docker镜像ssh服务

基于commit命令实现

首先我们是基于Ubuntu:18.04版本做ssh服务，拉取镜像

[root@master ~]# docker pull ubuntu:18.04
[root@master ~]# docker images
REPOSITORY         TAG       IMAGE ID       CREATED             SIZE
ubuntu             18.04     f9a80a55f492   9 months ago        63.2MB

将我们获取的镜像运行起来

[root@master ~]# docker run -it ubuntu:18.04 bash
root@b84fbe7d7604:/#

配置软件源，因为我们获取的镜像为最基础的Ubuntu:18.04版本的镜像所以需要更新软件源，方便后续的使用。

root@b84fbe7d7604:/# apt-get update

在这里我们想让功能更加完全可以使用阿里，清华，163的源进行操作，由于我们这里没有vi编辑器所以我们可以使用cat或者echo进行操作

root@b84fbe7d7604:/# cat >> /etc/apt/sources.list.d/aliyun.list << EOF
> deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
> deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
> deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
> deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
> deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
> deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
> deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
> deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
> deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
> deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
> EOF

我们重新配置源后需要再次进行apt update操作。

这时候就可以开始我们关于ssh的操作，要进行ssh操作必须需要/var/run/sshd目录存在，其次我们查看一下ssh服务的进程是否启动。

root@b84fbe7d7604:/# mkdir -p /var/run/sshd
root@b84fbe7d7604:/# /usr/sbin/sshd -D &
[1] 4513
root@b84fbe7d7604:/# ps -ef | grep ssh
root       4513      1  0 13:30 pts/0    00:00:00 /usr/sbin/sshd -D

修改 SSH 服务的安全登录配置，取消 pam 登录限制

将session required pam_loginuid.so注释掉就可以，由于这里我们没有vi，我们用sed进行操作，创建.ssh目录将我们在宿主机上生成的公钥输出在.ssh文件中

[root@master .ssh]# ssh-keygen
[root@master .ssh]# cat id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbDvl5odi8bH8cYBJh234z1/XvF6T7U/nT0/gFOS1ddBcTtFOvnJJ4bM3ObAasHorL3w717ZgZSKZB7Ni9CmGUiXlaEpxndhePlkazzKFU26i7XpRPxW/cKk0uh0EY6r89DmiHnpdfqxb3gbYORnpKKBNJ9HOQFN1QEneczEteLcdgDalpViWJM9MvpbuLjMBvQFYaV2qeCTUK0aolW7Jdc9JUtE+wPBUPZCAldsrAKHylmpZaoIc/eSFsErquzkGTYA6VK2DUinPlsNNZmTLQN9pAdprjCkgxiQ+r4VboYNmvYGV2yMXA3o6hAwVHP6VdAv2frFAAURO9XPs5A+IZ root@master

root@b84fbe7d7604:/# sed -ri 's/session    required     pam_loginuid.so/#session    required     pam_loginuid.so/g' /etc/pam.d/sshd
root@b84fbe7d7604:/# mkdir /root/.ssh
root@b84fbe7d7604:/# echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbDvl5odi8bH8cYBJh234z1/XvF6T7U/nT0/gFOS1ddBcTtFOvnJJ4bM3ObAasHorL3w717ZgZSKZB7Ni9CmGUiXlaEpxndhePlkazzKFU26i7XpRPxW/cKk0uh0EY6r89DmiHnpdfqxb3gbYORnpKKBNJ9HOQFN1QEneczEteLcdgDalpViWJM9MvpbuLjMBvQFYaV2qeCTUK0aolW7Jdc9JUtE+wPBUPZCAldsrAKHylmpZaoIc/eSFsErquzkGTYA6VK2DUinPlsNNZmTLQN9pAdprjCkgxiQ+r4VboYNmvYGV2yMXA3o6hAwVHP6VdAv2frFAAURO9XPs5A+IZ root@master" > /root/.ssh/authorized_keys

