Docker 构建SSH服务

1.基于commit命令创建

1.1 配置ssh服务

# 查看images
[root@langzi01 ~]# docker ps -a
2f5f9417b073        centos              "/bin/bash"              3 days ago          Up 3 days                                       data01
# 更新yum源
[root@2f5f9417b073 /]# yum update -y

#查看sshd服务
[root@2f5f9417b073 /]# sshd       
bash: sshd: command not found

#安装ssh
[root@2f5f9417b073 /]# yum install -y openssh-server

#创建目录，要正常启动，需要 /var/run/sshd 存在。
[root@2f5f9417b073 /]# mkdir /var/run/sshd

#启动服务 -- 发现报错
[root@2f5f9417b073 /]# /usr/sbin/sshd -D &
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key

#解决办法
[root@2f5f9417b073 sshd]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
[root@2f5f9417b073 sshd]# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
[root@2f5f9417b073 sshd]# ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key


#再次启动服务
[root@2f5f9417b073 sshd]# /usr/sbin/sshd

#查看服务
[root@2f5f9417b073 sshd]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      302/sshd            
tcp6       0      0 :::80                   :::*                    LISTEN      87/httpd            
tcp6       0      0 :::22                   :::*                    LISTEN      302/sshd 

[root@2f5f9417b073 ~]# pwd
/root
[root@2f5f9417b073 ~]# mkdir .ssh

#新开会话，查看， 这里@之后是langzi01，容器@之后是2f5f9417b073
[root@langzi01 ~]# cd .ssh/
[root@langzi01 .ssh]# ls
authorized_keys  id_rsa  id_rsa.pub  known_hosts
[root@langzi01 .ssh]# cat id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3q8E9u60OwMSPTbpLlIyxKVsmICFgTQccnPLXMYFelZQ6KSdXSPCItCWh5rIC0EuOh3J9ykNlqQC0GNoZ27ziom3ezsH0cP9Puqzzp9tqdiMZtLB/UviyRIKARemtuyEM14/PUV+SES4A6K514nJ5g96KEdxb7gl/20TfiYa0Eo+CtABiyIYTz+q/AHh0zAx20qwEPcRWyKsIEurtd+IyopxZmbYzIXX9yDurBks5ROS2Viq64B2nPvB+Yhhc5ehGKCbi52qIMgIXPMQob3fuW6+ProunnAvdFb7+eRlrY3M3QTkC7jdB5ZNGNa0bNTD0amD49ImwCsY1eXzrm5XB root@langzi01

#切换到容器绘画
[root@2f5f9417b073 .ssh]# vi authorized_keys
#将宿主的 id_rsa.pub内容复制到该文件中


#创建  /run.sh
[root@2f5f9417b073 .ssh]# vi /run.sh

#内容如下：
[root@04c0e6e78f46 ~]# cat /run.sh 
#!/bin/bash
/usr/sbin/sshd -D

#退出容器 exit

1.2 保存镜像

[root@langzi01 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                  PORTS               NAMES
2f5f9417b073        centos              "/bin/bash"              3 days ago          Up 3 days                                   data01
[root@langzi01 ~]# docker commit 2f5 sshd:centos
sha256:08d75e23080972ce9a4494a7b748b081a0286d88a97f9bb453bd88e280749146
[root@langzi01 ~]# docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
sshd                        centos              08d75e230809        4 seconds ago       383 MB

1.3 使用镜像

[root@langzi01 ~]# docker run -p 10022:22 --name sshd -d sshd:centos /run.sh
04c0e6e78f46652c590b444b211bd76c3526311e3676bd3300c9846f371f6f56
[root@langzi01 ~]# docker ps -l
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                   NAMES
04c0e6e78f46        sshd:centos         "/run.sh"           7 seconds ago       Up 5 seconds        0.0.0.0:10022->22/tcp   sshd

1.4 宿主ssh登录

[root@langzi01 ~]# ssh 172.17.0.1 -p 10022
The authenticity of host '[172.17.0.1]:10022 ([172.17.0.1]:10022)' can't be established.
ECDSA key fingerprint is SHA256:MsHCJMCYdCwMmfC2fJva7hEQV2gQlIwR0py3h9l3iXU.
ECDSA key fingerprint is MD5:05:5d:c3:90:4d:1a:32:35:74:0e:ea:c8:1a:42:60:65.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[172.17.0.1]:10022' (ECDSA) to the list of known hosts.
[root@04c0e6e78f46 ~]# pwd
/root

2.基于commit命令创建