基于docker commit和Dockerfile为镜像添加ssh服务

系统管理员可以通过SSH服务来远程登录管理服务器

本文介绍基于docker commit和Dockerfile为镜像添加ssh服务

docker commit

该命令支持用户对容器自定义

1.获取镜像ubuntu:18.04,并创建一个容器

复制代码
[root@node2 db]docker pull ubuntu:18.04
[root@node2 db]docker run -it ubuntu:18.04 bash

2.配置软件源

复制代码
root@cc346f9c4d00:/#apt-get update 更新软件源

建议使用国内的镜像源,速度快,这里使用的是阿里的

复制代码
root@cc346f9c4d00:/#cat >> /etc/apt/sources.list.d/aliyun.list << EOF
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
EOF

root@cc346f9c4d00:/#apt-get update 

3.安装和配置ssh服务

选择主流的openssh-server作为服务端

复制代码
root@cc346f9c4d00:/#apt install openssh-server
root@cc346f9c4d00:/#  ps -ef | grep ssh
root          34      20  0 05:19 pts/1    00:00:00 grep --color=auto ssh

取消ssh服务的安全登录配置,取消pam登录限制

复制代码
root@cc346f9c4d00:/#cat /etc/pam.d/sshd 
root@cc346f9c4d00:/#sed -ri 's/session    required     pam_loginuid.so/#session    required     pam_loginuid.so/g' /etc/pam.d/sshd

在root目录下创建.ssh目录,并复制公钥信息(在本地主机.ssh/id_rsa.pub 由ssh-keygen -t rsa生成)到authorized_keys

复制代码
root@cc346f9c4d00:/#echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkoEz96/kEL7BIkulUNVEqxK0imrlq7bHdtbOiZWpjkQMQH33j1ODNPjvHHXK6NjaQdAW0VptoLHpDaiiHhNku4wDy3WLWCU746zzbqDamgSz5foUlfCLeykdvCeyAyNLCht+pN2D+LLOYC/7f6Jgijb42OwPzZDcJLd4KF64/PmWWJfBIUTzyM4xmdy160t34phqCKX2noKaiCi+Dxnv2tQVT9DJq0LzGHMVDtZgC6Na1eFNnunMtjQ/fSYuJ87OLmaXufUEKgMb5foLgAhVX1My2zzNr8gRmohThaecKbejUou+LEkrtBVyLZkU7ZHRCSRsFVjZ3ZKyMQxWKQUueddLZOhJmiVsom55eAy2J+PJdXOw4rg6QDeHr2Urk/9vNEi3P0scsCwVsgjGdhdY10cHGh1YDpl6/EtSGduYLUprIbeVGpbyU5LPwFAYFt7EFMMRvFX6uYLc+OcLoG50DaG+EnZ1s0Q0VyfKVWZg5HPIvNeR3EvWdfOGxOXZwVHc= root@node2" > /root/.ssh/authorized_keys

创建自动启动的ssh服务的可执行文件run.sh,并添加可执行文件

复制代码
root@cc346f9c4d00:/#cat > /run.sh << EOF
#!/bin/bash
/usr/sbin/sshd -D
EOF

root@cc346f9c4d00:/# chmod +x /run.sh

4.提交镜像

复制代码
[root@node2 db]# docker commit cc346f9c4d00 sshd:ubuntu_v1
[root@node2 db]# docker images
REPOSITORY                       TAG                 IMAGE ID            CREATED             SIZE
sshd                             ubuntu_v1           85594beba8ae        9 seconds ago       295MB
web                              v2                  4899ed6fa217        35 minutes ago      4.26MB
web                              v3                  4899ed6fa217        35 minutes ago      4.26MB
web                              v1                  bfa797a20cd9        About an hour ago   4.26MB
ubuntu                           latest              ca2b0f26964c        2 weeks ago         77.9MB
ubuntu                           18.04               f9a80a55f492        9 months ago        63.2MB
busybox                          latest              ba5dc23f65d4        10 months ago       4.26MB
reg.openlab.cn/openlab/busybox   v1                  ba5dc23f65d4        10 months ago       4.26MB
training/webapp                  latest              1b15d7898f68        8 years ago         349MB
training/postgres                latest              3da46b8c5ff4        9 years ago         365MB

5.使用镜像并测试

启动容器,添加端口映射,10022是宿主主机端口,22是容器ssh服务监听端口

复制代码
[root@node2 db]# docker run -p 10222:22 -d ssh:ubuntu_v1 /run.sh
[root@node2 db]# ssh 192.168.37.22 -p 10222

