Docker容器学習整理--SSH方式登録容器
この章では、Dockerコンテナにssh方式でログインした場合の操作記録(実際にはsshで直接コンテナに接続することをあまりお勧めしませんが、可能ですが、多くの弊害があり、dockerはコンテナ内で実行するコマンドを提供しており、各コンテナをsshdサーバに振り回す必要はありません.
次にdocker psはコンテナを表示し、新しいミラーに変更をコミットし、新しいミラーを実行します.
ssh無パスワードログインの信頼関係を作るには、物理マシンのローカルの~/.ssh/id_rsa.pubをコンテナにコピーする~/.ssh/authorized_keysだけでよい
コンテナにログインしたら、次のコンテナipを表示する方法
centos ,
[root@docker ~]# docker run -itd --name sshd centos /bin/bash
a67a5c8ae426a841ad6c6aca6186f7fc585410471a6dfe69a1fc0e28d5a05953
[root@docker ~]# docker exec -it sshd /bin/bash
[root@a67a5c8ae426 /]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@a67a5c8ae426 /]# yum install wget vim ntpdate net-tools -y
ssh
[root@a67a5c8ae426 /]# yum clean all
[root@a67a5c8ae426 /]# yum install openssh-server -y
( yum -y reinstall cracklib-dicts)
[root@a67a5c8ae426 /]# echo "123456" |passwd --stdin root
[root@a67a5c8ae426 /]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:tJ01c3RqkgtNijf6D9q6SXZJ9ZFQUvpbrnkCmW55T9Y root@a67a5c8ae426
The key's randomart image is:
+---[RSA 2048]----+
| +o+ .|
| . + * + |
| o = X * |
| . = * X . |
| S + .oo .|
| o .+ +.|
| o =. o. E|
| o = o+ o=.|
| =o....o+.|
+----[SHA256]-----+
[root@a67a5c8ae426 /]# cd ~/.ssh/
[root@a67a5c8ae426 .ssh]# ls
id_rsa id_rsa.pub
[root@a67a5c8ae426 .ssh]# cp id_rsa.pub authorized_keys
[root@a67a5c8ae426 .ssh]# ls
authorized_keys id_rsa id_rsa.pub
[root@a67a5c8ae426 .ssh]#
sshd , :
[root@a67a5c8ae426 .ssh]# /usr/sbin/sshd
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
sshd: no hostkeys available -- exiting.
[root@a67a5c8ae426 .ssh]#
:
[root@a67a5c8ae426 .ssh]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key //
[root@a67a5c8ae426 .ssh]# ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
[root@a67a5c8ae426 .ssh]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_ecdsa_key
[root@a67a5c8ae426 .ssh]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_ed25519_key
sshd , ,
[root@a67a5c8ae426 .ssh]# /usr/sbin/sshd
[root@a67a5c8ae426 .ssh]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 160/sshd
tcp6 0 0 :::22 :::* LISTEN 160/sshd
[root@a67a5c8ae426 .ssh]#
----------------------- ssh, ( centos7 bug)-------------------------
[root@a67a5c8ae426 .ssh]# systemctl status sshd
Failed to get D-Bus connection: Operation not permitted
:
(docker stop container-id), , --privileged( , --privileged=true, ) /sbin/init( /bin/bash), :
[root@docker ~]# docker run -itd --privileged --name sshd centos /sbin/init
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
884db829911f centos "/sbin/init" 33 seconds ago Up 31 seconds sshd
[root@docker ~]#
/sbin/init /usr/sbin/init 。
[root@docker ~]# ll -ld /sbin/init
lrwxrwxrwx 1 root root 22 Jan 30 17:17 /sbin/init -> ../lib/systemd/systemd
[root@docker ~]# ll -ld /usr/sbin/init
lrwxrwxrwx 1 root root 22 Jan 30 17:17 /usr/sbin/init -> ../lib/systemd/systemd
[root@docker ~]#
ID , /bin/bash ( exec -it ), ssh ok
[root@docker ~]# docker exec -it sshd /bin/bash
[root@884db829911f /]# yum install wget vim net-tools ntpdate openssh-server -y
[root@884db829911f /]# systemctl restart sshd.service
[root@884db829911f /]# echo "123456" |passwd --stdin root
ssh , 22
[root@884db829911f /]# netstat -tnlp|grep sshd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 220/sshd
tcp6 0 0 :::22 :::* LISTEN 220/sshd
[root@884db829911f /]#
次にdocker psはコンテナを表示し、新しいミラーに変更をコミットし、新しいミラーを実行します.
