Create a mirror support SSH services

Others 2019-09-06 07:12:08 views: null

Brief introduction

  In general, Linux system administrator to manage the operating system through the SSH service, but many Mirror Docker is without SSH service, then how can we manage the operating system?
  In the first part we introduce some way into the vessel, such as using the exec command, but these commands do not resolve the problem remotely manage the container. So when the reader needs to remotely log in to a container of some operations, it needs the support of the SSH.
  This article describes how to create their own specific image with a SSH services, and details two ways to create a container: Create and based Dockerfile created based docker commit command.

Based commit to create

  Docker provides a docker commit command, allowing users to submit their own modifications to the container, and generate a new image. The command format is docker commit CONTAINER [REPOSITORY [: TAG ]].
  Here explains how to use docker commit command, add SSH service for ubuntu mirror.

Ready to work

  First, ubuntu mirror to create a container:

[root@gavin /]# sudo docker run -it ubuntu /bin/bash

  First, try using SSHD command, you will find that the container did not install the service:

root@c8178608e454:/# sshd
bash: sshd: command not found

  At the same time, I also can not find the services they need to start SSH openssh-server package from apt source information manager software. This is because the official Ubuntu mirror package does not contain cache files:

root@c8178608e454:/# apt-get install openssh-server
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package openssh-server

  Below, I will demonstrate how to update the package cache, and install the SSHD service.

Configuration software source

  Check the software source, and the source of information to update the software using apt-get update:

root@c8178608e454:/# apt-get update
Get:1 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Get:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:4 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 Packages [4957 B]
...                                                                                              
Fetched 14.4 MB in 36s (404 kB/s)                                                                                                                                         
Reading package lists... Done

Install and configure SSH service

  After updating the package cache, already installed SSH service, and select mainstream openssh-server as a server. We can see the need to download and install a large number of dependent packages:

root@c8178608e454:/# apt-get install openssh-server
...
done.
Processing triggers for systemd (237-3ubuntu10.28) ...

  To start the normal SSH service, you need a directory / var / run / sshd exist, create it manually, and start the service:

root@c8178608e454:/# mkdir -p /var/run/sshd
root@c8178608e454:/# /usr/sbin/sshd -D &

  Modify the security configuration of SSH login service, log on to cancel pam restrictions:

root@c8178608e454:/# sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd

  Create a user .ssh directory in the root directory, and copy the public key information needed to log in (usually .ssh / id_rsa.pub file in the local host user directory, by the ssh-keygen -t rsa command generates) to the authorized_keys file.

root@c8178608e454:/# mkdir root/.ssh
root@c8178608e454:/# vi /root/.ssh/authorized_keys

  SSH service to start automatically create executable files run.sh, and add executable permissions:

root@c8178608e454:/# vi /run.sh                   
bash: vi: command not found

  At this time, I found it impossible to use the vi command, because vim is not installed, use the following command to install:

root@c8178608e454:/# apt-get install vim
Reading package lists... Done
Building dependency tree       
Reading state information... Done
...
Processing triggers for libc-bin (2.27-3ubuntu1) ...

  SSH service to start automatically create executable files run.sh, and add executable permissions:

root@c8178608e454:/# vi /run.sh
root@c8178608e454:/# chmod +x run.sh

  run.sh script reads as follows:

#!/bin/bash
/usr/sbin/sshd -D

  If you want to log in as root, you need to modify / etc / ssh / sshd_config, making it possible to use direct root login:

vim /etc/ssh/sshd_config

  / Etc / ssh / sshd_config added as follows:

PermitRootLogin yes
UsePAM no

  Set the root password:

root@c8178608e454:/# passwd root
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

  Finally, exit the container:

root@c8178608e454:/# exit
exit

Save image

  The exit of the container with a docker commit command to save a new sshd: ubuntu Mirror:

[root@gavin /]# sudo docker commit c8178608e454 sshd:ubuntu
sha256:00eb7bf408ece207efae9a349b8d36d15d0c9c858ccb013e05561230c9e5c2ab

  Use docker images to view the new image sshd locally generated: ubuntu, now has a mirror as follows:

[root@gavin /]# sudo docker images
REPOSITORY               TAG                 IMAGE ID            CREATED              SIZE
sshd                     ubuntu              00eb7bf408ec        About a minute ago   243MB
ubuntu                   latest              a2a15febcdf3        2 weeks ago          64.2MB

Mirroring

  Start container, and add the port mapping 10022--> 22. 10022 wherein the host is a host port, the SSH server is listening on port 22 of the container:

[root@gavin /]# sudo docker run -p 10022:22 -d sshd:ubuntu /run.sh
ec6a0c53dc5790a569d1eb7b63866856748fc39285f13ffb57e66cfcf5adb061

  After a successful start, you can see the details of the container running on the host Host:

[root@gavin /]# sudo docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                     PORTS                   NAMES
ec6a0c53dc57        sshd:ubuntu         "/run.sh"           44 seconds ago      Up 43 seconds              0.0.0.0:10022->22/tcp   focused_knuth

  On the host host or other hosts can be accessed via SSH port 10022 to log container:

[root@gavin ~]# ssh 192.168.41.15 -p 10022
root@192.168.41.15's password: 
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 3.10.0-957.el7.x86_64 x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

This system has been minimized by removing packages and content that are
not required on a system that users do not log into.

