docker_sshd without password

dq725發表於2019-04-11
docker  - OS














OS List
















busybox






alpine






debian






ubuntu






centos






fedora














SSH service without   password













ubuntu - 163映象源




deb   bionic main restricted universe multiverse

deb   bionic-security main restricted universe   multiverse

deb   bionic-updates main restricted universe   multiverse

deb   bionic-proposed main restricted universe   multiverse

deb   bionic-backports main restricted universe   multiverse

deb-src   bionic main restricted universe multiverse

deb-src   bionic-security main restricted universe   multiverse

deb-src   bionic-updates main restricted universe   multiverse

deb-src   bionic-proposed main restricted universe   multiverse

deb-src   bionic-backports main restricted universe   multiverse






















































































































ubuntu - 清華映象源




deb   bionic main restricted universe   multiverse

deb-src   bionic main restricted universe   multiverse

deb   bionic-updates main restricted   universe multiverse

deb-src   bionic-updates main restricted   universe multiverse

deb   bionic-backports main restricted   universe multiverse

deb-src   bionic-backports main restricted   universe multiverse

deb   bionic-security main restricted   universe multiverse

deb-src   bionic-security main restricted   universe multiverse

deb   bionic-proposed main restricted   universe multiverse

deb-src   bionic-proposed main restricted   universe multiverse










設定使用163映象源




user01@ubuntu03:~/.ssh$ docker container run -it ubuntu:latest /bin/bash










# 去除國外映象源















root@d44b543083c9:/# cd /etc/apt



root@d44b543083c9:/etc/apt#   ls




apt.conf.d  preferences.d  sources.list   sources.list.d   trusted.gpg.d


root@d44b543083c9:/etc/apt#   mv sources.list sources.list.bak


root@d44b543083c9:/etc/apt#   ls




apt.conf.d  preferences.d  sources.list.bak   sources.list.d  trusted.gpg.d


root@d44b543083c9:/etc/apt#   apt-get update


Reading package lists...   Done















































































































# 新增163映象源
















root@d44b543083c9:/etc/apt#   cd sources.list.d/


root@d44b543083c9:/etc/apt/sources.list.d#   touch 163.list


root@d44b543083c9:/etc/apt/sources.list.d#   echo 'deb bionic main   restricted universe multiverse


> deb   bionic-security main restricted universe   multiverse


> deb   bionic-updates main restricted universe   multiverse


> deb   bionic-proposed main restricted universe   multiverse


> deb   bionic-backports main restricted universe   multiverse


> deb-src   bionic main restricted universe multiverse


> deb-src   bionic-security main restricted universe   multiverse


> deb-src   bionic-updates main restricted universe   multiverse


> deb-src   bionic-proposed main restricted universe   multiverse


> deb-src   bionic-backports main restricted universe   multiverse' > 163.list




















root@d44b543083c9:/etc/apt/sources.list.d#   apt-get update


Get:1   bionic InRelease [242 kB]


Get:2   bionic-security InRelease [88.7 kB]


Get:3   bionic-updates InRelease [88.7 kB]


.................................................


Get:35   bionic-proposed/multiverse amd64 Packages [522   B]


Get:36   bionic-backports/universe Sources [2070 B]


Get:37   bionic-backports/universe amd64 Packages [3650   B]


Fetched 29.7 MB in 7s   (4395 kB/s)



Reading package lists...   Done






































































































# 安裝openssh、net-tools、vim













root@5faeaf3a1a29:/# apt-get install -y {openssh-server,vim,net-tools}

Reading package lists...   Done




Building dependency tree




Reading state   information... Done



The following additional   packages will be installed:

  ca-certificates dbus dmsetup file   gir1.2-glib-2.0 krb5-locales libapparmor1 libargon2-0 libbsd0 libcap2   libcryptsetup12

................................................

Processing triggers for   libc-bin (2.27-3ubuntu1) ...

Processing triggers for   ca-certificates (20180409) ...

Updating certificates in   /etc/ssl/certs...


0 added, 0 removed; done.




Running hooks in   /etc/ca-certificates/update.d...

done.







