首先,docker并不是虚拟机,一般并不存在用户访问控制,但有些时候想让用户通过密码才能访问虚拟集命令行,则可以通过ssh连接来实现。
但有个前提就是不能让用户直接接触宿主机,因为使用docker exec和docker cp等,是可以不需密码直接访问docker内部文件。
下面开始正文为python-slim镜像配置ssh访问
启动docker image时可以指定端口映射 docker run -ditp 500001:22 [imageID]
在/etc/ssh 目录下可以看到ssh_host_rsa_key等文件
/etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key允许ssh连接root用户
vim /etc/ssh/sshd_config // 修改字段 PermitRootLogin yes运行/usr/sbin/sshd,查看22端口号是否开启,开启说明启动成功。
[root@655f62a4ed82 ssh]# /usr/sbin/sshd [root@655f62a4ed82 ssh]# ps -e | grep ssh COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 37 root 3u IPv4 250907 0t0 TCP *:ssh (LISTEN) sshd 37 root 4u IPv6 250909 0t0 TCP *:ssh (LISTEN)备注:重启ssh服务/etc/init.d/ssh restart
// 查看docker地址 docker ps docker inspect [containerID]访问ssh端口ssh root@localhost -p 50001输入root密码
修改root密码
root@e1c328726835:/etc/ssh# passwd root New password: Retype new password:手动重新生成密钥对
[root@655f62a4ed82 ssh]# ssh-keygen -t rsa //生成rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 0e:fa:07:36:bb:87:c1:60:14:be:41:41:01:1b:4b:bc root@655f62a4ed82 The key's randomart image is: +--[ RSA 2048]----+ | .+o*+ | | ..*. | | ooo | | E oo | | ..o. S | | .*o | | .. *. | | .o o | | o+ | +-----------------+ [root@655f62a4ed82 ssh]# ssh-keygen -t dsa //生成dsa Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: ee:8c:db:a8:24:68:0d:33:79:eb:09:33:ed:74:c3:66 root@655f62a4ed82 The key's randomart image is: +--[ DSA 1024]----+ | | | | | | | . | | = . S | | .B o . | |.=.=.E . | |. Bo= .* | | +..+.+ | +-----------------+ [root@655f62a4ed82 ssh]# ssh-keygen -t ecdsa //生成ecdsa Generating public/private ecdsa key pair. Enter file in which to save the key (/root/.ssh/id_ecdsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_ecdsa. Your public key has been saved in /root/.ssh/id_ecdsa.pub. The key fingerprint is: 84:74:de:d1:e4:98:a1:5c:27:25:8e:b7:d6:27:fd:c9 root@655f62a4ed82 The key's randomart image is: +--[ECDSA 256]---+ | . . *++ | | . = * X. | | . * * . | | . . o . | | S o o o | | . o...| | E.| | | | | +-----------------+ [root@655f62a4ed82 ssh]# ssh-keygen -t ed25519 Generating public/private ed25519 key pair. Enter file in which to save the key (/root/.ssh/id_ed25519): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_ed25519. Your public key has been saved in /root/.ssh/id_ed25519.pub. The key fingerprint is: d8:40:95:1f:07:96:8a:83:7f:af:19:01:3b:b4:79:91 root@655f62a4ed82 The key's randomart image is: +--[ED25519 256--+ | ....oo | | . .oo . | | .+.Eo o | | ..oO... | | .*.S | | .o.. | | ... | | o. | | o. | +-----------------+ [root@655f62a4ed82 ssh]# cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys mkdir /run/sshd然后修改sshd_config中上述文件所在的位置
HostKey /root/.ssh/id_rsa HostKey /root/.ssh/id_dsa HostKey /root/.ssh/id_ecdsa HostKey /root/.ssh/id_ed25519