docker容器ssh设置

1、用户密码认证方式登陆

hsl@ubuntu:~$sudodockerimages

[sudo]hsl的密码：

REPOSITORYTAGIMAGEIDCREATEDSIZE

hsl/ubuntu14.04_add_sourcealiyun_git_vim_ssh7e81fb2f82c544minutesago634.2MB

hsl/ubuntu14.04_JenkinsWithDocker_key6fb1d3cb798346hoursago760MB

hsl/ubuntu14.04_JenkinsWithDocker_password659fcb00b0dc3daysago760.1MB

ubuntu14.044a725d3b3b1c8daysago188MB

training/webapplatest6fae60ef344615monthsago348.8MB

hsl@ubuntu:~$sudodockerps-a

CONTAINERIDIMAGECOMMANDCREATEDSTATUSPORTSNAMES

hsl@ubuntu:~$sudodockerrun-tid-p22-Phsl/ubuntu:14.04_add_sourcealiyun_git_vim_ssh

ea153153c8837a4b0e1a8d0e6945200c7ac820c358d546202f1a95c72f12ca77

hsl@ubuntu:~$sudodockerexec-tiea/bin/bash

root@ea153153c883:/#cd/etc/ssh

root@ea153153c883:/etc/ssh#vimsshd_config

sshd_config需要关注三个地方，未修改之前是这样：

PermitRootLoginwithout-password

#AuthorizedKeysFile%h/.ssh/authorized_keys

#PasswordAuthenticationyes

说明：

#PermitRootLoginyes#允许root用户以任何认证方式登录（用户名密码认证和公钥认证）

#PermitRootLoginwithout-password#只允许root用公钥认证方式登录

#PermitRootLoginno#不允许root用户以任何认证方式登录

这里先修改两处：

PermitRootLoginwithout-password改为PermitRootLoginyes

#PasswordAuthenticationyes改为PasswordAuthenticationyes

root@ea153153c883:/etc/ssh#cd

root@ea153153c883:~#servicesshstart

*StartingOpenBSDSecureShellserversshd[OK]

root@ea153153c883:/#passwdroot

EnternewUNIXpassword:

RetypenewUNIXpassword:

passwd:passwordupdatedsuccessfully

root@ea153153c883:/#ifconfig

#获得docker的内网地址（inetaddr）：172.17.0.2

root@ea153153c883:/#exit

exit

hsl@ubuntu:[email protected]

[email protected]'spassword:

WelcometoUbuntu14.04LTS(GNU/Linux3.13.0-93-genericx86_64)

*Documentation:https://help.ubuntu.com/

TheprogramsincludedwiththeUbuntusystemarefreesoftware;

theexactdistributiontermsforeachprogramaredescribedinthe

individualfilesin/usr/share/doc/*/copyright.

UbuntucomeswithABSOLUTELYNOWARRANTY,totheextentpermittedby

applicablelaw.

root@ea153153c883:~#exit

logout

Connectionto172.17.0.2closed.

hsl@ubuntu:~$ifconfig

#获得宿主机的内网地址（inet地址）：192.168.127.159，这里试一下端口映射方式登陆docker

#因为做了端口映射，所以可以直接从映射的端口登陆，只需要知道和docker的22端口映射的宿主机端口和宿主机的ip（如果和docker的22做端口映射时候采用默认IP方式，则默认宿主机的所有IP都和docker的22端口映射，这样localhost和子网IP均可等登陆）

#即[email protected]和[email protected]都可以登陆docker

hsl@ubuntu:[email protected]

#第一次登陆有警告

Theauthenticityofhost'[192.168.127.159]:32771([192.168.127.159]:32771)'can'tbeestablished.

ECDSAkeyfingerprintisSHA256:icDOU4lcWTiFb4eIKUtosFNrqzGMo5ufzqXQfPdtSZg.

Areyousureyouwanttocontinueconnecting(yes/no)?yes

Warning:Permanentlyadded'[192.168.127.159]:32771'(ECDSA)tothelistofknownhosts.

