这节学习制作一个ssh镜像服务。

创建sshtest目录,进入到该目录中。

假如允许主机B上的root用户可以通过SSH登录到容器内部,那么首先要在B主机上通过ssh-keygen -t rsa命令生成root用户的公钥。(默认就行,一直按回车)

~/.ssh目录下的id_rsa.pub文件即为该主机上root用户的公钥,写到文件中

[root@miyan sshtest]# cat ~/.ssh/id_rsa.pub > authorized_keys

编写Dockerfile文件

[root@miyan sshtest]# cat Dockerfile

FROM ubuntu:14.04

MAINTAINER miyan XYJK1002@.com

RUN echo "deb http://mirrors.163.com/ubuntu precise main universe" > /etc/apt/sources.list

RUN apt-get update

RUN apt-get install -y openssh-server

RUN mkdir -p /var/run/sshd

RUN mkdir -p /root/.ssh

RUN sed -ri 's/session    required    pam_loginuid.so/#session    required    pam_loginuid.so/g' /etc/pam.d/sshd

ADD authorized_keys /root/.ssh/authorized_keys

RUN echo "#!/bin/bash" >/root/run.sh

RUN echo "/usr/sbin/sshd -D" >>/root/run.sh

RUN chmod u+x /root/run.sh

EXPOSE

CMD ["/root/run.sh"]

注释:

1.

RUN sed -ri 's/session    required    pam_loginuid.so/#session    required    pam_loginuid.so/g' /etc/pam.d/sshd

默认情况下,pam认证程序会对SSH登录进行限制,修改配置文件,注释掉session required pam_loginuid.so

2.脚本的命令中不能添加&。例如,如果脚本是/usr/sbin/sshd -D & ,则当容器以脚本启动时,会立马执行完毕,相应的容器也就退出了,但我们需要将SSH服务一直监听着,此处-D参数噶偶SSH服务不以守护进程进行,而是和运行终端关联,有了关联终端,容器不会退出

构建

[root@miyan sshtest]# docker build -t ssh_ubuntu:14.04 .

中间过程:

Sending build context to Docker daemon 3.584 kB

Step  : FROM ubuntu:14.04

 ---> ab035c88d533

Step  : MAINTAINER miyan XYJK1002@.com

 ---> Running in 0be9d1fd9270

 ---> c5a7ea1f66ee

Removing intermediate container 0be9d1fd9270

Step  : RUN echo "deb http://mirrors.163.com/ubuntu precise main universe" > /etc/apt/sources.list

 ---> Running in c48a5aae931d

 ---> ff36bb1e558e

Removing intermediate container c48a5aae931d

Step  : RUN apt-get update

 ---> Running in aa33b10ade80

Ign http://mirrors.163.com precise InRelease

Get: http://mirrors.163.com precise Release.gpg [198 B]

Get: http://mirrors.163.com precise Release [49.6 kB]

Get: http://mirrors.163.com precise/main amd64 Packages [1640 kB]

Get: http://mirrors.163.com precise/universe amd64 Packages [6167 kB]

Fetched  kB in 3s ( kB/s)

Reading package lists...

 ---> fd60fcc8697c

Removing intermediate container aa33b10ade80

Step  : RUN apt-get install -y openssh-server

 ---> Running in bed6bd156290

Reading package lists...

Building dependency tree...

Reading state information...

The following extra packages will be installed:

  ca-certificates krb5-locales libedit2 libgssapi-krb5- libidn11 libk5crypto3

  libkeyutils1 libkrb5- libkrb5support0 libwrap0 libx11- libx11-data libxau6

  libxcb1 libxdmcp6 libxext6 libxmuu1 openssh-client openssl ssh-import-id

  tcpd wget xauth

Suggested packages:

  krb5-doc krb5-user ssh-askpass libpam-ssh keychain monkeysphere

  openssh-blacklist openssh-blacklist-extra rssh molly-guard ufw

The following NEW packages will be installed:

  ca-certificates krb5-locales libedit2 libgssapi-krb5- libidn11 libk5crypto3

  libkeyutils1 libkrb5- libkrb5support0 libwrap0 libx11- libx11-data libxau6

  libxcb1 libxdmcp6 libxext6 libxmuu1 openssh-client openssh-server openssl

  ssh-import-id tcpd wget xauth

 upgraded,  newly installed,  to remove and  not upgraded.

Need to get  kB of archives.

After this operation, 12.9 MB of additional disk space will be used.