Processing triggers for   systemd (237-3ubuntu10.15) ...










root@d44b543083c9:/etc/apt/sources.list.d#   dpkg -l openssh*

Desired=Unknown/Install/Remove/Purge/Hold


|   Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend

|/   Err?=(none)/Reinst-required (Status,Err: uppercase=bad)

||/ Name                     Version           Architecture      Description

+++-========================-=================-=================-======================================================

ii  openssh-client           1:7.6p1-4ubuntu0. amd64             secure shell (SSH) client, for   secure access to remote

ii  openssh-server           1:7.6p1-4ubuntu0. amd64             secure shell (SSH) server, for   secure access from remo

ii  openssh-sftp-server      1:7.6p1-4ubuntu0. amd64             secure shell (SSH) sftp server   module, for SFTP access

root@d44b543083c9:/etc/apt/sources.list.d#   /etc/init.d/ssh restart

 * Restarting OpenBSD Secure Shell server   sshd             



























































































root@5faeaf3a1a29:/# mkdir -p /var/run/sshd


root@5faeaf3a1a29:/# /usr/sbin/sshd -D &


[1] 4199















root@5faeaf3a1a29:/# netstat -tunlp



Active Internet   connections (only servers)


Proto Recv-Q Send-Q Local   Address           Foreign Address         State       PID/Program name

tcp        0        0 0.0.0.0: 22               0.0.0.0:*               LISTEN      4199/sshd

tcp6       0        0 ::: 22                    :::*                    LISTEN      4199/sshd










■   修改SSH服務的安全登入配置,取消pam登陸限制











root@5faeaf3a1a29:/# sed -ri 's/session required pam_loginuid.so/#session required   pam_loginuid.so/g' /etc/pam.d/sshd










■ 進入宿主機root使用者,生成秘鑰




■   在root使用者目錄下建立.ssh目錄,並複製需要登入的公鑰資訊(一般為本地主機使用者目錄下的.ssh/id_rsd.pub檔案,可由ssh-keygen   -t rsa命令生成)到authorized_keys檔案中











root@ubuntu03:/home/user01/.ssh#   cd


root@ubuntu03:~# ls





root@ubuntu03:~# ls -a





.  ..    .bash_history  .bashrc  .nano    .profile  .ssh  .vim    .viminfo

root@ubuntu03:~# cd .ssh/













root@ubuntu03:~/.ssh# pwd




/root/.ssh






root@ubuntu03:~/.ssh# ssh-keygen -t rsa



Generating public/private   rsa key pair.



Enter file in which to   save the key (/root/.ssh/id_rsa):

Enter passphrase (empty   for no passphrase):


Enter same passphrase   again:




Your identification has   been saved in /root/.ssh/id_rsa.

Your public key has been   saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:





SHA256:ogRDOyPSnK7a/X4r8HPKMjAHyn453Hs8sxtrdx56hCs   root@ubuntu03

The key's randomart image   is:




+---[RSA 2048]----+





|  .              |





| + o             |





|o X              |





|.o.=             |





|..... . S .      |





|.oo.o. . . .     |





|o .++o..  o.       |





|.o *oo+E=o.o.    |





|. o o*OXOo+.     |





+----[SHA256]-----+





root@ubuntu03:~/.ssh# ls




id_rsa  id_rsa.pub














root@ubuntu03:~/.ssh# cat id_rsa.pub > authorized_keys










root@ubuntu03:~/.ssh# ls




authorized_keys  id_rsa    id_rsa.pub












root@ubuntu03:~/.ssh# cat   authorized_keys


ssh-rsa   AAAAB3NzaC1yc2EAAAADAQABAAABAQDPtBiq9uRPdtt5CEYGiyJj51hUnBXCyQCkMDYJZGXH67nX12h7XX1QAVC6PNQmqi7otgF16KdiFyBS5RAMxhprVrOB4YsGzoszE3fYKI25TFK3+R+ug423h9IXGP3mNjR6WRhuhzILgaB+zDloF06OJvL07UtPsHzz8+98NIgKgA5hU7zeNAjxCAzsSJgoMyM1Wnu7VqEBCP+ch7z2hQ8zCi03jJguwfRngS1CmYOgKoVPGZhnmbzImi7KacSOeP8w6T0DR1mKDFOKGdvJvTKYE1cPoKqTLBVzUlX4KRufY3a2YGT/HYqfkejK4kTGwI1EC991OS/Wn+j4D9NWQgFp   root@ubuntu03










