基于alpine构建ssh服务

Docker构建SSH服务镜像

基于alpine构建,拉取alpine镜像

1
2
3
4
5
6
7

> docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
59bf1c3509f3: Already exists
Digest: sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest

编写Dockerfile文件

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

# sshd
#
# VERSION               0.0.1

FROM     alpine:latest
MAINTAINER ph "xx@gmail.com"

# make sure the package repository is up to date
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \
    && apk update \
    && apk add --no-cache openssh tzdata \
    && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
    && sed -i "s/#PermitRootLogin.*/PermitRootLogin yes/g" /etc/ssh/sshd_config \
    && ssh-keygen -t dsa -P "" -f /etc/ssh/ssh_host_dsa_key \
    && ssh-keygen -t rsa -P "" -f /etc/ssh/ssh_host_rsa_key \ 
    && ssh-keygen -t ecdsa -P "" -f /etc/ssh/ssh_host_ecdsa_key \
    && ssh-keygen -t ed25519 -P "" -f /etc/ssh/ssh_host_ed25519_key \
    && echo "root:abc123456" | chpasswd

EXPOSE 22

CMD    ["/usr/sbin/sshd", "-D"]

sshd服务默认安装在/usr/sbin目录下,使用-D参数sshd服务在前台启动,从而让容器直接运行在sshd服务上。

执行build构建镜像

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111

> docker build -t mysshd:alpine -f Dockerfile .