Get: http://mirrors.163.com/ubuntu/ precise/main libedit2 amd64 2.11-20080614-3ubuntu2 [70.3 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main libkrb5support0 amd64 1.10+dfsg~beta1-2 [23.5 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main libk5crypto3 amd64 1.10+dfsg~beta1-2 [79.9 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main libkeyutils1 amd64 1.5.2-2 [7862 B]

Get: http://mirrors.163.com/ubuntu/ precise/main libkrb5-3 amd64 1.10+dfsg~beta1-2 [354 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main libgssapi-krb5-2 amd64 1.10+dfsg~beta1-2 [118 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main libidn11 amd64 1.23-2 [112 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main libxau6 amd64 1:1.0.6-4 [8392 B]

Get: http://mirrors.163.com/ubuntu/ precise/main libxdmcp6 amd64 1:1.1.0-4 [12.7 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main libxcb1 amd64 1.8.1-1 [44.7 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main libx11-data all 2:1.4.99.1-0ubuntu2 [168 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main libx11-6 amd64 2:1.4.99.1-0ubuntu2 [762 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main libxext6 amd64 2:1.3.0-3build1 [33.2 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main libxmuu1 amd64 2:1.1.0-3 [11.0 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main libwrap0 amd64 7.6.q-21 [49.9 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main openssl amd64 1.0.1-4ubuntu3 [523 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main ca-certificates all 20111211 [169 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main krb5-locales all 1.10+dfsg~beta1-2 [8886 B]

Get: http://mirrors.163.com/ubuntu/ precise/main openssh-client amd64 1:5.9p1-5ubuntu1 [943 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main wget amd64 1.13.4-2ubuntu1 [277 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main xauth amd64 1:1.0.6-1 [26.2 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main openssh-server amd64 1:5.9p1-5ubuntu1 [339 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main tcpd amd64 7.6.q-21 [29.4 kB]

Get: http://mirrors.163.com/ubuntu/ precise/main ssh-import-id all 2.10-0ubuntu1 [6598 B]

debconf: unable to initialize frontend: Dialog

debconf: (TERM is not set, so the dialog frontend is not usable.)

debconf: falling back to frontend: Readline

debconf: unable to initialize frontend: Readline

debconf: (This frontend requires a controlling tty.)

debconf: falling back to frontend: Teletype

dpkg-preconfigure: unable to re-open stdin:

Fetched  kB in 6s ( kB/s)

Selecting previously unselected package libedit2:amd64.

(Reading database ...  files and directories currently installed.)

Preparing to unpack .../libedit2_2.--3ubuntu2_amd64.deb ...

Unpacking libedit2:amd64 (2.11--3ubuntu2) ...

Selecting previously unselected package libkrb5support0:amd64.

Preparing to unpack .../libkrb5support0_1.+dfsg~beta1-2_amd64.deb ...

Unpacking libkrb5support0:amd64 (1.10+dfsg~beta1-) ...

Selecting previously unselected package libk5crypto3:amd64.

Preparing to unpack .../libk5crypto3_1.+dfsg~beta1-2_amd64.deb ...

Unpacking libk5crypto3:amd64 (1.10+dfsg~beta1-) ...

Selecting previously unselected package libkeyutils1:amd64.

Preparing to unpack .../libkeyutils1_1.5.2-2_amd64.deb ...

Unpacking libkeyutils1:amd64 (1.5.-) ...

Selecting previously unselected package libkrb5-:amd64.

Preparing to unpack .../libkrb5-3_1.+dfsg~beta1-2_amd64.deb ...

Unpacking libkrb5-:amd64 (1.10+dfsg~beta1-) ...

Selecting previously unselected package libgssapi-krb5-:amd64.

Preparing to unpack .../libgssapi-krb5-2_1.+dfsg~beta1-2_amd64.deb ...

Unpacking libgssapi-krb5-:amd64 (1.10+dfsg~beta1-) ...

Selecting previously unselected package libidn11:amd64.

Preparing to unpack .../libidn11_1.-2_amd64.deb ...

Unpacking libidn11:amd64 (1.23-) ...

Selecting previously unselected package libxau6:amd64.

Preparing to unpack .../libxau6_1%3a1.0.6-4_amd64.deb ...

Unpacking libxau6:amd64 (:1.0.-) ...

Selecting previously unselected package libxdmcp6:amd64.

Preparing to unpack .../libxdmcp6_1%3a1.1.0-4_amd64.deb ...

Unpacking libxdmcp6:amd64 (:1.1.-) ...

Selecting previously unselected package libxcb1:amd64.

Preparing to unpack .../libxcb1_1.8.1-1_amd64.deb ...

Unpacking libxcb1:amd64 (1.8.-) ...

Selecting previously unselected package libx11-data.

Preparing to unpack .../libx11-data_2%3a1.4.99.-0ubuntu2_all.deb ...