■ 進入容器






user01@ubuntu03:/$ docker container exec -it 5fa /bin/bash



















■   將宿主機生成的秘鑰複製至容器內root使用者下的authorized_keys檔案中

root@5faeaf3a1a29:~/.ssh#   pwd




/root/.ssh






root@5faeaf3a1a29:~/.ssh#   vi authorized_keys











root@5faeaf3a1a29:~/.ssh#   cat authorized_keys


ssh-rsa   AAAAB3NzaC1yc2EAAAADAQABAAABAQDPtBiq9uRPdtt5CEYGiyJj51hUnBXCyQCkMDYJZGXH67nX12h7XX1QAVC6PNQmqi7otgF16KdiFyBS5RAMxhprVrOB4YsGzoszE3fYKI25TFK3+R+ug423h9IXGP3mNjR6WRhuhzILgaB+zDloF06OJvL07UtPsHzz8+98NIgKgA5hU7zeNAjxCAzsSJgoMyM1Wnu7VqEBCP+ch7z2hQ8zCi03jJguwfRngS1CmYOgKoVPGZhnmbzImi7KacSOeP8w6T0DR1mKDFOKGdvJvTKYE1cPoKqTLBVzUlX4KRufY3a2YGT/HYqfkejK4kTGwI1EC991OS/Wn+j4D9NWQgFp   root@ubuntu03
































































root@5faeaf3a1a29:/# vi /run.sh













root@5faeaf3a1a29:/# cat /run.sh



#!/bin/bash






/usr/sbin/sshd -D























root@5faeaf3a1a29:/# chmod +x run.sh












root@5faeaf3a1a29:/# exit




exit
















user01@ubuntu03:/$ docker container ps



CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

5faeaf3a1a29        ubuntu:latest       "/bin/bash"         About an hour ago   Up About an hour                        brave_mendel










user01@ubuntu03:/$ docker container commit 5fa sshd:ubuntu

sha256:fa04a332239e6a9758386b46ae3db7122d2510df1a40c7ca5cf09c26b5018471










user01@ubuntu03:/$ docker container run -it -d -p 10022:22 sshd:ubuntu /run.sh

4da43dac8ee7f7aa32d245859c65e837b4699e3fbf086ad7f5a07b1a6ceb65e2










user01@ubuntu03:/$ docker container ps



CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                   NAMES

4da43dac8ee7        sshd:ubuntu         "/run.sh"           8 seconds ago       Up 7 seconds        0.0.0.0:10022->22/tcp   clever_fermat

5faeaf3a1a29        ubuntu:latest       "/bin/bash"         About an hour ago   Up About an hour                            brave_mendel










root@ubuntu03:/# ssh 192.168.152.135 -p 10022


The authenticity of host   '[192.168.152.135]:10022 ([192.168.152.135]:10022)' can't be established.

ECDSA key fingerprint is   SHA256:FQ3oHqh4bJPXCb7RnNGt+eZd6yf2U2LqFQRd95PoUpU.

Are you sure you want to   continue connecting (yes/no)? yes

Warning: Permanently   added '[192.168.152.135]:10022' (ECDSA) to the list of known hosts.

Welcome to Ubuntu 18.04.2   LTS (GNU/Linux 4.4.0-142-generic x86_64)










 * Documentation: 


 * Management:    

 * Support:       


This system has been   minimized by removing packages and content that are

not required on a system   that users do not log into.










To restore this content,   you can run the 'unminimize' command.










The programs included   with the Ubuntu system are free software;

the exact distribution   terms for each program are described in the

individual files in   /usr/share/doc/*/copyright.











Ubuntu comes with   ABSOLUTELY NO WARRANTY, to the extent permitted by

applicable law.















root@4da43dac8ee7:~#














來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/10551346/viewspace-2641036/,如需轉載,請註明出處,否則將追究法律責任。

相關文章