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
884db829911f centos "/sbin/init" 6 minutes ago Up 6 minutes sshd
[root@docker ~]# docker stop sshd
sshd
, wangssh ( , (docker ps -a ); 。 , 。)
[root@docker ~]# docker commit sshd centos7.4-ssh
sha256:e990237344dcb59c45b68fd91e952af6419415d78d0c2ac86fba68c22ff00d6
, docker images
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos7.4-ssh latest e990237344dc 31 seconds ago 363MB
centos latest ff426288ea90 3 weeks ago 207MB
[root@docker ~]# docker run -d -p 2022:22 centos7.4-ssh /usr/sbin/sshd -D
7a5441309940af66119989aac03ef79fddd8d145c10fc19a7ec937802b86df29
[root@docker ~]#
:
-d
-p [ ]
docker ps
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7a5441309940 centos7.4-ssh "/usr/sbin/sshd -D" 28 seconds ago Up 26 seconds 0.0.0.0:2022->22/tcp laughing_yonath
, ( 123456 )
[root@docker ~]# ssh -p2022 root@localhost
The authenticity of host '[localhost]:2022 ([::1]:2022)' can't be established.
ECDSA key fingerprint is b1:37:95:96:11:1c:60:fd:8c:e2:e7:b3:3a:68:b6:85.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:2022' (ECDSA) to the list of known hosts.
root@localhost's password:
[root@7a5441309940 ~]#
ssh無パスワードログインの信頼関係を作るには、物理マシンのローカルの~/.ssh/id_rsa.pubをコンテナにコピーする~/.ssh/authorized_keysだけでよい
ID 7a5441309940 :
[root@docker ~]# ssh-keygen -t rsa
[root@docker ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub IP
~/.ssh/id_rsa.pub
[root@docker ~]# docker cp ~/.ssh/id_rsa.pub 7a5441309940:/root/.ssh/
id_rsa.pub authorized_keys
[root@docker ~]# docker exec -it 7a5441309940 /bin/bash
[root@7a5441309940 /]# cd ~/.ssh/
[root@7a5441309940 .ssh]# cp id_rsa.pub authorized_keys
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7a5441309940 centos7.4-ssh "/usr/sbin/sshd -D" 40 minutes ago Up 40 minutes 0.0.0.0:2022->22/tcp laughing_yonath
[root@docker ~]#
[root@docker ~]# docker stop 7a5441309940
7a5441309940
[root@docker ~]# docker commit 7a5441309940 centos7.4-ssh:v1
sha256:80da77f10ad4337dc6f41e84b65d6b2f74370c974bacb819f5c127276075282e
[root@docker ~]# docker run -d -p 2022:22 centos7.4-ssh:v1 /usr/sbin/sshd -D
40501782a73f27eac93fe5f2d3ceac3ff83650c5f3a1cead02d7af6898686cb7
ssh , ~
[root@docker ~]# ssh -p2022 root@localhost
Last login: Wed Jan 31 09:13:33 2018 from gateway
[root@40501782a73f ~]#
コンテナにログインしたら、次のコンテナipを表示する方法
:
[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
40501782a73f centos7.4-ssh:v1 "/usr/sbin/sshd -D" 3 minutes ago Up 3 minutes 0.0.0.0:2022->22/tcp vigorous_borg
[root@docker ~]# docker inspect 40501782a73f |grep IPAddress
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
[root@docker ~]#
:
[root@docker ~]# docker inspect --format='{{.NetworkSettings.IPAddress}}' 40501782a73f
172.17.0.2
:
“yum install net-tools”, ifconfig ip
ip , ssh 22 !
[root@docker ~]# ssh 172.17.0.2
Last login: Wed Jan 31 09:21:45 2018 from gateway
[root@40501782a73f ~]#