[email protected]'spassword:

WelcometoUbuntu14.04.5LTS(GNU/Linux4.4.0-36-genericx86_64)

*Documentation:https://help.ubuntu.com/

Lastlogin:SunSep406:00:372016from172.17.0.1

root@ea153153c883:~#exit

logout

Connectionto192.168.127.159closed.

hsl@ubuntu:[email protected]

#再登录一遍就没有警告了

[email protected]'spassword:

WelcometoUbuntu14.04.5LTS(GNU/Linux4.4.0-36-genericx86_64)

*Documentation:https://help.ubuntu.com/

Lastlogin:SunSep406:01:332016from192.168.127.159

root@ea153153c883:~#exit

logout

Connectionto192.168.127.159closed.

2、公钥认证方式登陆

hsl@ubuntu:~$sudodockerrun-tid-p22-Phsl/ubuntu:14.04_add_sourcealiyun_git_vim_ssh

f2e54200c5c7f3310a27e274d7d8c9585ed3c79f921cb63edb8f3a00d1165e24

hsl@ubuntu:~$sudodockerps-a

CONTAINERIDIMAGECOMMANDCREATEDSTATUSPORTSNAMES

f2e54200c5c7hsl/ubuntu:14.04_add_sourcealiyun_git_vim_ssh"/bin/bash"15secondsagoUp10seconds0.0.0.0:32768->22/tcpbig_brown

hsl@ubuntu:~$sudodockerexec-itf2/bin/bash

root@f2e54200c5c7:/#vim/etc/ssh/sshd_config

把第一步中提到的需要注意的三个地方做以下修改：

PermitRootLoginwithout-password

#AuthorizedKeysFile%h/.ssh/authorized_keys改为AuthorizedKeysFile%h/.ssh/authorized_keys

#PasswordAuthenticationyes改为PasswordAuthenticationyes

（如果服务器不在本地，千万不能PasswordAuthenticationyes->no，万一当前的ssh链接中断，万一RAS认证没弄好，密码验证又禁止了。可以理解为公钥认证优先于用户密码认证，但是万一公钥认证失败，用用户密码认证以防万一）

root@f2e54200c5c7:/#exit

exit

hsl@ubuntu:~$ssh-keygen-trsa

#一直回车，生成宿主机的密钥

hsl@ubuntu:~$cd.ssh

hsl@ubuntu:~/.ssh$ls

id_rsaid_rsa.pub

hsl@ubuntu:~/[email protected]:~/.ssh/

[email protected]'spassword:

id_rsa.pub100%3920.4KB/s00:00

hsl@ubuntu:~/.ssh$sudodockerexec-itf2/bin/bash

root@ea153153c883:/#cd

root@ea153153c883:~#cd.ssh

root@ea153153c883:~/.ssh#ls

id_rsa.pub

root@ea153153c883:~/.ssh#mvid_rsa.pubauthorized_keys

root@ea153153c883:~/.ssh#ls

authorized_keys

********可以替换上面的通过scp方法把公钥传送到docker*********

#或者直接把宿主机的id_rsa.pub内容复制到docker的/root/.ssh/authorized_keys

hsl@ubuntu:~$cd.ssh

hsl@ubuntu:~/.ssh$ls

id_rsaid_rsa.pubknown_hosts

hsl@ubuntu:~/.ssh$catid_rsa.pub

#宿主机的公钥

hsl@ubuntu:~/.ssh$sudodockerexec-itf2/bin/bash

root@f2e54200c5c7:/#ssh-keygen-trsa

#这一步只是为了方便产生docker的.ssh目录

root@f2e54200c5c7:/#cd

root@f2e54200c5c7:~#cd.ssh

root@f2e54200c5c7:~/.ssh#ls

id_rsaid_rsa.pub

root@f2e54200c5c7:~/.ssh#touchauthorized_keys

root@f2e54200c5c7:~/.ssh#ls

authorized_keysid_rsaid_rsa.pub

root@f2e54200c5c7:~/.ssh#vimauthorized_keys

#把宿主机的id_rsa.pub内容复制到docker的/root/.ssh/authorized_keys

********可以替换上面的通过scp方法把公钥传送到docker*********

root@f2e54200c5c7:/#servicesshstart

*StartingOpenBSDSecureShellserversshd[OK]

root@f2e54200c5c7:/#exit

exit

hsl@ubuntu:~/[email protected]

WelcometoUbuntu14.04.5LTS(GNU/Linux4.4.0-36-genericx86_64)

*Documentation:https://help.ubuntu.com/

Lastlogin:SunSep408:18:212016from172.17.0.1

root@f2e54200c5c7:~#exit

logout