使用脚本将免密操作执行，给予执行权限，退出。

root@b84fbe7d7604:/# touch  > /run.sh <<EOF
> @!/bin/bash
> /usr/sbin/sshd -D
> EOF
root@b84fbe7d7604:/# chmod +x /run.sh
root@b84fbe7d7604:/# exit

保存镜像，运行镜像

[root@master ~]# docker ps -a
CONTAINER ID   IMAGE          COMMAND   CREATED          STATUS                      PORTS     NAMES
b84fbe7d7604   ubuntu:18.04   "bash"    15 minutes ago   Exited (0) 13 seconds ago             hardcore_elgamal
[root@master ~]# docker commit b84fbe7d7604 sshd:ubuntu_v1
sha256:c3a816f8fc145f95345576c3dacb1202f7914953527fd5f7ece21635c6360df6
[root@master ~]# docker run -p 10222:22 -d sshd:ubuntu_v1 /run.sh
843aa0403aa588268679b80566d470b93e4c54cd65905535dfb8c8c5ab304a51
[root@master ~]# docker ps
CONTAINER ID   IMAGE            COMMAND     CREATED          STATUS          PORTS                                     NAMES
843aa0403aa5   sshd:ubuntu_v1   "/run.sh"   12 seconds ago   Up 11 seconds   0.0.0.0:10222->22/tcp, :::10222->22/tcp   goofy_grothendieck

测试镜像

Dockerfile尝试ssh登录

清除之前运行的镜像

[root@master ~]# docker rm -f `docker ps -aq`
843aa0403aa5
b84fbe7d7604

创建目录，存放Dockerfile、run.sh(运行脚本)、aliyun.list（应用镜像）、authorized_keys（公钥文件）。

#将本身的公钥文件拷贝到新文件中
[root@master sshd_ubuntu]# cat ~/.ssh/id_rsa.pub > authorized_keys
#配置我们的运行脚本
[root@master sshd_ubuntu]# vim run.sh
#!/bin/bash
/usr/sbin/sshd -D
#配置拉去资源文件
[root@master sshd_ubuntu]# vim aliyun.list 
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe mult
iverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multi
verse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe mult
iverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe mul
tiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multivers
e
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe 
multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe m
ultiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe 
multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universemultiverse
[root@master sshd_ubuntu]# vim Dockerfile 
FROM ubuntu:18.04  #来源版本
MAINTAINER hao<mmmm2024@111.com>  #作者，以及邮箱COPY aliyun.list /etc/apt/sources.list.d/  #复制我们配置的文件，进行软件更新RUN apt  update && \  #下载软件apt install -y openssh-server && \  #下载我们的sshmkdir /var/run/sshd && \  sed -ri 's/session    required     pam_loginuid.so/#session    required     pam
_loginuid.so/g' /etc/pam.d/sshd && \  #将ssh文件中的配置文件注释mkdir /root/.ssh
COPY authorized_keys /root/.ssh/   #调用公钥文件
COPY run.sh /run.sh  #调用脚本
RUN chmod 755 /run.sh  #给脚本增加权限EXPOSE 22
CMD ["/run.sh"]  #执行脚本

执行文件获取Ubuntu_v2镜像，运行镜像，查看状态是否为UP

[root@master sshd_ubuntu]# docker build -t sshd:ubuntu_v2 ./
[root@master sshd_ubuntu]# docker run -d -P sshd:ubuntu_v2
ac9b59f96b555c97b00f67757b1e76c261c0fb8088d92e8111a28d7a3603aaa7
[root@master sshd_ubuntu]# docker ps -a
CONTAINER ID   IMAGE            COMMAND     CREATED         STATUS         PORTS                                     NAMES
ac9b59f96b55   sshd:ubuntu_v2   "/run.sh"   9 seconds ago   Up 8 seconds   0.0.0.0:32771->22/tcp, :::32771->22/tcp   condescending_raman

测试是否可以成功进入