Docker CentOS7 安装SSH

一. 从docker hub 下载centos 官方镜像

hr:centos7 hr$ docker pull centos:7 

下载完后，查看本地资源库：
hr:centos7 hr$ docker images
REPOSITORY           TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
    centos               7                   ce20c473cd8a        7 weeks ago         172.3 MB

运行容器
hr:centos7 hr$ docker run -i -t centos:7 /bin/bash

二. 安装passwd,openssl,openssh-server

[root@b5926410fe60 /]# yum install passwd openssl openssh-server -y

启动sshd:
# /usr/sbin/sshd -D
这时报以下错误：
[root@ b5926410fe60 /]# /usr/sbin/sshd
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key 

执行以下命令解决：
[root@b5926410fe60 /]# ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''    
[root@b5926410fe60 /]#  ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
[root@b5926410fe60 /]# ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key  -N '' 

然后，修改 /etc/ssh/sshd_config 配置信息：

1.UsePAM yes 改为 UsePAM no
2.UsePrivilegeSeparation sandbox 改为 UsePrivilegeSeparation no

[root@b5926410fe60 /]# sed -i "s/#UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config
[root@b5926410fe60 /]# sed -i "s/UsePAM.*/UsePAM no/g" /etc/ssh/sshd_config

修改完后，重新启动sshd
[root@b5926410fe60 /]# /usr/sbin/sshd -D

三. 修改root 密码

[root@b5926410fe60 /]# passwd root

四. 查看容器ip地址（如果宿主机是linux操作系统则跳过这一步）

[root@b5926410fe60 /]# ip addr ls eth0
84: eth0@if85: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe11:2/64 scope link 
       valid_lft forever preferred_lft forever

五. 将当前容器保存为镜像

hr:centos7 hr$ docker ps -all
CONTAINER ID  IMAGE       COMMAND       CREATED             STATUS                   PORTS      NAMES
b5926410fe60  centos:7   "/bin/bash"  4 minutes ago       Exited (0) 4 seconds ago           centos7ssh

hr:centos7 hr$ docker commit b5926410fe60 herong/centos7-ssh

六. 在宿主机上基于新创建的镜像启动新的容器

--先删除之前的容器
hr:centos7 hr$ docker ps -all
CONTAINER ID        IMAGE      COMMAND             CREATED             STATUS                      PORTS               NAMES
4122f818a741        herong/centos7-ssh:latest   "/usr/sbin/sshd"    13 seconds ago      Exited (0) 13 seconds ago                       happy_mclean

hr:centos7 hr$ docker rm -f 4122f818a741

--基于新镜像运行容器
hr:centos7 hr$ docker run -d -p 10022:22 herong/centos7-ssh:latest /usr/sbin/sshd -D

--查看映射端口是否成功
hr:centos7 hr$ docker ps -all
CONTAINER ID        IMAGE     COMMAND               CREATED             STATUS              PORTS                   NAMES
4966d35fe0a3        herong/centos7-ssh:latest   "/usr/sbin/sshd -D"   3 seconds ago       Up 3 seconds        0.0.0.0:10022->22/tcp   compassionate_kowalevski

hr:centos7 hr$ docker port 4966d35fe0a3
22/tcp -> 0.0.0.0:10022

七. 从宿主机连接到容器

如果宿主机是非linux操作系统，则需要通过docker-machine ip连到容器
-- 查看docker-machine Ip地址
hr:centos7 hr$ docker-machine ip default
192.168.99.100

--通过docker-machine ip  连接到容器，输入之前设置的密码即可登录成功
hr:centos7 hr$ ssh root@192.168.99.100 -p 10022
The authenticity of host '[192.168.99.100]:10022 ([192.168.99.100]:10022)' can't be established.
ECDSA key fingerprint is SHA256:d3JNckcTVv1ASJlwv+IT/bJwlzMC4U1T/PmsKYIHMhQ.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.99.100]:10022' (ECDSA) to the list of known hosts.
root@192.168.99.100's password: 
[root@4966d35fe0a3 ~]# pwd
/root

如果宿主机是linux操作系统，则通过第4步查看到的ip地址连接
hr:centos7 hr$ ssh root@172.17.0.2 -p 10022