45d884c2cbb591fe97a34064c2b9ee09ffedf1cff22e992df0c582a99da2011

 

View container created

$ docker ps 
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                   NAMES
b45d884c2cbb        sshd:dockerfile     "/run.sh"           3 seconds ago       Up 2 seconds        0.0.0.0:10022->22/tcp   lucid_brown

 

Log container

$ ssh root@192.168.121.121 -p 10022
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 3.10.0-693.el7.x86_64 x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.

To restore this content, you can run the 'unminimize' command.

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

root@b45d884c2cbb:~# 

 

If no password to prevent root direct container, can be annotated ADD authorized_keys /root/.ssh/authorized_keys this step, use the following command instead, to create a common account and password, set the root password
RUN useradd dkuser
RUN echo "dkuser: 123456" | chpasswd
RUN echo "root: 123456" | chpasswd

In this case you can only log in container by ordinary accounts dkuser, and then go to the root user.