系统管理员可以通过SSH服务来远程登录管理服务器
本文介绍基于docker commit和Dockerfile为镜像添加ssh服务
docker commit
该命令支持用户对容器自定义
1.获取镜像ubuntu:18.04,并创建一个容器
[root@node2 db]docker pull ubuntu:18.04
[root@node2 db]docker run -it ubuntu:18.04 bash
2.配置软件源
root@cc346f9c4d00:/#apt-get update 更新软件源
建议使用国内的镜像源,速度快,这里使用的是阿里的
root@cc346f9c4d00:/#cat >> /etc/apt/sources.list.d/aliyun.list << EOF
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
EOF
root@cc346f9c4d00:/#apt-get update
3.安装和配置ssh服务
选择主流的openssh-server作为服务端
root@cc346f9c4d00:/#apt install openssh-server
root@cc346f9c4d00:/# ps -ef | grep ssh
root 34 20 0 05:19 pts/1 00:00:00 grep --color=auto ssh
取消ssh服务的安全登录配置,取消pam登录限制
root@cc346f9c4d00:/#cat /etc/pam.d/sshd
root@cc346f9c4d00:/#sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
在root目录下创建.ssh目录,并复制公钥信息(在本地主机.ssh/id_rsa.pub 由ssh-keygen -t rsa生成)到authorized_keys
root@cc346f9c4d00:/#echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkoEz96/kEL7BIkulUNVEqxK0imrlq7bHdtbOiZWpjkQMQH33j1ODNPjvHHXK6NjaQdAW0VptoLHpDaiiHhNku4wDy3WLWCU746zzbqDamgSz5foUlfCLeykdvCeyAyNLCht+pN2D+LLOYC/7f6Jgijb42OwPzZDcJLd4KF64/PmWWJfBIUTzyM4xmdy160t34phqCKX2noKaiCi+Dxnv2tQVT9DJq0LzGHMVDtZgC6Na1eFNnunMtjQ/fSYuJ87OLmaXufUEKgMb5foLgAhVX1My2zzNr8gRmohThaecKbejUou+LEkrtBVyLZkU7ZHRCSRsFVjZ3ZKyMQxWKQUueddLZOhJmiVsom55eAy2J+PJdXOw4rg6QDeHr2Urk/9vNEi3P0scsCwVsgjGdhdY10cHGh1YDpl6/EtSGduYLUprIbeVGpbyU5LPwFAYFt7EFMMRvFX6uYLc+OcLoG50DaG+EnZ1s0Q0VyfKVWZg5HPIvNeR3EvWdfOGxOXZwVHc= root@node2" > /root/.ssh/authorized_keys
创建自动启动的ssh服务的可执行文件run.sh,并添加可执行文件
root@cc346f9c4d00:/#cat > /run.sh << EOF
#!/bin/bash
/usr/sbin/sshd -D
EOF
root@cc346f9c4d00:/# chmod +x /run.sh
4.提交镜像
[root@node2 db]# docker commit cc346f9c4d00 sshd:ubuntu_v1
[root@node2 db]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sshd ubuntu_v1 85594beba8ae 9 seconds ago 295MB
web v2 4899ed6fa217 35 minutes ago 4.26MB
web v3 4899ed6fa217 35 minutes ago 4.26MB
web v1 bfa797a20cd9 About an hour ago 4.26MB
ubuntu latest ca2b0f26964c 2 weeks ago 77.9MB
ubuntu 18.04 f9a80a55f492 9 months ago 63.2MB
busybox latest ba5dc23f65d4 10 months ago 4.26MB
reg.openlab.cn/openlab/busybox v1 ba5dc23f65d4 10 months ago 4.26MB
training/webapp latest 1b15d7898f68 8 years ago 349MB
training/postgres latest 3da46b8c5ff4 9 years ago 365MB
5.使用镜像并测试
启动容器,添加端口映射,10022是宿主主机端口,22是容器ssh服务监听端口
[root@node2 db]# docker run -p 10222:22 -d ssh:ubuntu_v1 /run.sh
[root@node2 db]# ssh 192.168.37.22 -p 10222
Dockerfile
1.创建一个工作目录
[root@node2 ~]mkdir /sshd_ubuntu
[root@node2 sshd_ubuntu]cd /sshd_ubuntu
2.添加Dockerfile run.sh aliyun.list authorized_keys并编写
[root@node2 sshd_ubuntu]#touch Dockerfile run.sh aliyun.list authorized_keys
[root@node2 sshd_ubuntu]# cat Dockerfile
FROM ubuntu:18.04
MAINTAINER zhuhy<zhuhy@111.com>
COPY aliyun.list /etc/apt/sources.list.d/aliyun.list
RUN apt update && \
apt install -y openssh-server && \
mkdir /var/run/sshd && \
sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd && \ #取消pam限制
mkdir /root/.ssh
COPY authorized_keys /root/.ssh/
COPY run.sh /run.sh
RUN chmod 755 /run.sh
EXPOSE 22
CMD ["/run.sh"] #设置自启动
[root@node2 sshd_ubuntu]# cat run.sh
#!/bin/bash
/usr/sbin/sshd -D
[root@node2 sshd_ubuntu]# cat aliyun.list
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
[root@node2 sshd_ubuntu]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkoEz96/kEL7BIkulUNVEqxK0imrlq7bHdtbOiZWpjkQMQH33j1ODNPjvHHXK6NjaQdAW0VptoLHpDaiiHhNku4wDy3WLWCU746zzbqDamgSz5foUlfCLeykdvCeyAyNLCht+pN2D+LLOYC/7f6Jgijb42OwPzZDcJLd4KF64/PmWWJfBIUTzyM4xmdy160t34phqCKX2noKaiCi+Dxnv2tQVT9DJq0LzGHMVDtZgC6Na1eFNnunMtjQ/fSYuJ87OLmaXufUEKgMb5foLgAhVX1My2zzNr8gRmohThaecKbejUou+LEkrtBVyLZkU7ZHRCSRsFVjZ3ZKyMQxWKQUueddLZOhJmiVsom55eAy2J+PJdXOw4rg6QDeHr2Urk/9vNEi3P0scsCwVsgjGdhdY10cHGh1YDpl6/EtSGduYLUprIbeVGpbyU5LPwFAYFt7EFMMRvFX6uYLc+OcLoG50DaG+EnZ1s0Q0VyfKVWZg5HPIvNeR3EvWdfOGxOXZwVHc= root@node2
3.创建镜像
[root@node2 sshd_ubuntu]#docker build -t sshd:ubuntu_v2 ./
4.测试运行容器
[root@node2 sshd_ubuntu]#docker run -d -P sshd:ubuntu_v2
[root@node2 sshd_ubuntu]#ssh 192.168.37.22 -p 32770