To restore this content, you can run the 'unminimize' command.
Last login: Wed Sep  4 13:25:49 2019 from 192.168.41.15
root@bc419278a175:~#

Creating use Dockerfile

  In the first part I have introduced the basics of Dockerfile, the following describes how to use Dockerfile to create a mirror image support SSH service.

Create a working directory

  First, create a sshd_ubuntu working directory:

[root@gavin /]# mkdir sshd_ubuntu
[root@gavin /]# cd sshd_ubuntu/
[root@gavin sshd_ubuntu]# touch Dockerfile run.sh
[root@gavin sshd_ubuntu]# ls
Dockerfile  run.sh

  Run.sh script written content is consistent with the previous section:

#!/bin/bash
/usr/sbin/sshd -D

  Created on the host SSH host keys right, and create the authorized_keys file:

[root@gavin /]# ssh-keygen -t rsa
...
[root@gavin sshd_ubuntu]# cat ~/.ssh/id_rsa.pub >authorized_keys

Write Dockerfile

  The following comments are Dockerfile content of each part, can be found, the comparison process to create an image utilizing docker commit command, operations performed are basically the same.

# Settings are inherited mirroring 
the FROM Ubuntu 

# provide some of the information 
MAINTAINER from [email protected] 

# configure software source 
RUN APT - GET Update 

# ssh service installed and configured 
RUN APT - GET install openssh- Server 
RUN mkdir -p / var / RUN / the sshd 
the RUN mkdir -p / the root / .ssh 

# pam restriction cancel 
the RUN Sed -ri ' S / required pam_loginuid.so/#session the session required pam_loginuid.so/g ' /etc/pam.d/ the sshd 

# copy files into the appropriate position, and given the script executable permissions to 
the ADD authorized_keys /root/.ssh/ authorized_keys 
the ADD run.sh / run.sh 
RUN chmod 755 / run.sh 

# open ports 
EXPOSE 22 

# set from the start command 
CMD [ " /run.sh " ]

Create a mirror

  In sshd_ubuntu directory, use the docker build command to create a mirror. Note, at last there is a ".", Using the current directory Dockerfile.

[root@gavin sshd_ubuntu]# sudo docker build -t sshd:dockerfile .

  If readers use Dockerfile create custom images, you need to pay attention to is the Docker will automatically delete the temporary creation of the middle layer, also need to pay attention to the correspondence between Dockerfile every step of the operation and the writing of command.
  Docker build execute command output reference as follows:

