Dockerfile分享之SSH Server

版權聲明：本文由姚俊剛原創文章，轉載請註明出處: 
文章原文連接：https://www.qcloud.com/community/article/84

來源：騰雲閣 https://www.qcloud.com/community

 

Docker 官方網站上給出的示例裏面有個 用 Dockerfile 構建 SSH Server 的例子, 我在騰訊雲的主機上實驗了一下, 中間添加了一些優化, 把實驗過程記錄以下, 但願對你們有幫助.

一. 相關的文件

1. 新建一個目錄和一個 Dockerfile

mkdir y109-sshd
vim Dockerfile

2. Dockerfile 的內容以下

# docker sshd
FROM ubuntu:14.04
MAINTAINER y109<y109@qq.com>

# 使用 163.com 的源
COPY sources.list.163.txt /etc/apt/sources.list
RUN apt-get -y update

# 設置 root 密碼
RUN echo 'root:bMg5kesfdsfesx9gD' | chpasswd

# 安裝 openssh-server
RUN apt-get -y install openssh-server
RUN mkdir /var/run/sshd

# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
#
# ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile

# 添加公鑰(若是沒有公鑰能夠省略)
RUN mkdir /root/.ssh
RUN echo 'ssh-rsa YOU_PUB_KEY' > /root/authorized_keys

# 容器啓動後運行的程序
CMD ["/usr/sbin/sshd", "-D"]

# 打開 22 端口
EXPOSE 22

sources.list.163.txt 的內容以下

deb http://mirrors.163.com/ubuntu/ precise main restricted
deb-src http://mirrors.163.com/ubuntu/ precise main restricted

deb http://mirrors.163.com/ubuntu/ precise-updates main restricted
deb-src http://mirrors.163.com/ubuntu/ precise-updates main restricted

deb http://mirrors.163.com/ubuntu/ precise universe
deb-src http://mirrors.163.com/ubuntu/ precise universe
deb http://mirrors.163.com/ubuntu/ precise-updates universe
deb-src http://mirrors.163.com/ubuntu/ precise-updates universe

deb http://mirrors.163.com/ubuntu/ precise-security main restricted
deb-src http://mirrors.163.com/ubuntu/ precise-security main restricted
deb http://mirrors.163.com/ubuntu/ precise-security universe
deb-src http://mirrors.163.com/ubuntu/ precise-security universe

二.構建 Image

使用 docker build 來生成鏡像
-t 參數是給這個鏡像的 TAG

sudo docker build -t 'y109/sshd' ./
Sending build context to Docker daemon 4.608 kB
Sending build context to Docker daemon
Step 0 : FROM ubuntu:14.04
 ---> 9cbaf023786c
Step 1 : MAINTAINER y109<y109@qq.com>
 ---> Using cache
 ---> 2256ab1cc931
Step 2 : COPY sources.list.163.txt /etc/apt/sources.list
 ---> Using cache
 ---> 65536ca26964
Step 3 : RUN apt-get -y update
 ---> Using cache
 ---> 60639e42f098
Step 4 : RUN echo 'root:pass123456' | chpasswd
 ---> Using cache
 ---> 8644dd20854f
Step 5 : RUN apt-get -y install openssh-server
 ---> Using cache
 ---> 98039327bca7
Step 6 : RUN mkdir /var/run/sshd
 ---> Using cache
 ---> 9bd3b3fc7828
Step 7 : RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
 ---> Using cache
 ---> d748cb9428a0
Step 8 : RUN echo "export VISIBLE=now" >> /etc/profile
 ---> Using cache
 ---> e975cd819243
Step 9 : RUN mkdir /root/.ssh
 ---> Using cache
 ---> e561acc07675
Step 10 : RUN echo 'ssh-rsa YOU_PUBLIC_KEY'
 ---> Using cache
 ---> 8f6882a72037
Step 11 : CMD ["/usr/sbin/sshd", "-D"]
 ---> Using cache
 ---> 48cbd2c4aa70
Step 12 : EXPOSE 22
 ---> Using cache
 ---> 3101a36f0084
Successfully built 3101a36f0084

使用 docker images 命令查看鏡像, 確認鏡像構建成功了

sudo docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
y109/sshd           latest              3101a36f0084        22 minutes ago      226.1 MB
<none>              <none>              23f604e547b8        28 minutes ago      226.1 MB
<none>              <none>              50647a1fb746        36 minutes ago      226.1 MB
y
...

y109/sshd就是咱們剛纔構建的鏡像

三.建立 Container

使用 docker run 來用鏡像建立一個 Container

-d : Detached mode, 使 Container 在 background 模式運行
-p : 把 22 端口映射到主機的網卡上, 格式: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort
–name : 給 Container 指定一個名字, 一旦指定了名稱這個名稱就和這個 Container 綁定了, 能夠用 docker ps -a 列出來

sudo docker run -d -p 10922:22 --name y109-sshd y109/sshd
我用的外網端口是 10922, 能夠根據須要修改, 下一步須要確認 Container 是否正常執行了

sudo docker ps
CONTAINER ID        IMAGE               COMMAND               CREATED             STATUS              PORTS                   NAMES
fc37b83d343e        y109/sshd:latest    "/usr/sbin/sshd -D"   9 seconds ago       Up 9 seconds        0.0.0.0:10922->22/tcp   y109-sshd

看來執行成功了, 鏈接試試看看

ssh root@localhost -p10922
The authenticity of host '[localhost]:10922 ([127.0.0.1]:10922)' can't be established.
ECDSA key fingerprint is 4d:48:5c:61:54:d6:8f:62:70:a2:0e:ab:b7:1a:cb:f7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:10922' (ECDSA) to the list of known hosts.

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

root@80f07ad418fe:~#

已經成功鏈接進入 Container 了

四.關閉 Container

sudo docker stop fc3 fc3 是 Container Id fc37b83d343e 的縮寫, 只要可以惟一標識這個 Container 就能夠了。或者sudo docker stop y109-sshd

五.運行 Container

sudo docker start y109-sshd