Unpacking libx11-data (:1.4.99.1-0ubuntu2) ...

Selecting previously unselected package libx11-:amd64.

Preparing to unpack .../libx11-6_2%3a1.4.99.-0ubuntu2_amd64.deb ...

Unpacking libx11-:amd64 (:1.4.99.1-0ubuntu2) ...

Selecting previously unselected package libxext6:amd64.

Preparing to unpack .../libxext6_2%3a1.3.0-3build1_amd64.deb ...

Unpacking libxext6:amd64 (:1.3.-3build1) ...

Selecting previously unselected package libxmuu1:amd64.

Preparing to unpack .../libxmuu1_2%3a1.1.0-3_amd64.deb ...

Unpacking libxmuu1:amd64 (:1.1.-) ...

Selecting previously unselected package libwrap0:amd64.

Preparing to unpack .../libwrap0_7..q-21_amd64.deb ...

Unpacking libwrap0:amd64 (7.6.q-) ...

Selecting previously unselected package openssl.

Preparing to unpack .../openssl_1.0.1-4ubuntu3_amd64.deb ...

Unpacking openssl (1.0.-4ubuntu3) ...

Selecting previously unselected package ca-certificates.

Preparing to unpack .../ca-certificates_20111211_all.deb ...

Unpacking ca-certificates () ...

Selecting previously unselected package krb5-locales.

Preparing to unpack .../krb5-locales_1.+dfsg~beta1-2_all.deb ...

Unpacking krb5-locales (1.10+dfsg~beta1-) ...

Selecting previously unselected package openssh-client.

Preparing to unpack .../openssh-client_1%3a5.9p1-5ubuntu1_amd64.deb ...

Unpacking openssh-client (:.9p1-5ubuntu1) ...

Selecting previously unselected package wget.

Preparing to unpack .../wget_1.13.4-2ubuntu1_amd64.deb ...

Unpacking wget (1.13.-2ubuntu1) ...

Selecting previously unselected package xauth.

Preparing to unpack .../xauth_1%3a1.0.6-1_amd64.deb ...

Unpacking xauth (:1.0.-) ...

Selecting previously unselected package openssh-server.

Preparing to unpack .../openssh-server_1%3a5.9p1-5ubuntu1_amd64.deb ...

debconf: unable to initialize frontend: Dialog

debconf: (TERM is not set, so the dialog frontend is not usable.)

debconf: falling back to frontend: Readline

debconf: unable to initialize frontend: Readline

debconf: (This frontend requires a controlling tty.)

debconf: falling back to frontend: Teletype

Unpacking openssh-server (:.9p1-5ubuntu1) ...

Selecting previously unselected package tcpd.

Preparing to unpack .../tcpd_7..q-21_amd64.deb ...

Unpacking tcpd (7.6.q-) ...

Selecting previously unselected package ssh-import-id.

Preparing to unpack .../ssh-import-id_2.-0ubuntu1_all.deb ...

Unpacking ssh-import-id (2.10-0ubuntu1) ...

Processing triggers for ureadahead (0.100.-) ...

Setting up libedit2:amd64 (2.11--3ubuntu2) ...

Setting up libkrb5support0:amd64 (1.10+dfsg~beta1-) ...

Setting up libk5crypto3:amd64 (1.10+dfsg~beta1-) ...

Setting up libkeyutils1:amd64 (1.5.-) ...

Setting up libkrb5-:amd64 (1.10+dfsg~beta1-) ...

Setting up libgssapi-krb5-:amd64 (1.10+dfsg~beta1-) ...

Setting up libidn11:amd64 (1.23-) ...

Setting up libxau6:amd64 (:1.0.-) ...

Setting up libxdmcp6:amd64 (:1.1.-) ...

Setting up libxcb1:amd64 (1.8.-) ...

Setting up libx11-data (:1.4.99.1-0ubuntu2) ...

Setting up libx11-:amd64 (:1.4.99.1-0ubuntu2) ...

Setting up libxext6:amd64 (:1.3.-3build1) ...

Setting up libxmuu1:amd64 (:1.1.-) ...

Setting up libwrap0:amd64 (7.6.q-) ...

Setting up openssl (1.0.-4ubuntu3) ...

Setting up ca-certificates () ...

debconf: unable to initialize frontend: Dialog

debconf: (TERM is not set, so the dialog frontend is not usable.)

debconf: falling back to frontend: Readline

debconf: unable to initialize frontend: Readline

debconf: (This frontend requires a controlling tty.)

debconf: falling back to frontend: Teletype

Updating certificates in /etc/ssl/certs...  added,  removed; done.

