之前说到可以通过attach和exec两个命令登陆容器,但是如果遇到需要远程通过ssh登陆容器的场景,就需要手动添加ssh服务。

下面介绍两种方法创建带有ssh服务的镜像,commit命令创建和通过Dockerfile创建。

一、通过commit命令创建镜像

docker提供了docker commit 命令,支持用户提交自己对容器的修改,并生成新的镜像。命令格式为 docker commit CONTAINER [REPOSITORY [:TAG] ]。

下面是如何为 ubuntu:18.04 镜像添加SSH服务的过程。

1.1、准备工作

首先,获取 ubuntu18:04 镜像,并创建一个容器

$ docker pull ubuntu:18.04

$ docker run -it ubuntu:18.04 bash

1.2、配置软件源

如果嫌官方源速度慢可以替换为国内源,这里以阿里源为例

首先备份文件 /etc/apt/sources.list ,然后替换其中内容。

root@99c04606894d:/# cp /etc/apt/sources.list /etc/apt/sources.list.bak

root@99c04606894d:/# echo "deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse" > /etc/apt/sources.list

root@99c04606894d:/# echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse" >> /etc/apt/sources.list

root@99c04606894d:/# echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse" >> /etc/apt/sources.list

root@99c04606894d:/# echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse" >> /etc/apt/sources.list

root@99c04606894d:/# echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse" >> /etc/apt/sources.list

root@99c04606894d:/# echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse" >> /etc/apt/sources.list

root@99c04606894d:/# echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse" >> /etc/apt/sources.list

root@99c04606894d:/# echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse" >> /etc/apt/sources.list

root@99c04606894d:/# echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse" >> /etc/apt/sources.list

root@99c04606894d:/# echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse" >> /etc/apt/sources.list

更新软件源信息

root@99c04606894d:/# apt-get update

1.3、安装和配置SSH服务

安装openssh-server

root@99c04606894d:/# apt install openssh-server

为了服务正常启动,需要创建目录/var/run/sshd

root@99c04606894d:/# mkdir -p /var/run/sshd

后台启动服务:

root@99c04606894d:/# /usr/sbin/sshd -D &

想要使用netstat查看ssh服务所占用22端口,但是发现没有命令,则需要首先安装所需软件,使用apt-file查看需要安装的软件。

root@99c04606894d:/# apt-get install apt-file


下面这一步一定要做

root@99c04606894d:/# apt-file update

root@99c04606894d:/# apt-file search /bin/netstat

net-tools: /bin/netstat

netstat-nat: /usr/bin/netstat-nat

可以看到需要安装的软件包 net-tools,安装软件包并查看端口:

root@99c04606894d:/# apt-get install net-tools

root@99c04606894d:/# netstat -an | grep :
tcp               0.0.0.0:              0.0.0.0:*               LISTEN

tcp6              :::                   :::*                    LISTEN

修改SSH服务的安全登陆配置,取消pam登陆限制:

root@99c04606894d:/# sed -ri 's/session  required  pam_loginuid.so/#session  required  pam_loginuid.so/g' /etc/pam.d/sshd

在容器root用户家目录下创建.ssh目录,并复制需要登陆的公钥信息(一般为宿主机用户家目录 .ssh/id_rsa.pub 文件,可以用 ssh-keygen -t rsa 命令生成) 到 authorized_keys 文件中:

root@99c04606894d:/# mkdir root/.ssh
root@99c04606894d:/# vi /root/.ssh/authorized_keys

如果没有 vi 命令,可以安装vim工具,apt-get install vim

创建自动启动SSH服务的可执行文件 run.sh,并添加可执行权限

root@99c04606894d:/# touch /run.sh

root@99c04606894d:/# chmod +x /run.sh

root@99c04606894d:/# vi /run.sh

#!/bin/bash

/usr/sbin/sshd -D

最后,退出容器:

root@ce21cd862b7e:/# exit

1.4、保存镜像

查看容器

$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                     PORTS               NAMES

99c04606894d        ubuntu:18.04        "bash"              About an hour ago   Exited ()  seconds ago                       elegant_mendeleev

生成新的镜像 sshd:ubuntu

$ docker commit 99c04606894d sshd:ubuntu

sha256:275da5f9600434f238c2d455a8fd103e0c55ad5c6113d2739a56839985832363

查看镜像

$ docker images

REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE

sshd                ubuntu              275da5f96004         seconds ago       494MB

1.5、使用镜像

启动容器,并映射宿主机 10022 端口到 容器 22 端口:

$ docker run -p : -d sshd:ubuntu /run.sh

ce21cd862b7edc64c0cd3853dc4a7c2fffe977a21254cd4b866748dac516b371

查看容器

$ docker ps

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                   NAMES

ce21cd862b7e        sshd:ubuntu         "/run.sh"            seconds ago       Up  seconds        0.0.0.0:->/tcp   fervent_jennings

登陆容器,不需要输入密码即可登陆

$ ssh root@192.168.121.121 -p 
The authenticity of host '[192.168.121.121]:10022 ([192.168.121.121]:10022)' can't be established.

