写在正文前
本博客是作者看了书籍《Docker技术入门与实战》后,在ubuntu虚拟机内进行实战操作后,发现了一些实际操作问题后,有感而发所写的,若有侵权,请联系博主协商解决。
实验环境:Win10宿主机上的ubuntu虚拟机,已安装Docker【如何安装Docker可查看其它教程】
Docker中有两种创建容器的方法:基于Docker commit命令和基于Dockerfile创建。
本博客选择基于Dockerfile的模式。
1 创建工作目录
首先创建一个工作目录,叫做sshd_ubuntu_blog,并进入其中:
ag@ubuntu:~/studyDocker$ mkdir sshd_ubuntu_blog && cd sshd_ubuntu_blog
ag@ubuntu:~/studyDocker/sshd_ubuntu_blog$
接着创建Dockerfile文件与run.sh文件:
ag@ubuntu:~/studyDocker/sshd_ubuntu_blog$ touch Dockerfile run.sh
ag@ubuntu:~/studyDocker/sshd_ubuntu_blog$ ls
Dockerfile run.sh
2 编写run.sh脚本和创建authorized_keys文件
脚本文件run.sh用来启动ssh服务,内容如下:
ag@ubuntu:~/studyDocker/sshd_ubuntu_blog$ cat run.sh
#! /bin/bash
/usr/sbin/sshd -D
而authorized_keys文件是用来实现SSH免密登录的关键,原理不懂得可以看这篇博客,首先使用命令生成客户端【这里也就是ubuntu虚拟机】的SSH公钥,命令执行过程中,会询问存放目录,这边我选择默认,如果之前有生成过,还会问是否覆盖:
ag@ubuntu:~/studyDocker/sshd_ubuntu_blog$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ag/.ssh/id_rsa):
/home/ag/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ag/.ssh/id_rsa.
Your public key has been saved in /home/ag/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:fIJbGqA9l4Hpqhh7Affh2IGNIhaKZNqgU/OmADLQ6xo ag@ubuntu
The key's randomart image is:
+---[RSA 2048]----+
|o. |
|=++ o |
|X=.B+ . |
|@.*+*. = |
|oB.B+o= S . |
|E =.+o = o |
|.o.. o |
|o+. |
|+. |
+----[SHA256]-----+
公钥存放的位置会在上书命令执行过程中给出,执行下面的命令将其复制进authorized_keys文件:
ag@ubuntu:~/studyDocker/sshd_ubuntu_blog$ cat ~/.ssh/id_rsa.pub > authorized_keys
为确保复制成功,可以将文件内容打开看看:
ag@ubuntu:~/studyDocker/sshd_ubuntu_blog$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClFVrZdT5fqnM+e1PgU6ZEOTIiESd7X6dgzJAL8Tvwb2Da8vY+UTKzwFywYI4rV1+7MZ0KP2Ld6GDuKCy+Y+ddKNGIBNe8Cjn8dTh4E1Lw2weoo0/pWF1DZEDXY6xCvoL6dVQISb3AQRQYWGiEsLeIgR/it6z+6fJiJNTlEtaleIDWixkZZfYdInQKiKVBcuWu6V5Pa0ZSV7x7cfiD/G3j9vSYtrlIX+eGny1Uc0yR6fXXfgnQQdZkPBzJtHbPSa+554yxrOtpl+2ZA/bf2xRIXy7K66xEakHPfWB74TFQ87wxmvgtOqwfl9uePS4K7lJ954XUOzq6N/X8ES41RTR9 ag@ubuntu
3 编写Dockerfile
Dockerfile文件用来创建Docker镜像,其内容如下:
FROM ubuntu:18.04
MAINTAINER AlaGeek (24******03@qq.com)
#因为国外源太慢,在这里将ubuntu的源更改为国内163的源
RUN echo "deb http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse" > /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse" >> /etc/apt/sources.list
RUN apt-get update
#安装SSH服务
RUN apt-get install -y openssh-server
RUN mkdir -p /var/run/sshd
RUN mkdir -p /root/.ssh
#PAM会限制用户登录失败次数,这边是测试实验,所以取消PAM限制,实际应用酌情考虑
RUN sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
#复制配置文件到相应的位置
ADD authorized_keys /root/.ssh/authorized_keys
ADD run.sh /run.sh
#赋予脚本执行权限
RUN chmod 755 /run.sh
#开放端口22
EXPOSE 22
#设置自启动命令
CMD ["/run.sh"]
4 创建镜像
在sshd_ubuntu_blog目录下执行命令【注意命令最后有一个 “.” ,表示Dockerfile文件在当前目录下】:
ag@ubuntu:~/studyDocker/sshd_ubuntu_blog$ docker build -t sshd:blog .
执行成功的标志如下:
Successfully built 9958d62beb4e
Successfully tagged sshd:blog
说明sshd:blog镜像已经创建完毕,它的ID为9958d62beb4e,也可用docker images命令查看镜像:
ag@ubuntu:~/studyDocker/sshd_ubuntu_blog$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sshd blog 9958d62beb4e About a minute ago 207MB
5 测试
使用如下命令,基于sshd:blog镜像启动一个容器,并映射22端口到本地的10122端口:
ag@ubuntu:~/studyDocker/sshd_ubuntu_blog$ docker run -d -p 10122:22 sshd:blog
5a97e4a0849f2b966949f8a89de45c9710458203f737af659668f891e763417a
产生的字符串是该容器的ID,使用如下命令对该容器进行测试:
ag@ubuntu:~/studyDocker/sshd_ubuntu_blog$ ssh root@127.0.0.1 -p 10122
The authenticity of host '[127.0.0.1]:10122 ([127.0.0.1]:10122)' can't be established.
ECDSA key fingerprint is SHA256:Cx8RX9fL3ZyXubghsH2RXoA4+nfoV29VhFUv5il4yAg.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[127.0.0.1]:10122' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 5.3.0-26-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.
To restore this content, you can run the 'unminimize' command.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
root@5a97e4a0849f:~#
可以看到最后进入了容器的交互界面,这里需要注意的一点是,用ssh连接容器的时候,需要注明使用root用户进入。