docker_sshd without password
■ | docker - OS |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
■ | OS List |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
◎ | busybox |
|
|
|
|
|
|
|
◎ | alpine |
|
|
|
|
|
|
|
◎ | debian |
|
|
|
|
|
|
|
◎ | ubuntu |
|
|
|
|
|
|
|
◎ | centos |
|
|
|
|
|
|
|
◎ | fedora |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
■ | SSH service without password |
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
◎ | ubuntu - 163映象源 |
|
|
|
|
||
|
deb bionic main restricted universe multiverse | |||||||
|
deb bionic-security main restricted universe multiverse | |||||||
|
deb bionic-updates main restricted universe multiverse | |||||||
|
deb bionic-proposed main restricted universe multiverse | |||||||
|
deb bionic-backports main restricted universe multiverse | |||||||
|
deb-src bionic main restricted universe multiverse | |||||||
|
deb-src bionic-security main restricted universe multiverse | |||||||
|
deb-src bionic-updates main restricted universe multiverse | |||||||
|
deb-src bionic-proposed main restricted universe multiverse | |||||||
|
deb-src bionic-backports main restricted universe multiverse | |||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
◎ | ubuntu - 清華映象源 |
|
|
|
|
||
|
deb bionic main restricted universe multiverse | |||||||
|
deb-src bionic main restricted universe multiverse | |||||||
|
deb bionic-updates main restricted universe multiverse | |||||||
|
deb-src bionic-updates main restricted universe multiverse | |||||||
|
deb bionic-backports main restricted universe multiverse | |||||||
|
deb-src bionic-backports main restricted universe multiverse | |||||||
|
deb bionic-security main restricted universe multiverse | |||||||
|
deb-src bionic-security main restricted universe multiverse | |||||||
|
deb bionic-proposed main restricted universe multiverse | |||||||
|
deb-src bionic-proposed main restricted universe multiverse | |||||||
|
|
|
|
|
|
|
|
|
|
◎ | 設定使用163映象源 |
|
|
|
|
||
|
user01@ubuntu03:~/.ssh$ docker container run -it ubuntu:latest /bin/bash | |||||||
|
|
|
|
|
|
|
|
|
|
# 去除國外映象源 |
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
root@d44b543083c9:/# cd /etc/apt |
|
|
||||
|
|
root@d44b543083c9:/etc/apt# ls |
|
|
|
|||
|
|
apt.conf.d preferences.d sources.list sources.list.d trusted.gpg.d | ||||||
|
|
root@d44b543083c9:/etc/apt# mv sources.list sources.list.bak | ||||||
|
|
root@d44b543083c9:/etc/apt# ls |
|
|
|
|||
|
|
apt.conf.d preferences.d sources.list.bak sources.list.d trusted.gpg.d | ||||||
|
|
root@d44b543083c9:/etc/apt# apt-get update |
|
|||||
|
|
Reading package lists... Done |
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# 新增163映象源 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
root@d44b543083c9:/etc/apt# cd sources.list.d/ |
|
|||||
|
|
root@d44b543083c9:/etc/apt/sources.list.d# touch 163.list | ||||||
|
|
root@d44b543083c9:/etc/apt/sources.list.d# echo 'deb bionic main restricted universe multiverse | ||||||
|
|
> deb bionic-security main restricted universe multiverse | ||||||
|
|
> deb bionic-updates main restricted universe multiverse | ||||||
|
|
> deb bionic-proposed main restricted universe multiverse | ||||||
|
|
> deb bionic-backports main restricted universe multiverse | ||||||
|
|
> deb-src bionic main restricted universe multiverse | ||||||
|
|
> deb-src bionic-security main restricted universe multiverse | ||||||
|
|
> deb-src bionic-updates main restricted universe multiverse | ||||||
|
|
> deb-src bionic-proposed main restricted universe multiverse | ||||||
|
|