ECDSA key fingerprint is SHA256:a5DBqdYJ+WuBgJh5GhRb/fXgrtZcgDpL0dzZZqzKy88.

ECDSA key fingerprint is MD5:e2:d3::0b:d4:ce:9e:ea:f2:4b::d9::8d::fe.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '[192.168.121.121]:10022' (ECDSA) to the list of known hosts.

Welcome to Ubuntu 18.04. LTS (GNU/Linux 3.10.-.el7.x86_64 x86_64)

 * Documentation:  https://help.ubuntu.com

 * Management:     https://landscape.canonical.com

 * Support:        https://ubuntu.com/advantage

This system has been minimized by removing packages and content that are

not required on a system that users do not log into.

To restore this content, you can run the 'unminimize' command.

The programs included with the Ubuntu system are free software;

the exact distribution terms for each program are described in the

individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by

applicable law.

root@18ff1392f000:~#

二、使用Dockerfile创建

2.1、创建工作目录

首先,创建一个 sshd_ubuntu 工作目录

$ mkdir sshd_ubuntu

创建 Dockerfile 和 run.sh

$ cd sshd_ubuntu/

$ touch Dockerfile run.sh

$ vi run.sh

#!/bin/bash

/usr/sbin/sshd -D

2.2、编写 authorized_keys 文件

在宿主机上生成 SSH 密钥对,并创建 authorized_keys 文件:

$ ssh-keygen -t rsa

$ cat ~/.ssh/id_rsa.pub >authorized_keys

2.3、编写 Dockerfile 

$ vi Dockerfile 
# 设置继承镜像

FROM ubuntu:18.04

# 提供一些作者的信息

MAINTAINER xiaozhou (xiaozhou@docker.com)

# 下面开始运行命令,此处更改 ubuntu 的源为国内阿里的源

RUN echo "deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse" > /etc/apt/sources.list

RUN echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse" >> /etc/apt/sources.list

RUN echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse" >> /etc/apt/sources.list

RUN echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse" >> /etc/apt/sources.list

RUN echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse" >> /etc/apt/sources.list

RUN echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse" >> /etc/apt/sources.list

RUN echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse" >> /etc/apt/sources.list

RUN echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse" >> /etc/apt/sources.list

RUN echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse" /etc/apt/sources.list

RUN echo "deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse" >> /etc/apt/sources.list

RUN apt-get update

# 安装ssh服务

RUN apt-get install -y openssh-server

RUN mkdir -p /var/run/sshd

RUN mkdir -p /root/.ssh

RUN sed -ri 's/session  required  pam_loginuid.so/#session  required  pam_loginuid.so/g' /etc/pam.d/sshd

# 复制配置文件到相应位置,并赋予脚本可执行权限

ADD authorized_keys /root/.ssh/authorized_keys

ADD run.sh /run.sh

RUN chmod  /run.sh

# 开放端口

EXPOSE 

# 设置自启动命令

CMD ["/run.sh"]

2.4、创建镜像

$ docker build -t sshd:dockerfile .

查看创建的镜像

$ docker images

REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE

sshd                dockerfile          828c78d68a36         seconds ago       231MB

ubuntu              18.04               4c108a37151f         weeks ago         .2MB

2.5、运行容器

$ docker run -d -p : sshd:dockerfile

b45d884c2cbb591fe97a34064c2b9ee09ffedf1cff22e992df0c582a99da2011

查看创建的容器

$ docker ps

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                   NAMES

b45d884c2cbb        sshd:dockerfile     "/run.sh"            seconds ago       Up  seconds        0.0.0.0:->/tcp   lucid_brown

登陆容器

$ ssh root@192.168.121.121 -p

Welcome to Ubuntu 18.04. LTS (GNU/Linux 3.10.-.el7.x86_64 x86_64)

 * Documentation:  https://help.ubuntu.com

 * Management:     https://landscape.canonical.com

 * Support:        https://ubuntu.com/advantage

This system has been minimized by removing packages and content that are

not required on a system that users do not log into.

To restore this content, you can run the 'unminimize' command.