Sending build context to Docker daemon  4.608kB
Step 1/12 : FROM ubuntu
 ---> a2a15febcdf3
Step 2/12 : MAINTAINER from [email protected]
 ---> Using cache
 ---> dc49243843b7
Step 3/12 : RUN apt-get update
 ---> Using cache
 ---> ce8282eea754
Step 4/12 : RUN apt-get install -y openssh-server
 ---> Running in 8ceb2d7d95fc
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
  ca-certificates dbus dmsetup file gir1.2-glib-2.0 krb5-locales libapparmor1
  libargon2-0 libbsd0 libcap2 libcryptsetup12 libdbus-1-3 libdevmapper1.02.1
  libedit2 libexpat1 libgirepository-1.0-1 libglib2.0-0 libglib2.0-data
  libgssapi-krb5-2 libicu60 libidn11 libip4tc0 libjson-c3 libk5crypto3
  libkeyutils1 libkmod2 libkrb5-3 libkrb5support0 libmagic-mgc libmagic1
  libmpdec2 libnss-systemd libpam-systemd libpsl5 libpython3-stdlib
  libpython3.6-minimal libpython3.6-stdlib libreadline7 libsqlite3-0
  libssl1.0.0 libssl1.1 libsystemd0 libwrap0 libx11-6 libx11-data libxau6
  libxcb1 libxdmcp6 libxext6 libxml2 libxmuu1 mime-support multiarch-support
  ncurses-term networkd-dispatcher openssh-client openssh-sftp-server openssl
  publicsuffix python3 python3-certifi python3-chardet python3-dbus python3-gi
  python3-idna python3-minimal python3-pkg-resources python3-requests
  python3-six python3-urllib3 python3.6 python3.6-minimal readline-common
  shared-mime-info ssh-import-id systemd systemd-sysv ucf wget xauth
  xdg-user-dirs xz-utils
Suggested packages:
  default-dbus-session-bus | dbus-session-bus krb5-doc krb5-user iw
  | wireless-tools keychain libpam-ssh monkeysphere ssh-askpass molly-guard
  rssh ufw python3-doc python3-tk python3-venv python-dbus-doc
  python3-dbus-dbg python3-setuptools python3-cryptography python3-openssl
  python3-socks python3.6-venv python3.6-doc binutils binfmt-support
  readline-doc systemd-container policykit-1
The following NEW packages will be installed:
  ca-certificates dbus dmsetup file gir1.2-glib-2.0 krb5-locales libapparmor1
  libargon2-0libbsd0 libcap2 libcryptsetup12 libdbus- 1 - 3 libdevmapper1. 02.1 
  libedit2 libexpat1 libgirepository - 1.0 - 1 libglib2. 0 - 0 libglib2. 0 - data 
  libgssapi -krb5- 2 libicu60 libidn11 libip4tc0 libjson- c3 libk5crypto3 
  libkeyutils1 libkmod2 libkrb5 - 3 libkrb5support0 libmagic- mgc libmagic1 
  libmpdec2 libnss -systemd libpam-systemd libpsl5 libpython3- stdlib 
  libpython3. 6 -Minimal libpython3. 6-stdlib libreadline7 libsqlite3-0
  libssl1.0.0 libssl1.1 libwrap0 libx11-6 libx11-data libxau6 libxcb1
  libxdmcp6 libxext6 libxml2 libxmuu1 mime-support multiarch-support
  ncurses-term networkd-dispatcher openssh-client openssh-server
  openssh-sftp-server openssl publicsuffix python3 python3-certifi
  python3-chardet python3-dbus python3-gi python3-idna python3-minimal
  python3-pkg-resources python3-requests python3-six python3-urllib3 python3.6
  python3.6-minimal readline-common shared-mime-info ssh-import-id systemd
  systemd-sysv ucf wget xauth xdg-user-dirs xz-utils
The following packages will be upgraded:
  libsystemd0
1 upgraded, 82 newly installed, 0 to remove and 14 not upgraded.
Need to get 27.3 MB of archives.
After this operation, 118 MB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libsystemd0 amd64 237-3ubuntu10.28 [204 kB]
Get:2 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libssl1.1 amd64 1.1.1-1ubuntu2.1~18.04.4 [1300 kB]
Get:3 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libpython3.6-minimal amd64 3.6.8-1~18.04.1 [533 kB]
...
Successfully built 18f9de8b84b7
Successfully tagged sshd:dockerfile

  After the command is completed, if the visible word "Successfully built xxx", then the image has been created. Can be seen, the above commands are generated image ID 18f9de8b84b7.
  View sshd locally: dockerfile mirror already exists:

[root@gavin sshd_ubuntu]# sudo docker images
REPOSITORY               TAG                 IMAGE ID            CREATED             SIZE
sshd                     dockerfile          18f9de8b84b7        5 minutes ago       207MB

Mirror test run container

  Use just created sshd: dockerfile mirror to run a container. Direct boot image, the mapping 22 of the container port 10122 to the local port:

[root@gavin sshd_ubuntu]# sudo docker run -d -p 10122:22 sshd:dockerfile 
177ebf24952b871bd5de74a665d1bf962859f6f453e18c5d6b038df7be6c47ba
[root@gavin sshd_ubuntu]# sudo docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                      PORTS                   NAMES
177ebf24952b        sshd:dockerfile     "/run.sh"                4 seconds ago       Up 3 seconds                0.0.0.0:10122->22/tcp   vigorous_matsumoto

  Opening a new terminal in the host, the new container is connected to:

[root@gavin sshd_ubuntu]# ssh 192.168.41.15 -p 10122
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 3.10.0-957.el7.x86_64 x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

This system has been minimized by removing packages and content that are
not required on a system that users do not log into.

To restore this content, you can run the 'unminimize' command.
Last login: Thu Sep  5 14:02:46 2019 from 192.168.41.15
root@177ebf24952b:~#

  Effects consistent with the previous one, mirroring created.

 

This article is my record Docker learning, content reference from "Docker technology introduction and practical"

 

Guess you like

Origin www.cnblogs.com/gavin-guo/p/11461577.html
Recommended
LFOSSA Yuanlaisusu Open Course | Mastering the Cloud Native Future: Comprehensive Guide to CNCF Certification and Exam Preparation Tips
Ranking
C++ Basic Syntax
bootstrapTable hides a column based on a condition
Why is reentrant lock recommended instead of Synchronized when dynamic high concurrency?
hexo create a blog
[Fully open source and non-encrypted version] Imitation of the eighth district distribution/online signature/multiple sets of download templates/APP distribution hosting/APP packaging and packaging
Polymerization combination
https://www.flysnow.org/2017/05/06/go-in-action-go-log.html
From the perspective of Flutter and the front-end, talk about how to ensure UI fluency under the single-threaded model
nginx-301, 302 redirect
Geolocation by IP Address in ASP.NET
Daily
More
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)

Code World

© 2018 codetd.com