\第一步:创建一个叫做 sshd_ubuntu 的文件夹,用于存放我们的 Dockerfile 、脚本文件、以及其他文件
[root@localhost ~]# mkdir sshd_ubuntu
[root@localhost ~]# cd sshd_ubuntu/
[root@localhost sshd_ubuntu]# touch Dockerfile run.sh
[root@localhost sshd_ubuntu]# ls
Dockerfile run.sh
rsa内容放到sshd_ubuntu文件夹下
Lin-MacBook-Pro:sshd_ubuntu apple$ cat ~/.ssh/id_rsa.pub > authorized_keys
#设置继承镜像
FROM ubuntu:18.04
#提供一些作者的信息
MAINTAINER dwj_zz@163.com
#下面开始运行命令,此处更改ubuntu的源为国内163的源
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty main restricted universe multiverse" > /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-proposed main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse" >> /etc/apt/sources.list
RUN apt-get update
#安装 ssh 服务
RUN apt-get install -y openssh-server
RUN mkdir -p /var/run/sshd
RUN mkdir -p /root/.ssh
#取消pam限制
RUN sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
#复制配置文件到相应位置,并赋予脚本可执行权限
ADD authorized_keys /root/.ssh/authorized_keys
ADD run.sh /run.sh
RUN chmod 755 /run.sh
#开放端口
EXPOSE 22
#设置自启动命令
CMD ["/run.sh"]
run.sh
#!/bin/bash
/usr/sbin/sshd -D
执行dockerfile
Lin-MacBook-Pro:sshd_ubuntu apple$ docker build -t sshd:dockerfile .
第三步:创建镜像
[root@localhost sshd_ubuntu]# docker build -t sshd:dockerfile .
Removing intermediate container 67f7fa240e42
Successfully built 24641d32c072
Successfully tagged sshd:dockerfile
[root@localhost sshd_ubuntu]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sshd dockerfile 24641d32c072 2 minutes ago 276MB
sshd ubuntu ac3169fe4fcf 31 minutes ago 284MB
ubuntu 14.04 d6ed29ffda6b 4 days ago 221MB
tomcat latest 11df4b40749f 7 days ago 557MB
adminer <none> faa9618a39a6 2 weeks ago 58.8MB
mysql latest 5709795eeffa 2 weeks ago 408MB
hello-world latest 725dcfab7d63 2 weeks ago 1.84kB
clearlinux latest 32685d114002 2 weeks ago 62.5MB
alpine latest 053cde6e8953 2 weeks ago 3.96MB
第四步:测试镜像,运行容器
[root@localhost sshd_ubuntu]# docker run -d -p 101:22 sshd:dockerfile
caa2ff3806f178477c1cff6a50693780ec599df58d6409b4dfac9c6e5293ac21
[root@localhost sshd_ubuntu]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
caa2ff3806f1 sshd:dockerfile "/run.sh" 12 seconds ago Up 10 seconds 0.0.0.0:101->22/tcp gifted_mahavira
a878a77a2de3 sshd:ubuntu "/run.sh" 32 minutes ago Up 31 minutes 0.0.0.0:100->22/tcp hardcore_boyd
3dcb19a519fe adminer:latest "entrypoint.sh doc..." 2 hours ago Up 2 hours 8080/tcp mysql_adminer.1.2pz52p76jiykg8yqgjr6psgtp
a334bfbd2f37 mysql:latest "docker-entrypoint..." 2 hours ago Up 2 hours 3306/tcp mysql_db.1.diaxlly44nq1347uia3gnwo1q
[root@localhost sshd_ubuntu]# ssh 192.168.0.107 -p 101
The authenticity of host '[192.168.0.107]:101 ([192.168.0.107]:101)' can't be established.
ECDSA key fingerprint is f2:db:7e:e2:b8:94:b0:ce:31:a2:20:eb:c3:db:a0:b4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.0.107]:101' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-98-generic x86_64)
* Documentation: https://help.ubuntu.com/
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
root@caa2ff3806f1:~#
第五步:上传镜像到官网
[root@localhost ~]# docker tag sshd:dockerfile cakin24/sshd:dockerfile
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
cakin24/sshd dockerfile 24641d32c072 10 minutes ago 276MB
sshd dockerfile 24641d32c072 10 minutes ago 276MB
sshd ubuntu ac3169fe4fcf 39 minutes ago 284MB
ubuntu 14.04 d6ed29ffda6b 4 days ago 221MB
tomcat latest 11df4b40749f 7 days ago 557MB
adminer <none> faa9618a39a6 2 weeks ago 58.8MB
mysql latest 5709795eeffa 2 weeks ago 408MB
hello-world latest 725dcfab7d63 2 weeks ago 1.84kB
clearlinux latest 32685d114002 2 weeks ago 62.5MB
alpine latest 053cde6e8953 2 weeks ago 3.96MB
[root@localhost ~]# docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: cakin24
Password:
Login Succeeded
[root@localhost ~]# docker push cakin24/sshd:dockerfile
The push refers to a repository [docker.io/cakin24/sshd]
af4cabec269c: Pushed
2a9128117487: Pushed
33c1c5d13313: Pushed
e202904cecc7: Pushed
f7cd00cb3656: Pushed
6e47af92ff32: Pushed
8d3ee96e3a48: Pushed
4e8d2011e2de: Pushed
793453f1c0d4: Pushed
3f02ca67e9bc: Pushed
f2bd27f8fa82: Pushed
816745ec0dfa: Pushed
d69c6d7735ad: Pushed
59482791e4b2: Mounted from library/ubuntu
cd514e6bdf2f: Mounted from library/ubuntu
02323b2bcb37: Mounted from library/ubuntu
c088f4b849d4: Pushed
c08b59ef4a3d: Mounted from library/ubuntu
dockerfile: digest: sha256:36fd196fb97df8fcee3f060f68efbebacac9a061ed388a02e5bccaa7c9c34998 size: 4061
关于在Docker容器中是否需要SSH服务的一点说明
在社区中,对于是否需要为 docker 容器启动SSH服务一直有争论。
一方的观点是:docker 在声明中有一个的理念是一个容器运行一个服务,如果每个容器都运行一个 ssh 服务,就违背了这个理念,另外他们认为根本没有从远程主机进入容器进行维护的必要。
另一方的观点是:在 1.3 版本之前,如果要用 attach 进入容器,经常容易出现卡死的情况,1.3 之后,官方推出了 docker exec工具,在从宿主主机进入是没有障碍了,但是如果要从其他远程主机进入容器依然没有更好的解决方案。
通过一些目前看来较为复杂的方式确实能够不需要进入容器进行维护,但是使用 ssh 进行服务器的维护,是目前 linux 管理员熟悉的方式,在 docker 推出更加高效、安全的方式对容器进行维护之前,目前容器的 ssh 服务还是比较重要的,而且它对资源的占用,并没想象中的大。
————————————————
版权声明:本文为CSDN博主「chengqiuming」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/chengqiuming/article/details/78608886
engqiuming/article/details/78608886