The programs included with the Ubuntu system are free software;

the exact distribution terms for each program are described in the

individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by

applicable law.

root@b45d884c2cbb:~#

如果不让root直接无密码登陆容器,可以注释 ADD authorized_keys /root/.ssh/authorized_keys 这一步,使用下面命令代替,创建普通账户并设置密码,设置root密码
RUN useradd dkuser
RUN echo "dkuser:123456" | chpasswd
RUN echo "root:123456" | chpasswd

这样的话就只能通过普通账户dkuser登陆容器,然后再转到root用户。

读书笔记---《Docker 技术入门与实践》---为镜像添加SSH服务的更多相关文章

  1. Docker实战-为镜像添加SSH服务

    1.基于docker commit命令创建 Docker提供了docker commit命令,支持用户提交自己对定制容器的修改,并生成新的镜像. 命令格式为:docker commit CONTAIN ...

  2. Docker实战(七)之为镜像添加SSH服务

    1.基于commit命令创建 Docker提供了docker commit命令,支持用户提交自己对制定容器的修改,并生成新的镜像.命令格式为docker commit CONTAINER [REPOS ...

  3. 为Docker镜像添加SSH服务

    一.基于commit命令创建 1. 首先下载镜像 $ docker run -it ubuntu:16.04 /bin/bash 2. 安装SSH服务 #更新apt缓存 root@5ef1d31632 ...

  4. docker 为镜像添加ssh服务-docker commit命令创建

    环境centos7 一.准备工作 docker pull ubuntu:18.04 docker run -it ubuntu:18.04 bash 二.配置软件源apt-get update,如果系 ...

  5. 读书笔记---《Docker 技术入门与实践》---其一

    一.镜像1.1.搜索 搜索所有nginx镜像 $ docker search nginx NAME DESCRIPTION STARS OFFICIAL AUTOMATED nginx Officia ...

  6. docker 为镜像添加ssh服务-使用Dockerfile 创建

    首先,基于要添加内容的镜像ubuntu:18.04运行一个容器, 在宿主机(下面步骤是在容器中创建的,应该在宿主机创建进行以下步骤) 一.创建一个工作目录 二.创建Dockerfile 和脚本run. ...

  7. docker为镜像添加SSH服务

    启动并进入容器中 这里用db1容器完成实验. 安装openssh服务和修改sshd配置文件 安装openssh yum install openssh-server openssh-clients - ...

  8. Docker技术入门与实战第2版-高清文字版

      Docker技术入门与实战第2版-高清文字版 下载地址https://pan.baidu.com/s/1bAoRQQlvBa-PXy5lgIlxUg 扫码下面二维码关注公众号回复100011 获取 ...

  9. Docker技术入门与实战

      Docker技术入门与实战 下载地址https://pan.baidu.com/s/1bAoRQQlvBa-PXy5lgIlxUg 扫码下面二维码关注公众号回复100011 获取分享码 本书目录结 ...

随机推荐

  1. Aspose.Words转换为PDF的时候字体丢失的问题解决

    系统中明明有字体的,Word中显示也正常,就是转换为PDF以后不正常,字体丢失,被替换成了等线字体 好一番研究,终于找到原因 ,原因是Windows\Fonts下的文件,有些只是虚拟的路径,真正的字体 ...

  2. JAVA二分插入排序

  3. Python爬虫实战——反爬机制的解决策略【阿里】

    这一次呢,让我们来试一下"CSDN热门文章的抓取". 话不多说,让我们直接进入CSND官网. (其实是因为我被阿里的反爬磨到没脾气,不想说话--) 一.URL分析 输入" ...

  4. redux 基础

    antd 的使用 1.安装npm install antd --save 2.引入到项目中 import 'antd/dist/antd.css'; // or 'antd/dist/antd.les ...

  5. 非关系型数据库MongoDB入门

    本文分为以下四块简单介绍非关系型数据库MongoDB:1.MongoDB简介.2.MongoDB和关系数据库对比.3.MongoDB基本概念.4.mongo shell的使用以及对MongoDB的增删 ...

  6. mysql查找字段空、不为空的方法总结

    1.不为空 Select * From table_name Where id<>'' Select * From table_name Where id!='' 2.为空 Select ...

  7. rstrip

    ====== rstrip ====== Description Returns a copy of the string with trailing characters removed. Synt ...

  8. js关闭当前窗口的几种方法

    第一种:不带任何提示关闭窗口的js代码 <a href="javascript:window.opener=null;window.open('','_self');window.cl ...

  9. 如何 修改jsp页面时间格式

    先导入文件 <%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %> &l ...

  10. 微信小程序截取字符串

    我这里用的 str.substring(star,end)第一个参数代表开始位置,第二个参数代表结束位置的下一个位置;若参数值为负数,则将该值转为0;两个参数中,取较小值作为开始位置,截取出来的字符串 ...