> deb-src bionic-backports main restricted universe multiverse' > 163.list | ||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
root@d44b543083c9:/etc/apt/sources.list.d# apt-get update | ||||||
|
|
Get:1 bionic InRelease [242 kB] | ||||||
|
|
Get:2 bionic-security InRelease [88.7 kB] | ||||||
|
|
Get:3 bionic-updates InRelease [88.7 kB] | ||||||
|
|
................................................. | ||||||
|
|
Get:35 bionic-proposed/multiverse amd64 Packages [522 B] | ||||||
|
|
Get:36 bionic-backports/universe Sources [2070 B] | ||||||
|
|
Get:37 bionic-backports/universe amd64 Packages [3650 B] | ||||||
|
|
Fetched 29.7 MB in 7s (4395 kB/s) |
|
|
||||
|
|
Reading package lists... Done |
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# 安裝openssh、net-tools、vim |
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
root@5faeaf3a1a29:/# apt-get install -y {openssh-server,vim,net-tools} | |||||||
|
Reading package lists... Done |
|
|
|
|
|||
|
Building dependency tree |
|
|
|
|
|||
|
Reading state information... Done |
|
|
|
||||
|
The following additional packages will be installed: |
|
||||||
|
ca-certificates dbus dmsetup file gir1.2-glib-2.0 krb5-locales libapparmor1 libargon2-0 libbsd0 libcap2 libcryptsetup12 | |||||||
|
................................................ |
|
||||||
|
Processing triggers for libc-bin (2.27-3ubuntu1) ... |
|
||||||
|
Processing triggers for ca-certificates (20180409) ... |
|
||||||
|
Updating certificates in /etc/ssl/certs... |
|
|
|||||
|
0 added, 0 removed; done. |
|
|
|
|
|||
|
Running hooks in /etc/ca-certificates/update.d... |
|
||||||
|
done. |
|
|
|
|
|
|
|
|
Processing triggers for systemd (237-3ubuntu10.15) ... |
|
||||||
|
|
|
|
|
|
|
|
|
|
root@d44b543083c9:/etc/apt/sources.list.d# dpkg -l openssh* | |||||||
|
Desired=Unknown/Install/Remove/Purge/Hold |
|
|
|||||
|
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend | |||||||
|
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) | |||||||
|
||/ Name Version Architecture Description | |||||||
|
+++-========================-=================-=================-====================================================== | |||||||
|
ii openssh-client 1:7.6p1-4ubuntu0. amd64 secure shell (SSH) client, for secure access to remote | |||||||
|
ii openssh-server 1:7.6p1-4ubuntu0. amd64 secure shell (SSH) server, for secure access from remo | |||||||
|
ii openssh-sftp-server 1:7.6p1-4ubuntu0. amd64 secure shell (SSH) sftp server module, for SFTP access | |||||||
|
root@d44b543083c9:/etc/apt/sources.list.d# /etc/init.d/ssh restart | |||||||
|
* Restarting OpenBSD Secure Shell server sshd | |||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
root@5faeaf3a1a29:/# mkdir -p /var/run/sshd |
|
|
|||||
|
root@5faeaf3a1a29:/# /usr/sbin/sshd -D & |
|
|
|||||
|
[1] 4199 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
root@5faeaf3a1a29:/# netstat -tunlp |
|
|
|
||||
|
Active Internet connections (only servers) |
|
|
|||||
|
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name | |||||||
|
tcp 0 0 0.0.0.0: 22 0.0.0.0:* LISTEN 4199/sshd | |||||||
|
tcp6 0 0 ::: 22 :::* LISTEN 4199/sshd | |||||||
|
|
|
|
|
|
|
|
|
|
■ 修改SSH服務的安全登入配置,取消pam登陸限制 |
|
|
|||||
|
|
|
|
|
|
|
|
|
|
root@5faeaf3a1a29:/# sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd | |||||||
|
|
|
|
|
|
|
|
|
|
■ 進入宿主機root使用者,生成秘鑰 |
|
|
|
|
|||
|
■ 在root使用者目錄下建立.ssh目錄,並複製需要登入的公鑰資訊(一般為本地主機使用者目錄下的.ssh/id_rsd.pub檔案,可由ssh-keygen -t rsa命令生成)到authorized_keys檔案中 |
|
|
|||||
|
|
|
|
|
|
|
|
|
|
root@ubuntu03:/home/user01/.ssh# cd |
|
|
★ | ||||
|
root@ubuntu03:~# ls |
|
|
|
|
|
||
|
root@ubuntu03:~# ls -a |
|
|
|
|
|
||
|