Running hooks in /etc/ca-certificates/update.d....done.

Setting up krb5-locales (1.10+dfsg~beta1-) ...

Setting up openssh-client (:.9p1-5ubuntu1) ...

debconf: unable to initialize frontend: Dialog

debconf: (TERM is not set, so the dialog frontend is not usable.)

debconf: falling back to frontend: Readline

debconf: unable to initialize frontend: Readline

debconf: (This frontend requires a controlling tty.)

debconf: falling back to frontend: Teletype

Setting up wget (1.13.-2ubuntu1) ...

Setting up xauth (:1.0.-) ...

Setting up openssh-server (:.9p1-5ubuntu1) ...

debconf: unable to initialize frontend: Dialog

debconf: (TERM is not set, so the dialog frontend is not usable.)

debconf: falling back to frontend: Readline

debconf: unable to initialize frontend: Readline

debconf: (This frontend requires a controlling tty.)

debconf: falling back to frontend: Teletype

Creating SSH2 RSA key; this may take some time ...

Creating SSH2 DSA key; this may take some time ...

Creating SSH2 ECDSA key; this may take some time ...

invoke-rc.d: policy-rc.d denied execution of stop.

Setting up tcpd (7.6.q-) ...

Setting up ssh-import-id (2.10-0ubuntu1) ...

Processing triggers for libc-bin (2.19-0ubuntu6.) ...

Processing triggers for ureadahead (0.100.-) ...

 ---> d586e6941c24

Removing intermediate container bed6bd156290

Step  : RUN mkdir -p /var/run/sshd

 ---> Running in d16d593c8252

 ---> 39526127d62f

Removing intermediate container d16d593c8252

Step  : RUN mkdir -p /root/.ssh

 ---> Running in 6c117ffaec39

 ---> 181ba5e8a90d

Removing intermediate container 6c117ffaec39

Step  : RUN sed -ri 's/session    required    pam_loginuid.so/#session    required    pam_loginuid.so/g' /etc/pam.d/sshd

 ---> Running in 4f20ea132054

 ---> 6ebde2837cd4

Removing intermediate container 4f20ea132054

Step  : ADD authorized_keys /root/.ssh/authorized_keys

 ---> 45809864aec6

Removing intermediate container ac3aacac0658

Step  : RUN echo "#!/bin/bash" >/root/run.sh

 ---> Running in 5fe0512fc13b

 ---> 1fbb88283c14

Removing intermediate container 5fe0512fc13b

Step  : RUN echo "/usr/sbin/sshd -D" >>/root/run.sh

 ---> Running in 61753a22b6d4

 ---> 04ef9cf7916c

Removing intermediate container 61753a22b6d4

Step  : RUN chmod u+x /root/run.sh

 ---> Running in 0b7e8d82eb5c

 ---> aba2fcb00bdd

Removing intermediate container 0b7e8d82eb5c

Step  : EXPOSE

 ---> Running in 7b55119a0040

 ---> cb241747b77c

Removing intermediate container 7b55119a0040

Step  : CMD /root/run.sh

 ---> Running in 97ee5a0e8cbd

 ---> 3ac4daf2d7a3

Removing intermediate container 97ee5a0e8cbd

Successfully built 3ac4daf2d7a3

查看镜像是否生成:

[root@miyan sshtest]# docker images
REPOSITORY           TAG                 IMAGE ID            CREATED              VIRTUAL SIZE
ssh_ubuntu           14.04               3ac4daf2d7a3        About a minute ago   209.6 MB

创建容器:

[root@miyan sshtest]# docker run -d -p : ssh_ubuntu:14.04 /root/run.sh

8fe2d6f4f90a4b60460eee960ebfe47a1b640678e7bd46593406fcaaba612a84

通过访问容器的宿主机的2023端口登录容器。

[root@miyan sshtest]# ssh 10.165.48.219 -p

The authenticity of host '[10.165.48.219]:2023 ([10.165.48.219]:2023)' can't be established.

ECDSA key fingerprint is :::8b:7d:a3:e7:cd:::de:e1:3c::f2:.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '[10.165.48.219]:2023' (ECDSA) to the list of known hosts.

The programs included with the Ubuntu system are free software;

the exact distribution terms for each program are described in the

individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by

applicable law.

root@8fe2d6f4f90a:~#

Dockerfile学习(二)的更多相关文章

  1. emberjs学习二(ember-data和localstorage_adapter)

    emberjs学习二(ember-data和localstorage_adapter) 准备工作 首先我们加入ember-data和ember-localstorage-adapter两个依赖项,使用 ...

