docker创建可以远程连接的容器

Posted 2020-12-02

有些场景需要我们自己配置容器中的服务，可以说类似于一个小型的虚拟机，那么怎么创建一个可以远程连接的容器呢？

拉取centos基础镜像

docker pull centos:7.2.1511

docker pull registry.cn-hangzhou.aliyuncs.com/repos_zyl/centos:0.0.1

启动镜像

sudo docker run -i -t  centos:7.2.1511 /bin/bash

 

 

yum -y install openssh-server

启动sshd:

# /usr/sbin/sshd -D

这时报以下错误：

[[email protected] b5926410fe60 /]# /usr/sbin/sshd

Could not load host key: /etc/ssh/ssh_host_rsa_key

Could not load host key: /etc/ssh/ssh_host_ecdsa_key

Could not load host key: /etc/ssh/ssh_host_ed25519_key 

执行以下命令解决：

ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''    

ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''

ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key  -N '' 

 

 

然后，修改/etc/ssh/sshd_config 配置信息：

UsePAM yes 改为UsePAM no 

UsePrivilegeSeparation sandbox 改为UsePrivilegeSeparation no

 

sed -i "s/#UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config

sed -i "s/UsePAM.*/UsePAM no/g" /etc/ssh/sshd_config

systemctl enable sshd

passwd root

 

[email protected]:~$ sudo docker ps -all

CONTAINER ID        IMAGE                                                     COMMAND             CREATED             STATUS                       PORTS               NAMES

880273353fda       registry.cn-hangzhou.aliyuncs.com/repos_zyl/centos:0.0.1   "/bin/bash"         10 minutes ago      Exited (127) 5 seconds ago                       goofy_kirch

[email protected]:~$ sudo docker commit 880273353fda sf/centos7-ssh

sha256:526e35632f77b2d9200fb26713b6270b0b58e221d1c789e3dc2bc2c5708423a8

[email protected]:~$

 

生成新的镜像

[email protected]:~$ sudo docker images

REPOSITORY                                          TAG                 IMAGE ID            CREATED              SIZE

sf/centos7-ssh                                      latest             526e35632f77        About a minute ago   301MB

 

删除在运行的容器

[email protected]:~$ sudo docker ps -all

CONTAINER ID        IMAGE                                                     COMMAND             CREATED             STATUS                       PORTS               NAMES

880273353fda        registry.cn-hangzhou.aliyuncs.com/repos_zyl/centos:0.0.1   "/bin/bash"         13 minutes ago      Exited (127) 3 minutes ago                       goofy_kirch

[email protected]:~$ sudo docker rm -f 880273353fda

880273353fda

[email protected]:~$ 

 

重新启动tomcat端口为8080 jh-hos端口为20000 ssh端口为10022

[email protected]:~$ sudo docker run -d -p 10022:22 -d -p 8080:8080 -d -p 20000:20000 sf/centos7-ssh /usr/sbin/sshd -D

04c440e2c872483a14e7cdee1411c51b73e2be2bdbfea5cf4887e09633ae0ed9

#远程连接成功

MacBook-Pro:lss-lims-web dingbingbing$ ssh [email protected] -p 10022

The authenticity of host '[192.168.3.136]:10022 ([192.168.3.136]:10022)' can't be established.

ECDSA key fingerprint is SHA256:EPo7Cu1FM9GG1plXF2MP9gyQRWORrUJau/MZnuqNt+w.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '[192.168.3.136]:10022' (ECDSA) to the list of known hosts.

[email protected]'s password: 

[[email protected] ~]#