. .. .bash_history .bashrc .nano .profile .ssh .vim .viminfo | |||||||
|
root@ubuntu03:~# cd .ssh/ |
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
root@ubuntu03:~/.ssh# pwd |
|
|
|
|
|||
|
/root/.ssh |
|
|
|
|
|
|
|
|
root@ubuntu03:~/.ssh# ssh-keygen -t rsa |
|
|
|
||||
|
Generating public/private rsa key pair. |
|
|
|
||||
|
Enter file in which to save the key (/root/.ssh/id_rsa): | |||||||
|
Enter passphrase (empty for no passphrase): |
|
|
|||||
|
Enter same passphrase again: |
|
|
|
|
|||
|
Your identification has been saved in /root/.ssh/id_rsa. | |||||||
|
Your public key has been saved in /root/.ssh/id_rsa.pub. | |||||||
|
The key fingerprint is: |
|
|
|
|
|
||
|
SHA256:ogRDOyPSnK7a/X4r8HPKMjAHyn453Hs8sxtrdx56hCs root@ubuntu03 | |||||||
|
The key's randomart image is: |
|
|
|
|
|||
|
+---[RSA 2048]----+ |
|
|
|
|
|
||
|
| . | |
|
|
|
|
|
||
|
| + o | |
|
|
|
|
|
||
|
|o X | |
|
|
|
|
|
||
|
|.o.= | |
|
|
|
|
|
||
|
|..... . S . | |
|
|
|
|
|
||
|
|.oo.o. . . . | |
|
|
|
|
|
||
|
|o .++o.. o. | |
|
|
|
|
|
||
|
|.o *oo+E=o.o. | |
|
|
|
|
|
||
|
|. o o*OXOo+. | |
|
|
|
|
|
||
|
+----[SHA256]-----+ |
|
|
|
|
|
||
|
root@ubuntu03:~/.ssh# ls |
|
|
|
|
|||
|
id_rsa id_rsa.pub |
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
|
root@ubuntu03:~/.ssh# cat id_rsa.pub > authorized_keys |
|
||||||
|
|
|
|
|
|
|
|
|
|
root@ubuntu03:~/.ssh# ls |
|
|
|
|
|||
|
authorized_keys id_rsa id_rsa.pub |
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
root@ubuntu03:~/.ssh# cat authorized_keys |
|
|
|||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPtBiq9uRPdtt5CEYGiyJj51hUnBXCyQCkMDYJZGXH67nX12h7XX1QAVC6PNQmqi7otgF16KdiFyBS5RAMxhprVrOB4YsGzoszE3fYKI25TFK3+R+ug423h9IXGP3mNjR6WRhuhzILgaB+zDloF06OJvL07UtPsHzz8+98NIgKgA5hU7zeNAjxCAzsSJgoMyM1Wnu7VqEBCP+ch7z2hQ8zCi03jJguwfRngS1CmYOgKoVPGZhnmbzImi7KacSOeP8w6T0DR1mKDFOKGdvJvTKYE1cPoKqTLBVzUlX4KRufY3a2YGT/HYqfkejK4kTGwI1EC991OS/Wn+j4D9NWQgFp root@ubuntu03 | |||||||
|
|
|
|
|
|
|
|
|
|
■ 進入容器 |
|
|
|
|
|
|
|
|
user01@ubuntu03:/$ docker container exec -it 5fa /bin/bash | |||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
■ 將宿主機生成的秘鑰複製至容器內root使用者下的authorized_keys檔案中 | |||||||
|
root@5faeaf3a1a29:~/.ssh# pwd |
|
|
|
|
|||
|
/root/.ssh |
|
|
|
|
|
|
|
|
root@5faeaf3a1a29:~/.ssh# vi authorized_keys |
|
|
|||||
|
|
|
|
|
|
|
|
|
|
root@5faeaf3a1a29:~/.ssh# cat authorized_keys |
|
|
|||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPtBiq9uRPdtt5CEYGiyJj51hUnBXCyQCkMDYJZGXH67nX12h7XX1QAVC6PNQmqi7otgF16KdiFyBS5RAMxhprVrOB4YsGzoszE3fYKI25TFK3+R+ug423h9IXGP3mNjR6WRhuhzILgaB+zDloF06OJvL07UtPsHzz8+98NIgKgA5hU7zeNAjxCAzsSJgoMyM1Wnu7VqEBCP+ch7z2hQ8zCi03jJguwfRngS1CmYOgKoVPGZhnmbzImi7KacSOeP8w6T0DR1mKDFOKGdvJvTKYE1cPoKqTLBVzUlX4KRufY3a2YGT/HYqfkejK4kTGwI1EC991OS/Wn+j4D9NWQgFp root@ubuntu03 | |||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
root@5faeaf3a1a29:/# vi /run.sh |
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
root@5faeaf3a1a29:/# cat /run.sh |
|
|
|
||||
|
#!/bin/bash |
|
|
|
|
|
|
|
|
/usr/sbin/sshd -D |
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
root@5faeaf3a1a29:/# chmod +x run.sh |
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
root@5faeaf3a1a29:/# exit |
|
|
|
|
|||
|
exit |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
user01@ubuntu03:/$ docker container ps |
|
|
|
||||
|
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES | |||||||
|
5faeaf3a1a29 ubuntu:latest "/bin/bash" About an hour ago Up About an hour brave_mendel | |||||||
|
|
|
|
|
|
|
|
|
|
user01@ubuntu03:/$ docker container commit 5fa sshd:ubuntu | |||||||
|