  2. ReactJS入门学习二

    ReactJS入门学习二 阅读目录 React的背景和基本原理 理解React.render() 什么是JSX? 为什么要使用JSX? JSX的语法 如何在JSX中如何使用事件 如何在JSX中如何使用 ...

  3. TweenMax动画库学习(二)

    目录            TweenMax动画库学习(一)            TweenMax动画库学习(二)            TweenMax动画库学习(三)            Tw ...

  4. Hbase深入学习(二) 安装hbase

    Hbase深入学习(二) 安装hbase This guidedescribes setup of a standalone hbase instance that uses the local fi ...

  5. Struts2框架学习(二) Action

    Struts2框架学习(二) Action Struts2框架中的Action类是一个单独的javabean对象.不像Struts1中还要去继承HttpServlet,耦合度减小了. 1,流程 拦截器 ...

  6. Python学习二:词典基础详解

    作者:NiceCui 本文谢绝转载,如需转载需征得作者本人同意,谢谢. 本文链接:http://www.cnblogs.com/NiceCui/p/7862377.html 邮箱:moyi@moyib ...

  7. Quartz学习--二 Hello Quartz! 和源码分析

    Quartz学习--二  Hello Quartz! 和源码分析 三.  Hello Quartz! 我会跟着 第一章 6.2 的图来 进行同步代码编写 简单入门示例: 创建一个新的java普通工程 ...

  8. SpringCloud学习(二):微服务入门实战项目搭建

    一.开始使用Spring Cloud实战微服务 1.SpringCloud是什么? 云计算的解决方案?不是 SpringCloud是一个在SpringBoot的基础上构建的一个快速构建分布式系统的工具 ...

  9. DjangoRestFramework学习二之序列化组件、视图组件 serializer modelserializer

      DjangoRestFramework学习二之序列化组件.视图组件   本节目录 一 序列化组件 二 视图组件 三 xxx 四 xxx 五 xxx 六 xxx 七 xxx 八 xxx 一 序列化组 ...

  10. SpringMVC入门学习(二)

    SpringMVC入门学习(二) ssm框架 springMVC  在上一篇博客中,我简单介绍了一下SpringMVC的环境配置,和简单的使用,今天我们将进一步的学习下Springmvc的操作. mo ...

随机推荐

  1. rxjs1

    <li *ngFor="let fruit of fruitsList; let i = index;">{{i}}-{{fruit.name}}-{{fruit.pr ...

  2. Java多线程——不可变对象

    不可变对象条件 对象需要满足一下三个条件才是不可变对象: 1.对象创建以后其状态就不能修改 2.对象所有域都是final类型 3.对象是正确创建的(对象在创建期间,this引用没有溢出) 简而言之就是 ...

  3. error C2998: 'XXXXXXX' : cannot be a template definition 的可能原因。

    从错误信息的字面意思可以看出来是 XXXXX 不能作为模板定义. 但是为什么不能,并没有说明,最后我翻阅各种资料,各种尝试后,发现往往可能是由于找不到模板函数的某个参数的定义而导致的. templat ...

  4. discuz论坛模板文件目录

    公共模板文件夹 ./template/default/common/ common.css 公共CSS文件 faq.htm 帮助模板文件 footer.htm 系统总底部模板 footer_ajax. ...

  5. Eclipse中关于JRE System Library、Web App Libraries的疑惑

    当我们在Eclipse中建立java的web工程时,会产生JRE System Library和Referenced Libraries,Web App Libraries不生成,下面会 简要说明一下 ...

  6. markdown软件和网站

    网站:http://markdown.xiaoshujiang.com/ 软件: Moeditor:https://moeditor.org/ Remarkable:https://remarkabl ...

  7. vim-addon-manager【转】

    Vim是一个非常优秀的编辑器,但是没装插件的Vim就始终只是个编辑器而已,是插件让Vim变得更加强大. 但是插件装得多了,管理就成了问题,Vim本身并没有提供插件管理功能,往往时间一长,.vim/vi ...

  8. greenlet:轻量级的并发编程

    1 关于greenlet greelet指的是使用一个任务调度器和一些生成器或者协程实现协作式用户空间多线程的一种伪并发机制,即所谓的微线程. greelet机制的主要思想是:生成器函数或者协程函数中 ...

  9. linux之shell之if、while、for语句介绍

    一.基本判断条件 1)逻辑运算符 -a    expr1 -a expr2    逻辑与 -o    expr1 -o expr2    逻辑或 !     !expr1                ...

  10. python redis操作

    import redis r = redis.Redis( host='1xx.x24.3xx.x0', #ip, password='xnxnxn&*',#密码 port=6379, #端口 ...