Dockerfile为镜像添加SSH服务的实现步骤
作者:Fish_1112
利用 SSH 协议可以有效防止远程管理过程中的信息泄露问题,本文主要介绍了Dockerfile为镜像添加SSH服务的实现步骤,具有一定的参考价值,感兴趣的可以了解一下
1.创建目录
[root@openEuler-node1 db]# mkdir sshd_ubuntu
2.创建 Dockerfile、 run.sh 、authorized_keys、vim aliyun.list 文件
[root@openEuler-node1 sshd_ubuntu]# cd sshd_ubuntu [root@openEuler-node1 sshd_ubuntu]# touch Dockerfile run.sh authorized_keys vim aliyun.list
3.在宿主主机上生成 SSH 密钥对,写入authorized_keys
[root@openEuler-node1 ~]# ssh-keygen -t rsa [root@openEuler-node1 sshd_ubuntu]# cd sshd_ubuntu [root@openEuler-node1 sshd_ubuntu]# cat ~/.ssh/id_rsa.pub > authorized_keys
4.编写更改Ubuntu的源为国内aliyun源
[root@openEuler-node1 sshd_ubuntu]# vim aliyun.list deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
5.编写run.sh
#!/bin/bash /usr/sbin/sshd -D
5.编写 Dockerfile
[root@openEuler-node1 sshd_ubuntu]# vim Dockerfile FROM ubuntu:18.04 MAINTAINER yuj<yj@qq.com> COPY aliyun.list /etc/apt/sources.list.d/aliyun.list RUN apt update && \ apt install -y openssh-server && \ mkdir /var/run/sshd && \ sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd && \ mkdir /root/.ssh COPY authorized_keys /root/.ssh/ COPY run.sh /run.sh RUN chmod 755 /run.sh EXPOSE 22 CMD ["/run.sh"]
6.制作镜像并启动容器
[root@openEuler-node1 sshd_ubuntu]# docker build -t sshd:ubuntu_v1 ./ [root@openEuler-node1 sshd_ubuntu]# docker run -d -P sshd:ubuntu_v1
7.查看容器运行状态
[root@openEuler-node1 sshd_ubuntu]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3df76cc3dedd sshd:ubuntu_v1 "/run.sh" 6 seconds ago Up 5 seconds 0.0.0.0:32776->22/tcp, :::32776->22/tcp vigorous_williamson
8.用ssh连接登陆这个容器
[root@openEuler-node1 sshd_ubuntu]# ssh 192.168.136.55 -p 32776 The authenticity of host '[192.168.136.55]:32776 ([192.168.136.55]:32776)' can't be established. ED25519 key fingerprint is SHA256:PCuiPOPbts35IzrOQ3PvZsU0+W+i7O1zheVc1XmDgHU. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '[192.168.136.55]:32776' (ED25519) to the list of known hosts. Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 5.10.0-182.0.0.95.oe2203sp3.x86_64 x86_64) root@3df76cc3dedd:~#
到此这篇关于Dockerfile为镜像添加SSH服务的实现步骤的文章就介绍到这了,更多相关Dockerfile添加SSH服务内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!