使用dockerfile创建基于centos的ssh容器:
需求:
打包的镜像需要支持SSH key和密码登录
1.首先创建目录/home/sshd_centos
[root@test-devops sshd_centos]# pwd
/home/sshd_centos
[root@test-devops sshd_centos]#
2.查看autorized.keys,需要注意的是,需要哪个机器使用key登录就把哪个客户的pub文件进去
[root@test-devops sshd_centos]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0OaHTmgsdKIrPCgULUk1XyRGhicQbPPJgQN85QTZNfA2iuK7PmkhoPnXLaRtMZl4se6xsBEuCn0Yougx4vFRzszDv/62XxjErqqC0vQBEWL4KaGCmDgEtwaE3oOBPA+kfIU0XITZuZx7KdPsaX2pngrv+EK3urs5kYUbwfQzE8G9JcqhWmGUxNWx+SvyspH5GaEMvxdpmZtitevEDfAGTnfp0DvR/C/5EcieS9MBHOAMEwm5mzVzvTV+HEN2GMmZAuooEUGlzTVyCRzJvddzzPDsVKZzLPhA8QYWYGg/bSDkrh5IFYBc5T/yDhD6xBbbFG+R4vT98iOqB7m9vXst9 zhangkeyuan@zhangkeyuandeMacBook-Air.local
[root@test-devops sshd_centos]#
3.给文件授权
[root@test-devops sshd_centos]# ll authorized_keys
-rw------- 1 root root 424 7月 2 17:43 authorized_keys
[root@test-devops sshd_centos]#
4.查看run.sh文件,并且授权。 [root@test-devops sshd_centos]# cat run.sh #!/bin/bash /usr/sbin/sshd -D [root@test-devops sshd_centos]# ll run.sh -rwxr-xr-x 1 root root 30 7月 2 17:38 run.sh [root@test-devops sshd_centos]#
5.编写Dockerfile文件
[root@test-devops sshd_centos]# cat Dockerfile
# 继承的镜像
FROM centos:6
# 作者信息
MAINTAINER steven <www.opsnotes.net>
# 安装SSH服务和VIM服务
RUN yum install -y openssh-server openssh-clients vim
RUN mkdir -p /root/.ssh/
ADD authorized_keys /root/.ssh/authorized_keys
RUN ssh-keygen -f /etc/ssh/ssh_host_rsa_key
RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
RUN echo 'root:123qwer' |chpasswd
RUN sed -i "s/#UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config
RUN sed -i "s/UsePAM.*/UsePAM no/g" /etc/ssh/sshd_config
# 取消PAM限制
RUN sed -i '/pam_loginuid.so/c session optional pam_loginuid.so' /etc/pam.d/sshd
# 复制文件,给脚本可执行权限
ADD run.sh /run.sh
RUN chmod +x /run.sh
# 设置开放端口
EXPOSE 22
# 设置自动开启命令
CMD ["/run.sh"]
[root@test-devops sshd_centos]#
6.创建镜像
[root@test-devops sshd_centos]# docker build -t 'sshd/centos62' .
Sending build context to Docker daemon 4.608 kB
Sending build context to Docker daemon
Step 0 : FROM centos:6
---> a005304e4e74
Step 1 : MAINTAINER steven <www.opsnotes.net>
---> Using cache
---> 8ccadbb8c6f6
Step 2 : RUN yum install -y openssh-server openssh-clients vim
---> Using cache
---> 111215780c4f
Step 3 : RUN mkdir -p /root/.ssh/
---> Running in ea191f0909c4
---> 5f6ac2b38d88
Removing intermediate container ea191f0909c4
Step 4 : ADD authorized_keys /root/.ssh/authorized_keys
---> 741bd05637e8
Removing intermediate container 386d4b505a1d
Step 5 : RUN ssh-keygen -f /etc/ssh/ssh_host_rsa_key
---> Running in b7f9f3c9d4df
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
aa:ac:5b:04:c5:11:e9:39:b7:7c:62:1b:3a:15:c2:f5 root@75f92b78d2cc
The key's randomart image is:
+--[ RSA 2048]----+
| .++ |
| .o . |
| .o o . |
| .* o E |
| .= oS |
| . B.. |
| .+.= |
| oo.. |
| ooo. |
+-----------------+
---> b42a1ffe70f9
Removing intermediate container b7f9f3c9d4df
Step 6 : RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
---> Running in 8a28a1527a13
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
c2:af:40:c9:b2:b6:46:a3:30:c7:98:38:69:54:0d:07 root@75f92b78d2cc
The key's randomart image is:
+--[ DSA 1024]----+
| E+. |
| ... |
| . |
| . . o |
|o=. + o S |
|O.=+ o |
|o*o.. . |
|.... . . |
| .. . |
+-----------------+
---> 2f5a07235d66
Removing intermediate container 8a28a1527a13
Step 7 : RUN echo 'root:123qwer' |chpasswd
---> Running in f6811daba557
---> f3515e28b046
Removing intermediate container f6811daba557
Step 8 : RUN sed -i "s/#UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config
---> Running in 0ddb9e0e52a1
---> 3048f905c529
Removing intermediate container 0ddb9e0e52a1
Step 9 : RUN sed -i "s/UsePAM.*/UsePAM no/g" /etc/ssh/sshd_config
---> Running in 4987ecf98986
---> 8047eacadabe
Removing intermediate container 4987ecf98986
Step 10 : RUN sed -i '/pam_loginuid.so/c session optional pam_loginuid.so' /etc/pam.d/sshd
---> Running in 21c662ab0111
---> f313d66e836a
Removing intermediate container 21c662ab0111
Step 11 : ADD run.sh /run.sh
---> 29a4c3843361
Removing intermediate container 6b8fbc856b2d
Step 12 : RUN chmod +x /run.sh
---> Running in 853dfb9e0aa7
---> 29f4074323a8
Removing intermediate container 853dfb9e0aa7
Step 13 : EXPOSE 22
---> Running in 2a277d6e363b
---> b32ff8e94278
Removing intermediate container 2a277d6e363b
Step 14 : CMD /run.sh
---> Running in dea577902b02
---> b6eca2c06ea4
Removing intermediate container dea577902b02
Successfully built b6eca2c06ea4
[root@test-devops sshd_centos]#
7.查看镜像是否创建成功
[root@test-devops sshd_centos]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
sshd/centos62 latest b6eca2c06ea4 24 seconds ago 313 MB
[root@test-devops sshd_centos]#
8.启动docker容器
[root@test-devops sshd_centos]# docker run -d -p 10125:22 sshd/centos62
f7572b7e1be4d6509939c12fcad0ea9cfb305d4b47a402c105a1ec0ee16098fb
[root@test-devops sshd_centos]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f7572b7e1be4 sshd/centos62:latest "/run.sh" 5 seconds ago Up 4 seconds 0.0.0.0:10125->22/tcp lonely_goodall
[root@test-devops sshd_centos]#
9.测试,可以测试key登录以及密码登录
ssh -p 10125 root@121.41.118.184
zhangkeyuan@opsnotes:~ » ssh -p 10125 root@121.41.118.184
Last login: Fri Jul 3 02:33:34 2015 from 101.231.116.2
[root@6a71571acfd8 ~]#
[root@6a71571acfd8 ~]#