Dockerfile

1.创建一个工作目录

复制代码
[root@node2 ~]mkdir /sshd_ubuntu
[root@node2 sshd_ubuntu]cd /sshd_ubuntu

2.添加Dockerfile run.sh aliyun.list authorized_keys并编写

复制代码
[root@node2 sshd_ubuntu]#touch Dockerfile run.sh aliyun.list authorized_keys
[root@node2 sshd_ubuntu]# cat Dockerfile
FROM ubuntu:18.04
MAINTAINER zhuhy<zhuhy@111.com>
COPY aliyun.list /etc/apt/sources.list.d/aliyun.list
RUN apt update && \
    apt install -y openssh-server && \
    mkdir /var/run/sshd && \
    sed -ri 's/session    required     pam_loginuid.so/#session    required     pam_loginuid.so/g' /etc/pam.d/sshd && \ #取消pam限制
    mkdir /root/.ssh
COPY authorized_keys /root/.ssh/
COPY run.sh /run.sh
RUN chmod 755 /run.sh
EXPOSE 22
CMD ["/run.sh"]  #设置自启动


[root@node2 sshd_ubuntu]# cat run.sh 
#!/bin/bash
/usr/sbin/sshd -D
[root@node2 sshd_ubuntu]# cat aliyun.list 
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse

[root@node2 sshd_ubuntu]# cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkoEz96/kEL7BIkulUNVEqxK0imrlq7bHdtbOiZWpjkQMQH33j1ODNPjvHHXK6NjaQdAW0VptoLHpDaiiHhNku4wDy3WLWCU746zzbqDamgSz5foUlfCLeykdvCeyAyNLCht+pN2D+LLOYC/7f6Jgijb42OwPzZDcJLd4KF64/PmWWJfBIUTzyM4xmdy160t34phqCKX2noKaiCi+Dxnv2tQVT9DJq0LzGHMVDtZgC6Na1eFNnunMtjQ/fSYuJ87OLmaXufUEKgMb5foLgAhVX1My2zzNr8gRmohThaecKbejUou+LEkrtBVyLZkU7ZHRCSRsFVjZ3ZKyMQxWKQUueddLZOhJmiVsom55eAy2J+PJdXOw4rg6QDeHr2Urk/9vNEi3P0scsCwVsgjGdhdY10cHGh1YDpl6/EtSGduYLUprIbeVGpbyU5LPwFAYFt7EFMMRvFX6uYLc+OcLoG50DaG+EnZ1s0Q0VyfKVWZg5HPIvNeR3EvWdfOGxOXZwVHc= root@node2

3.创建镜像

复制代码
[root@node2 sshd_ubuntu]#docker build -t sshd:ubuntu_v2 ./

4.测试运行容器

复制代码
[root@node2 sshd_ubuntu]#docker run -d -P sshd:ubuntu_v2
[root@node2 sshd_ubuntu]#ssh 192.168.37.22 -p 32770
相关推荐
Johny_Zhao21 分钟前
Docker + CentOS 部署 Zookeeper 集群 + Kubernetes Operator 自动化运维方案
linux·网络安全·docker·信息安全·zookeeper·kubernetes·云计算·系统运维
zwjapple1 小时前
docker-compose一键部署全栈项目。springboot后端,react前端
前端·spring boot·docker
代码老y3 小时前
Docker:容器化技术的基石与实践指南
运维·docker·容器
DuelCode4 小时前
Windows VMWare Centos Docker部署Springboot 应用实现文件上传返回文件http链接
java·spring boot·mysql·nginx·docker·centos·mybatis
杨浦老苏8 小时前
开源服务运行监控工具Lunalytics
docker·群晖·网站监控
我在看世界8 小时前
家里vscode连公司内网vscede
vscode·ssh
电脑能手10 小时前
[保姆级教程] 解决不同局域网电脑无法SSH的问题
运维·ssh·电脑
呆萌的代Ma14 小时前
解决Mac上的老版本docker desktop 无法启动/启动后一直转圈/无法登陆账号的问题
macos·docker·eureka
feilieren15 小时前
Docker 安装 Elasticsearch 9
运维·elasticsearch·docker·es
KaiwuDB15 小时前
使用Docker实现KWDB数据库的快速部署与配置
数据库·docker