sha256:fa04a332239e6a9758386b46ae3db7122d2510df1a40c7ca5cf09c26b5018471 | |||||||
|
|
|
|
|
|
|
|
|
|
user01@ubuntu03:/$ docker container run -it -d -p 10022:22 sshd:ubuntu /run.sh | |||||||
|
4da43dac8ee7f7aa32d245859c65e837b4699e3fbf086ad7f5a07b1a6ceb65e2 | |||||||
|
|
|
|
|
|
|
|
|
|
user01@ubuntu03:/$ docker container ps |
|
|
|
||||
|
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES | |||||||
|
4da43dac8ee7 sshd:ubuntu "/run.sh" 8 seconds ago Up 7 seconds 0.0.0.0:10022->22/tcp clever_fermat | |||||||
|
5faeaf3a1a29 ubuntu:latest "/bin/bash" About an hour ago Up About an hour brave_mendel | |||||||
|
|
|
|
|
|
|
|
|
|
root@ubuntu03:/# ssh 192.168.152.135 -p 10022 |
|
|
|||||
|
The authenticity of host '[192.168.152.135]:10022 ([192.168.152.135]:10022)' can't be established. | |||||||
|
ECDSA key fingerprint is SHA256:FQ3oHqh4bJPXCb7RnNGt+eZd6yf2U2LqFQRd95PoUpU. | |||||||
|
Are you sure you want to continue connecting (yes/no)? yes | |||||||
|
Warning: Permanently added '[192.168.152.135]:10022' (ECDSA) to the list of known hosts. | |||||||
|
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.4.0-142-generic x86_64) | |||||||
|
|
|
|
|
|
|
|
|
|
* Documentation: |
|
|
|||||
|
* Management: |
|
||||||
|
* Support: |
|
|
|||||
|
This system has been minimized by removing packages and content that are | |||||||
|
not required on a system that users do not log into. |
|
||||||
|
|
|
|
|
|
|
|
|
|
To restore this content, you can run the 'unminimize' command. | |||||||
|
|
|
|
|
|
|
|
|
|
The programs included with the Ubuntu system are free software; | |||||||
|
the exact distribution terms for each program are described in the | |||||||
|
individual files in /usr/share/doc/*/copyright. |
|
|
|||||
|
|
|
|
|
|
|
|
|
|
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by | |||||||
|
applicable law. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
root@4da43dac8ee7:~# |
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/10551346/viewspace-2641036/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- scp without interative password
- 3 Steps to Perform SSH Login Without Password Using ssh-keygen & ssh-copy-idORM
- Oracle WebLogic Default Password & Change PasswordOracleWeb
- SCSS without和withCSS
- unixODBC without the GUIGUI
- jQuery :passwordjQuery
- Django中的函式make_password、set_password和check_passwordDjango函式
- Performance Without the Event LoopORMOOP
- lsnrctl中,SET PASSWORD和CHANGE_PASSWORD命令
- iOS Password AutoFilliOS
- password檔案
- Password Storage - UserDetailsAI
- Java Development Without SpringJavadevSpring
- Del James的《Without You》
- URL password 屬性
- linux lost passwordLinux
- Change redhat root passwordRedhat
- Give root password for maintenanceAINaN
- Oracle Password File 理解Oracle
- [Flutter翻譯]Flutter without FlutterFlutter
- WebStorm Exception: ...requested without authorization...WebORMException
- ITaCS Change Password web partWeb
- 為oracle listener set passwordOracle
- REMOTE_LOGIN_PASSWORDREM
- Rsync over SSH with No Password (Crontab)
- How to Reset the MySQL Root PasswordMySql
- Forgot Password for user id SAP*Go
- ESP32-MicroPython without ThonnyPython
- Longest Substring Without Repeating Characters
- To view information if a process abends without a reportViewORM
- 交換分割槽之without validation
- New cache mode for BI 7.0 without directory
- Ecshop /admin/get_password.php Password Recovery Secrect Code Which Can Predict VulnerabilityPHP
- password_reuse_time與password_reuse_max之間的相互關係
- The server quit without updating PID fileServerUI
- Purge Old Mongo Logs without User InterventionGo
- HTML input password密碼框HTML密碼
- HTML input password 密碼框HTML密碼