Improve SSH documentation #254
Comments
|
you don't ssh onto a docker image if you have acces to the host generally, we don't open SSH on web server instances. you go from jumphost -> docker host - > docker container |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From the Readme.md I get the impression that the attached Dockerfile.txt should build an image that can run containers I can SSH into. I'm not able to log in though, even though my key is clearly added correctly. What else do I need to do? Could you please add to or correct the Readme to make this more obvious?
Here is what I did to create the image and the container:
Gimli:Centaur griesser$ docker build -t linzertorte . Sending build context to Docker daemon 1.486MB Step 1/8 : FROM phusion/passenger-full:1.0.5 ---> dff8ec761464 Step 2/8 : ENV HOME /root ---> Using cache ---> 9d388d71902f Step 3/8 : CMD ["/sbin/my_init"] ---> Using cache ---> 97486b0a5083 Step 4/8 : ADD ./keys/id_rsa.pub /tmp/id_rsa.pub ---> Using cache ---> 51efcc13d2e3 Step 5/8 : RUN cat /tmp/id_rsa.pub >> /root/.ssh/authorized_keys ---> Running in fecd0c78c80c Removing intermediate container fecd0c78c80c ---> ccf29dfa522c Step 6/8 : RUN rm -f /etc/service/sshd/down ---> Running in c9c8e465bf26 Removing intermediate container c9c8e465bf26 ---> 7f47b2d630e6 Step 7/8 : RUN /etc/my_init.d/00_regen_ssh_host_keys.sh ---> Running in 63458ab1cd81 No SSH host key available. Generating one... Creating SSH2 RSA key; this may take some time ... 2048 SHA256:jmfxpk7/tbzBoSP8Iio1tIsQf0fmUf33cPzwV8Wie5E root@63458ab1cd81 (RSA) Creating SSH2 ECDSA key; this may take some time ... 256 SHA256:yz9/WxTlYgQ8A/akvSEaHzikbqCMVxW9nraLiZhDqHE root@63458ab1cd81 (ECDSA) Creating SSH2 ED25519 key; this may take some time ... 256 SHA256:7ZNCSDsGIFEI2P00q4nqX3Ws/GI1bMrNebbgSktXOOM root@63458ab1cd81 (ED25519) invoke-rc.d: could not determine current runlevel invoke-rc.d: policy-rc.d denied execution of restart. Removing intermediate container 63458ab1cd81 ---> 0e5e0da5f227 Step 8/8 : RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* ---> Running in a131feb32527 Removing intermediate container a131feb32527 ---> 191d01efef30 Successfully built 191d01efef30 Successfully tagged linzertorte:latest Gimli:Centaur griesser$ docker run --name Sneezy linzertorte *** Running /etc/my_init.d/00_regen_ssh_host_keys.sh... *** Running /etc/my_init.d/10_syslog-ng.init... Apr 30 20:35:29 1c06f2c264d1 syslog-ng[13]: syslog-ng starting up; version='3.13.2' *** Running /etc/my_init.d/30_presetup_nginx.sh... *** Booting runit daemon... *** Runit started as PID 23 Apr 30 20:35:30 1c06f2c264d1 cron[31]: (CRON) INFO (pidfile fd = 3) Apr 30 20:35:30 1c06f2c264d1 cron[31]: (CRON) INFO (Running @reboot jobs)Then, in another shell, I attempted to log in via ssh:
Gimli:Centaur griesser$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1c06f2c264d1 linzertorte "/sbin/my_init" 54 seconds ago Up 53 seconds 80/tcp, 443/tcp Sneezy Gimli:Centaur griesser$ docker inspect -f "{{ .NetworkSettings.IPAddress }}" 1c06f2c264d1 172.17.0.2 Gimli:Centaur griesser$ ssh -i /Users/griesser/.ssh/id_rsa root@172.17.0.2 ssh: connect to host 172.17.0.2 port 22: Operation timed outSince that failed, I verified that my public key was indeed copied into/root/.ssh/authorized_keys:
Gimli:Centaur griesser$ docker exec -it Sneezy bash -l root@1c06f2c264d1:/# more /root/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3N04E1W2rTUeQ/Qs01rv4prVAuREDlMrzd7fkEHfksLlblX7eKqr3DEECFBvnydLt+xmRDo/2LAdTJxitCodjjiS+kLj2keSRoumzz6CIVN4r4IZjay0uwRC/5VCvMrcCqihjmr9kWpgJ8spu2VmcntJtXvV6hmHz8 oF085Dw26ObXhrHZdNN4BmppcztjyOjOD7DYOwHk+APEVuSHBxy78t+fbC2A3Slxz53tNnwUY6EEQO3ljkX1ptQxDlXBvxpvmVfp60jGetOBv0QXgHPVvV6g9hO1NfTqyWgKYUxnQyBmOrRpba+O7wXeDCc9DG0ElZGs32jQm170OrJkIe09SU2y06URppYN6s06mrRd8 Y20YtZAus6O/WGZs3nVzS/tRcyEfxYy0vVZ5DEKuF7keumo0mZRvgEaf6hf2ys2r33k9wv9bzMbz0sFWfwlEVzN+q+vrUbhZ5XFM8qlwszB9wYQjubRclG5oWyEsB3zBFzHbh4Ypp8fazTJzqg/YNW8rN0QZxAMkiiQ/rHIJ1WqipIF1t9ZcMg+tVzlD6tel51ToZqsui 1P2xkwY5TppeKGzmttCDS2s3iAbdUIxMln1dONyysMxJIk6W8VYxFyqGCbiPCYW8KD5Rn7t6lLYpE8wiHPhH51CrL037t2rycOwSiCktz+wjuJvMTHn04Rw== griesser@Gimli.local root@1c06f2c264d1:/#The text was updated successfully, but these errors were encountered: