这节学习制作一个ssh镜像服务。
创建sshtest目录,进入到该目录中。
假如允许主机B上的root用户可以通过SSH登录到容器内部,那么首先要在B主机上通过ssh-keygen -t rsa命令生成root用户的公钥。(默认就行,一直按回车)
~/.ssh目录下的id_rsa.pub文件即为该主机上root用户的公钥,写到文件中
[root@miyan sshtest]# cat ~/.ssh/id_rsa.pub > authorized_keys
编写Dockerfile文件
[root@miyan sshtest]# cat Dockerfile FROM ubuntu:14.04 MAINTAINER miyan XYJK1002@163.com RUN echo "deb http://mirrors.163.com/ubuntu precise main universe" > /etc/apt/sources.list RUN apt-get update RUN apt-get install -y openssh-server RUN mkdir -p /var/run/sshd RUN mkdir -p /root/.ssh RUN sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd ADD authorized_keys /root/.ssh/authorized_keys RUN echo "#!/bin/bash" >/root/run.sh RUN echo "/usr/sbin/sshd -D" >>/root/run.sh RUN chmod u+x /root/run.sh EXPOSE 22 CMD ["/root/run.sh"]
注释:
1.
RUN sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
默认情况下,pam认证程序会对SSH登录进行限制,修改配置文件,注释掉session required pam_loginuid.so
2.脚本的命令中不能添加&。例如,如果脚本是/usr/sbin/sshd -D & ,则当容器以脚本启动时,会立马执行完毕,相应的容器也就退出了,但我们需要将SSH服务一直监听着,此处-D参数噶偶SSH服务不以守护进程进行,而是和运行终端关联,有了关联终端,容器不会退出
构建
[root@miyan sshtest]# docker build -t ssh_ubuntu:14.04 .
中间过程:
Sending build context to Docker daemon 3.584 kB Step 0 : FROM ubuntu:14.04 ---> ab035c88d533 Step 1 : MAINTAINER miyan XYJK1002@163.com ---> Running in 0be9d1fd9270 ---> c5a7ea1f66ee Removing intermediate container 0be9d1fd9270 Step 2 : RUN echo "deb http://mirrors.163.com/ubuntu precise main universe" > /etc/apt/sources.list ---> Running in c48a5aae931d ---> ff36bb1e558e Removing intermediate container c48a5aae931d Step 3 : RUN apt-get update ---> Running in aa33b10ade80 Ign http://mirrors.163.com precise InRelease Get:1 http://mirrors.163.com precise Release.gpg [198 B] Get:2 http://mirrors.163.com precise Release [49.6 kB] Get:3 http://mirrors.163.com precise/main amd64 Packages [1640 kB] Get:4 http://mirrors.163.com precise/universe amd64 Packages [6167 kB] Fetched 7857 kB in 3s (2111 kB/s) Reading package lists... ---> fd60fcc8697c Removing intermediate container aa33b10ade80 Step 4 : RUN apt-get install -y openssh-server ---> Running in bed6bd156290 Reading package lists... Building dependency tree... Reading state information... The following extra packages will be installed: ca-certificates krb5-locales libedit2 libgssapi-krb5-2 libidn11 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libwrap0 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 openssh-client openssl ssh-import-id tcpd wget xauth Suggested packages: krb5-doc krb5-user ssh-askpass libpam-ssh keychain monkeysphere openssh-blacklist openssh-blacklist-extra rssh molly-guard ufw The following NEW packages will be installed: ca-certificates krb5-locales libedit2 libgssapi-krb5-2 libidn11 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libwrap0 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 openssh-client openssh-server openssl ssh-import-id tcpd wget xauth 0 upgraded, 24 newly installed, 0 to remove and 0 not upgraded. Need to get 4178 kB of archives. After this operation, 12.9 MB of additional disk space will be used. Get:1 http://mirrors.163.com/ubuntu/ precise/main libedit2 amd64 2.11-20080614-3ubuntu2 [70.3 kB] Get:2 http://mirrors.163.com/ubuntu/ precise/main libkrb5support0 amd64 1.10+dfsg~beta1-2 [23.5 kB] Get:3 http://mirrors.163.com/ubuntu/ precise/main libk5crypto3 amd64 1.10+dfsg~beta1-2 [79.9 kB] Get:4 http://mirrors.163.com/ubuntu/ precise/main libkeyutils1 amd64 1.5.2-2 [7862 B] Get:5 http://mirrors.163.com/ubuntu/ precise/main libkrb5-3 amd64 1.10+dfsg~beta1-2 [354 kB] Get:6 http://mirrors.163.com/ubuntu/ precise/main libgssapi-krb5-2 amd64 1.10+dfsg~beta1-2 [118 kB] Get:7 http://mirrors.163.com/ubuntu/ precise/main libidn11 amd64 1.23-2 [112 kB] Get:8 http://mirrors.163.com/ubuntu/ precise/main libxau6 amd64 1:1.0.6-4 [8392 B] Get:9 http://mirrors.163.com/ubuntu/ precise/main libxdmcp6 amd64 1:1.1.0-4 [12.7 kB] Get:10 http://mirrors.163.com/ubuntu/ precise/main libxcb1 amd64 1.8.1-1 [44.7 kB] Get:11 http://mirrors.163.com/ubuntu/ precise/main libx11-data all 2:1.4.99.1-0ubuntu2 [168 kB] Get:12 http://mirrors.163.com/ubuntu/ precise/main libx11-6 amd64 2:1.4.99.1-0ubuntu2 [762 kB] Get:13 http://mirrors.163.com/ubuntu/ precise/main libxext6 amd64 2:1.3.0-3build1 [33.2 kB] Get:14 http://mirrors.163.com/ubuntu/ precise/main libxmuu1 amd64 2:1.1.0-3 [11.0 kB] Get:15 http://mirrors.163.com/ubuntu/ precise/main libwrap0 amd64 7.6.q-21 [49.9 kB] Get:16 http://mirrors.163.com/ubuntu/ precise/main openssl amd64 1.0.1-4ubuntu3 [523 kB] Get:17 http://mirrors.163.com/ubuntu/ precise/main ca-certificates all 20111211 [169 kB] Get:18 http://mirrors.163.com/ubuntu/ precise/main krb5-locales all 1.10+dfsg~beta1-2 [8886 B] Get:19 http://mirrors.163.com/ubuntu/ precise/main openssh-client amd64 1:5.9p1-5ubuntu1 [943 kB] Get:20 http://mirrors.163.com/ubuntu/ precise/main wget amd64 1.13.4-2ubuntu1 [277 kB] Get:21 http://mirrors.163.com/ubuntu/ precise/main xauth amd64 1:1.0.6-1 [26.2 kB] Get:22 http://mirrors.163.com/ubuntu/ precise/main openssh-server amd64 1:5.9p1-5ubuntu1 [339 kB] Get:23 http://mirrors.163.com/ubuntu/ precise/main tcpd amd64 7.6.q-21 [29.4 kB] Get:24 http://mirrors.163.com/ubuntu/ precise/main ssh-import-id all 2.10-0ubuntu1 [6598 B] debconf: unable to initialize frontend: Dialog debconf: (TERM is not set, so the dialog frontend is not usable.) debconf: falling back to frontend: Readline debconf: unable to initialize frontend: Readline debconf: (This frontend requires a controlling tty.) debconf: falling back to frontend: Teletype dpkg-preconfigure: unable to re-open stdin: Fetched 4178 kB in 6s (679 kB/s) Selecting previously unselected package libedit2:amd64. (Reading database ... 11542 files and directories currently installed.) Preparing to unpack .../libedit2_2.11-20080614-3ubuntu2_amd64.deb ... Unpacking libedit2:amd64 (2.11-20080614-3ubuntu2) ... Selecting previously unselected package libkrb5support0:amd64. Preparing to unpack .../libkrb5support0_1.10+dfsg~beta1-2_amd64.deb ... Unpacking libkrb5support0:amd64 (1.10+dfsg~beta1-2) ... Selecting previously unselected package libk5crypto3:amd64. Preparing to unpack .../libk5crypto3_1.10+dfsg~beta1-2_amd64.deb ... Unpacking libk5crypto3:amd64 (1.10+dfsg~beta1-2) ... Selecting previously unselected package libkeyutils1:amd64. Preparing to unpack .../libkeyutils1_1.5.2-2_amd64.deb ... Unpacking libkeyutils1:amd64 (1.5.2-2) ... Selecting previously unselected package libkrb5-3:amd64. Preparing to unpack .../libkrb5-3_1.10+dfsg~beta1-2_amd64.deb ... Unpacking libkrb5-3:amd64 (1.10+dfsg~beta1-2) ... Selecting previously unselected package libgssapi-krb5-2:amd64. Preparing to unpack .../libgssapi-krb5-2_1.10+dfsg~beta1-2_amd64.deb ... Unpacking libgssapi-krb5-2:amd64 (1.10+dfsg~beta1-2) ... Selecting previously unselected package libidn11:amd64. Preparing to unpack .../libidn11_1.23-2_amd64.deb ... Unpacking libidn11:amd64 (1.23-2) ... Selecting previously unselected package libxau6:amd64. Preparing to unpack .../libxau6_1%3a1.0.6-4_amd64.deb ... Unpacking libxau6:amd64 (1:1.0.6-4) ... Selecting previously unselected package libxdmcp6:amd64. Preparing to unpack .../libxdmcp6_1%3a1.1.0-4_amd64.deb ... Unpacking libxdmcp6:amd64 (1:1.1.0-4) ... Selecting previously unselected package libxcb1:amd64. Preparing to unpack .../libxcb1_1.8.1-1_amd64.deb ... Unpacking libxcb1:amd64 (1.8.1-1) ... Selecting previously unselected package libx11-data. Preparing to unpack .../libx11-data_2%3a1.4.99.1-0ubuntu2_all.deb ... Unpacking libx11-data (2:1.4.99.1-0ubuntu2) ... Selecting previously unselected package libx11-6:amd64. Preparing to unpack .../libx11-6_2%3a1.4.99.1-0ubuntu2_amd64.deb ... Unpacking libx11-6:amd64 (2:1.4.99.1-0ubuntu2) ... Selecting previously unselected package libxext6:amd64. Preparing to unpack .../libxext6_2%3a1.3.0-3build1_amd64.deb ... Unpacking libxext6:amd64 (2:1.3.0-3build1) ... Selecting previously unselected package libxmuu1:amd64. Preparing to unpack .../libxmuu1_2%3a1.1.0-3_amd64.deb ... Unpacking libxmuu1:amd64 (2:1.1.0-3) ... Selecting previously unselected package libwrap0:amd64. Preparing to unpack .../libwrap0_7.6.q-21_amd64.deb ... Unpacking libwrap0:amd64 (7.6.q-21) ... Selecting previously unselected package openssl. Preparing to unpack .../openssl_1.0.1-4ubuntu3_amd64.deb ... Unpacking openssl (1.0.1-4ubuntu3) ... Selecting previously unselected package ca-certificates. Preparing to unpack .../ca-certificates_20111211_all.deb ... Unpacking ca-certificates (20111211) ... Selecting previously unselected package krb5-locales. Preparing to unpack .../krb5-locales_1.10+dfsg~beta1-2_all.deb ... Unpacking krb5-locales (1.10+dfsg~beta1-2) ... Selecting previously unselected package openssh-client. Preparing to unpack .../openssh-client_1%3a5.9p1-5ubuntu1_amd64.deb ... Unpacking openssh-client (1:5.9p1-5ubuntu1) ... Selecting previously unselected package wget. Preparing to unpack .../wget_1.13.4-2ubuntu1_amd64.deb ... Unpacking wget (1.13.4-2ubuntu1) ... Selecting previously unselected package xauth. Preparing to unpack .../xauth_1%3a1.0.6-1_amd64.deb ... Unpacking xauth (1:1.0.6-1) ... Selecting previously unselected package openssh-server. Preparing to unpack .../openssh-server_1%3a5.9p1-5ubuntu1_amd64.deb ... debconf: unable to initialize frontend: Dialog debconf: (TERM is not set, so the dialog frontend is not usable.) debconf: falling back to frontend: Readline debconf: unable to initialize frontend: Readline debconf: (This frontend requires a controlling tty.) debconf: falling back to frontend: Teletype Unpacking openssh-server (1:5.9p1-5ubuntu1) ... Selecting previously unselected package tcpd. Preparing to unpack .../tcpd_7.6.q-21_amd64.deb ... Unpacking tcpd (7.6.q-21) ... Selecting previously unselected package ssh-import-id. Preparing to unpack .../ssh-import-id_2.10-0ubuntu1_all.deb ... Unpacking ssh-import-id (2.10-0ubuntu1) ... Processing triggers for ureadahead (0.100.0-16) ... Setting up libedit2:amd64 (2.11-20080614-3ubuntu2) ... Setting up libkrb5support0:amd64 (1.10+dfsg~beta1-2) ... Setting up libk5crypto3:amd64 (1.10+dfsg~beta1-2) ... Setting up libkeyutils1:amd64 (1.5.2-2) ... Setting up libkrb5-3:amd64 (1.10+dfsg~beta1-2) ... Setting up libgssapi-krb5-2:amd64 (1.10+dfsg~beta1-2) ... Setting up libidn11:amd64 (1.23-2) ... Setting up libxau6:amd64 (1:1.0.6-4) ... Setting up libxdmcp6:amd64 (1:1.1.0-4) ... Setting up libxcb1:amd64 (1.8.1-1) ... Setting up libx11-data (2:1.4.99.1-0ubuntu2) ... Setting up libx11-6:amd64 (2:1.4.99.1-0ubuntu2) ... Setting up libxext6:amd64 (2:1.3.0-3build1) ... Setting up libxmuu1:amd64 (2:1.1.0-3) ... Setting up libwrap0:amd64 (7.6.q-21) ... Setting up openssl (1.0.1-4ubuntu3) ... Setting up ca-certificates (20111211) ... debconf: unable to initialize frontend: Dialog debconf: (TERM is not set, so the dialog frontend is not usable.) debconf: falling back to frontend: Readline debconf: unable to initialize frontend: Readline debconf: (This frontend requires a controlling tty.) debconf: falling back to frontend: Teletype Updating certificates in /etc/ssl/certs... 152 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d....done. Setting up krb5-locales (1.10+dfsg~beta1-2) ... Setting up openssh-client (1:5.9p1-5ubuntu1) ... debconf: unable to initialize frontend: Dialog debconf: (TERM is not set, so the dialog frontend is not usable.) debconf: falling back to frontend: Readline debconf: unable to initialize frontend: Readline debconf: (This frontend requires a controlling tty.) debconf: falling back to frontend: Teletype Setting up wget (1.13.4-2ubuntu1) ... Setting up xauth (1:1.0.6-1) ... Setting up openssh-server (1:5.9p1-5ubuntu1) ... debconf: unable to initialize frontend: Dialog debconf: (TERM is not set, so the dialog frontend is not usable.) debconf: falling back to frontend: Readline debconf: unable to initialize frontend: Readline debconf: (This frontend requires a controlling tty.) debconf: falling back to frontend: Teletype Creating SSH2 RSA key; this may take some time ... Creating SSH2 DSA key; this may take some time ... Creating SSH2 ECDSA key; this may take some time ... invoke-rc.d: policy-rc.d denied execution of stop. Setting up tcpd (7.6.q-21) ... Setting up ssh-import-id (2.10-0ubuntu1) ... Processing triggers for libc-bin (2.19-0ubuntu6.7) ... Processing triggers for ureadahead (0.100.0-16) ... ---> d586e6941c24 Removing intermediate container bed6bd156290 Step 5 : RUN mkdir -p /var/run/sshd ---> Running in d16d593c8252 ---> 39526127d62f Removing intermediate container d16d593c8252 Step 6 : RUN mkdir -p /root/.ssh ---> Running in 6c117ffaec39 ---> 181ba5e8a90d Removing intermediate container 6c117ffaec39 Step 7 : RUN sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd ---> Running in 4f20ea132054 ---> 6ebde2837cd4 Removing intermediate container 4f20ea132054 Step 8 : ADD authorized_keys /root/.ssh/authorized_keys ---> 45809864aec6 Removing intermediate container ac3aacac0658 Step 9 : RUN echo "#!/bin/bash" >/root/run.sh ---> Running in 5fe0512fc13b ---> 1fbb88283c14 Removing intermediate container 5fe0512fc13b Step 10 : RUN echo "/usr/sbin/sshd -D" >>/root/run.sh ---> Running in 61753a22b6d4 ---> 04ef9cf7916c Removing intermediate container 61753a22b6d4 Step 11 : RUN chmod u+x /root/run.sh ---> Running in 0b7e8d82eb5c ---> aba2fcb00bdd Removing intermediate container 0b7e8d82eb5c Step 12 : EXPOSE 22 ---> Running in 7b55119a0040 ---> cb241747b77c Removing intermediate container 7b55119a0040 Step 13 : CMD /root/run.sh ---> Running in 97ee5a0e8cbd ---> 3ac4daf2d7a3 Removing intermediate container 97ee5a0e8cbd Successfully built 3ac4daf2d7a3
查看镜像是否生成:
[root@miyan sshtest]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
ssh_ubuntu 14.04 3ac4daf2d7a3 About a minute ago 209.6 MB
创建容器:
[root@miyan sshtest]# docker run -d -p 2023:22 ssh_ubuntu:14.04 /root/run.sh 8fe2d6f4f90a4b60460eee960ebfe47a1b640678e7bd46593406fcaaba612a84
通过访问容器的宿主机的2023端口登录容器。
[root@miyan sshtest]# ssh 10.165.48.219 -p 2023 The authenticity of host '[10.165.48.219]:2023 ([10.165.48.219]:2023)' can't be established. ECDSA key fingerprint is 78:89:51:8b:7d:a3:e7:cd:18:75:de:e1:3c:02:f2:31. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[10.165.48.219]:2023' (ECDSA) to the list of known hosts. The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. root@8fe2d6f4f90a:~#