docker 有一个sshd服务是比较容易用来测试的, 所以有必要做一个sshd镜像.
docker文档里面有一篇是基于ubuntu : 14.04来制作sshd镜像的.
因为本人习惯了使用centos, 本文将基于centos7来制作一个sshd镜像.
先列出ubuntu制作sshd镜像的Dockerfile :
修改成适合centos7的版本 :
制作image :
上传到docker hub, 方便以后使用 :
测试 :
使用Dockerfile设置的初始密码登录container :
修改默认密码
使用新密码登录container :
[参考]
# sshd
#
# VERSION 0.0.2
FROM ubuntu:14.04
MAINTAINER Sven Dowideit <SvenDowideit@docker.com>
RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd
# 设置默认密码
RUN echo 'root:screencast' | chpasswd
RUN sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]修改成适合centos7的版本 :
# mkdir /data01/sshd
# vi Dockerfile
# sshd
#
# VERSION 0.0.2
FROM centos:centos7
MAINTAINER digoal.zhou
RUN yum install -y openssh-server
RUN yum install -y openssh-clients
RUN mkdir /var/run/sshd
RUN echo 'UseDNS no' >> /etc/ssh/sshd_config
sed -i -e '/pam_loginuid.so/d' /etc/pam.d/sshd
# 设置默认密码
RUN echo 'root:Digoal_sshd_1999' | chpasswd
RUN /usr/bin/ssh-keygen -A
# 要在其他主机访问的话, 建议expose出去.
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]制作image :
[root@localhost sshd]# docker build -t digoal/sshd .
Sending build context to Docker daemon 2.56 kB
Sending build context to Docker daemon
Step 0 : FROM centos:centos7
---> ae0c2d0bdc10
Step 1 : MAINTAINER digoal.zhou
---> Running in 072ae2460e25
---> 3c5e418bb4b1
Removing intermediate container 072ae2460e25
Step 2 : RUN yum install -y openssh-server
---> Running in bac9ecaa70cf
Loaded plugins: fastestmirror
Determining fastest mirrors
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: centos.ustc.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package openssh-server.x86_64 0:6.4p1-8.el7 will be installed
--> Processing Dependency: openssh = 6.4p1-8.el7 for package: openssh-server-6.4p1-8.el7.x86_64
--> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-server-6.4p1-8.el7.x86_64
--> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-6.4p1-8.el7.x86_64
--> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-server-6.4p1-8.el7.x86_64
--> Running transaction check
---> Package fipscheck-lib.x86_64 0:1.4.1-5.el7 will be installed
--> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-5.el7.x86_64
---> Package openssh.x86_64 0:6.4p1-8.el7 will be installed
---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed
--> Running transaction check
---> Package fipscheck.x86_64 0:1.4.1-5.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
openssh-server x86_64 6.4p1-8.el7 base 367 k
Installing for dependencies:
fipscheck x86_64 1.4.1-5.el7 base 21 k
fipscheck-lib x86_64 1.4.1-5.el7 base 11 k
openssh x86_64 6.4p1-8.el7 base 341 k
tcp_wrappers-libs x86_64 7.6-77.el7 base 66 k
Transaction Summary
================================================================================
Install 1 Package (+4 Dependent packages)
Total download size: 806 k
Installed size: 1.9 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/fipscheck-lib-1.4.1-5.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for fipscheck-lib-1.4.1-5.el7.x86_64.rpm is not installed
--------------------------------------------------------------------------------
Total 327 kB/s | 806 kB 00:02
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-0.1406.el7.centos.2.5.x86_64 (@Updates/$releasever)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : fipscheck-lib-1.4.1-5.el7.x86_64 1/5
Installing : fipscheck-1.4.1-5.el7.x86_64 2/5
Installing : openssh-6.4p1-8.el7.x86_64 3/5
Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 4/5
Installing : openssh-server-6.4p1-8.el7.x86_64 5/5
Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 1/5
Verifying : fipscheck-1.4.1-5.el7.x86_64 2/5
Verifying : openssh-server-6.4p1-8.el7.x86_64 3/5
Verifying : openssh-6.4p1-8.el7.x86_64 4/5
Verifying : fipscheck-lib-1.4.1-5.el7.x86_64 5/5
Installed:
openssh-server.x86_64 0:6.4p1-8.el7
Dependency Installed:
fipscheck.x86_64 0:1.4.1-5.el7 fipscheck-lib.x86_64 0:1.4.1-5.el7
openssh.x86_64 0:6.4p1-8.el7 tcp_wrappers-libs.x86_64 0:7.6-77.el7
Complete!
---> c48a513d5431
Removing intermediate container bac9ecaa70cf
Step 3 : RUN mkdir /var/run/sshd
---> Running in b0b25471af5d
---> e61b7a8bb4d9
Removing intermediate container b0b25471af5d
Step 4 : RUN echo 'UseDNS no' >> /etc/ssh/sshd_config
---> Running in 3d7072b4b9f5
---> 8ed4d6eb45c1
Removing intermediate container 3d7072b4b9f5
Step 5 : RUN echo 'root:Digoal_sshd_1999' | chpasswd
---> Running in 54eebb17b732
---> ecb67638a0df
Removing intermediate container 54eebb17b732
Step 6 : RUN /usr/bin/ssh-keygen -A
---> Running in cc7fc7b7a49e
ssh-keygen: generating new host keys: RSA1 RSA DSA ECDSA
---> 2b73dfeaebf1
Removing intermediate container cc7fc7b7a49e
Step 7 : EXPOSE 22
---> Running in fa5ca073d31b
---> 6e0fcfed929b
Removing intermediate container fa5ca073d31b
Step 8 : CMD ["/usr/sbin/sshd", "-D"]
---> Running in 0d53a37829c1
---> 3e5d8edfaeee
Removing intermediate container 0d53a37829c1
Successfully built 3e5d8edfaeee上传到docker hub, 方便以后使用 :
[root@localhost sshd]# docker login
Username: digoal
Password:
Email: digoal@126.com
Login Succeeded
[root@localhost sshd]# docker push digoal/sshd
...
Pushing tag for rev [3e5d8edfaeee] on {https://cdn-registry-1.docker.io/v1/repositories/digoal/sshd/tags/latest}测试 :
[root@localhost ~]# docker run -d --name digoal digoal/sshd
486381d4428e917b6572eb1a802972eb576b0fa3731178c2cd055a5def9a02ea
[root@localhost ~]# docker inspect -f '{{.NetworkSettings.IPAddress}}' digoal
172.17.0.13使用Dockerfile设置的初始密码登录container :
[root@localhost ~]# ssh root@172.17.0.13
The authenticity of host '172.17.0.13 (172.17.0.13)' can't be established.
ECDSA key fingerprint is 76:34:4f:98:d5:56:cd:2c:e4:f8:9c:14:5a:82:f6:bf.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.13' (ECDSA) to the list of known hosts.
root@172.17.0.13's password: 修改默认密码
[root@486381d4428e ~]# echo 'root:helloworld' | chpasswd
[root@486381d4428e ~]# exit
logout
Connection to 172.17.0.13 closed.使用新密码登录container :
[root@localhost ~]# ssh root@172.17.0.13
root@172.17.0.13's password:
Last login: Thu Nov 27 11:52:03 2014 from 172.17.42.1
[root@486381d4428e ~]#
有了这个镜像, 想做测试就更方便了, 感觉就好像起了一个虚拟机.
最后有一个建议, 参考 :
即建议修改 /etc/pam.d/sshd, 注释如下 :
# session required pam_loginuid.so
修改后, 重新提交镜像.
[参考]