Sending build context to Docker daemon  6.144kB
Step 1/5 : FROM     alpine:latest
 ---> c059bfaa849c
Step 2/5 : MAINTAINER ph "xx@gmail.com"
 ---> Using cache
 ---> 17d27fa7bafd
Step 3/5 : RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories     && apk update     && apk add --no-cache openssh tzdata     && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime     && sed -i "s/#PermitRootLogin.*/PermitRootLogin yes/g" /etc/ssh/sshd_config     && ssh-keygen -t dsa -P "" -f /etc/ssh/ssh_host_dsa_key     && ssh-keygen -t rsa -P "" -f /etc/ssh/ssh_host_rsa_key     && ssh-keygen -t ecdsa -P "" -f /etc/ssh/ssh_host_ecdsa_key     && ssh-keygen -t ed25519 -P "" -f /etc/ssh/ssh_host_ed25519_key     && echo "root:abc123456" | chpasswd
 ---> Running in 84b2187e9e39
fetch https://mirrors.aliyun.com/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
fetch https://mirrors.aliyun.com/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
v3.15.8-126-g8b82e06546f [https://mirrors.aliyun.com/alpine/v3.15/main]
v3.15.8-122-g88eb1d4a287 [https://mirrors.aliyun.com/alpine/v3.15/community]
OK: 15866 distinct packages available
fetch https://mirrors.aliyun.com/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
fetch https://mirrors.aliyun.com/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
(1/11) Installing openssh-keygen (8.8_p1-r1)
(2/11) Installing ncurses-terminfo-base (6.3_p20211120-r2)
(3/11) Installing ncurses-libs (6.3_p20211120-r2)
(4/11) Installing libedit (20210910.3.1-r0)
(5/11) Installing openssh-client-common (8.8_p1-r1)
(6/11) Installing openssh-client-default (8.8_p1-r1)
(7/11) Installing openssh-sftp-server (8.8_p1-r1)
(8/11) Installing openssh-server-common (8.8_p1-r1)
(9/11) Installing openssh-server (8.8_p1-r1)
(10/11) Installing openssh (8.8_p1-r1)
(11/11) Installing tzdata (2023c-r0)
Executing busybox-1.34.1-r3.trigger
OK: 15 MiB in 25 packages
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub
The key fingerprint is:
SHA256:GfDd7aoVpmil+aavHerCXej0j9F3PZiKfvpzsdi0s0A root@84b2187e9e39
The key's randomart image is:
+---[DSA 1024]----+
|      .          |
|       o . . .   |
|        o . . .  |
|         o   .   |
|        S..Eo .  |
|        o=o+ =o .|
|     . +=o+.Bo=.o|
|      o.o++XoB ..|
|       o*OX++.o  |
+----[SHA256]-----+
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub
The key fingerprint is:
SHA256:Vxi7rPIhSsfxvSzcFews1YwPKeJVC2QiM6iaxqVwGvg root@84b2187e9e39
The key's randomart image is:
+---[RSA 3072]----+
|     .+ ..+      |
|    .  + o.+.    |
|.  .      o+.*   |
|+ o.    ..ooO o  |
|oBo   ..So+= +   |
|++E  . o.+. + .  |
|.   . =.+..o     |
|   . o +oo..     |
|    .   ..o      |
+----[SHA256]-----+
Generating public/private ecdsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_ecdsa_key
Your public key has been saved in /etc/ssh/ssh_host_ecdsa_key.pub
The key fingerprint is:
SHA256:h8VR9hV6yP2WW38Bep3dPITVgr83JQ7JPCDpN3sbcjA root@84b2187e9e39
The key's randomart image is:
+---[ECDSA 256]---+
|         ...o. o+|
|        o..oo.B..|
|       . .o+ O.= |
|        .oE B B.B|
|        S..* = OO|
|         .o = ooB|
|           + o o+|
|            .   .|
|                 |
+----[SHA256]-----+
Generating public/private ed25519 key pair.
Your identification has been saved in /etc/ssh/ssh_host_ed25519_key
Your public key has been saved in /etc/ssh/ssh_host_ed25519_key.pub
The key fingerprint is:
SHA256:4K0Xd0UsomSU02PE9sfPGCNsr3VW3cT82XhrcpPVh1E root@84b2187e9e39
The key's randomart image is:
+--[ED25519 256]--+
|       ..=.  ..+E|
|        = B ..o +|
|      .o = = o.=B|
|     . o.   =.B.@|
|      . S ...+ B*|
|       . o . .+*=|
|      . .    o+o.|
|       .    .    |
|                 |
+----[SHA256]-----+
chpasswd: password for 'root' changed
Removing intermediate container 84b2187e9e39
 ---> 9e4f3b23799a
Step 4/5 : EXPOSE 22
 ---> Running in 755b4ec0c2af
Removing intermediate container 755b4ec0c2af
 ---> 124af123cbc0
Step 5/5 : CMD    ["/usr/sbin/sshd", "-D"]
 ---> Running in f0931ddbdde5
Removing intermediate container f0931ddbdde5
 ---> bc74fe1ef269
Successfully built bc74fe1ef269
Successfully tagged mysshd:alpine

启动sshd容器服务

1
2
3
4
5

> docker run -d --name sshdocker -P mysshd:alpine
6153e6d0f9bb0cdcaf5612131d5649897eedb6d3b7e416a580a1637226090979
> docker ps
CONTAINER ID   IMAGE           COMMAND               CREATED         STATUS         PORTS                   NAMES
6153e6d0f9bb   mysshd:alpine   "/usr/sbin/sshd -D"   5 seconds ago   Up 4 seconds   0.0.0.0:55000->22/tcp   sshdocker

通过ssh客户端连接ssh服务

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

> ssh -p 55000 root@127.0.0.1
The authenticity of host '[127.0.0.1]:55000 ([127.0.0.1]:55000)' can't be established.
ECDSA key fingerprint is SHA256:h8VR9hV6yP2WW38Bep3dPITVgr83JQ7JPCDpN3sbcjA.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[127.0.0.1]:55000' (ECDSA) to the list of known hosts.
root@127.0.0.1's password:
Welcome to Alpine!

The Alpine Wiki contains a large amount of how-to guides and general
information about administrating Alpine systems.
See <http://wiki.alpinelinux.org/>.

You can setup the system with the command: setup-alpine

You may change this message by editing /etc/motd.

6153e6d0f9bb:~# pwd
/root

参考