Enable sshd operation in docker

First, install openssh-server in docker. After the installation is complete, switch to the installation directory /etc/ssh of openssh-server.

Run ssh-keygen to generate the corresponding key.

First, take a look at the sshd configuration file sshd_config, which contains the following:

HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

There are encryption methods such as rsa, dsa, ecdsa, and ed25519. The corresponding key pairs are generated according to these encryption methods.

[root@655f62a4ed82 ssh]# ssh-keygen -t rsa //Generate rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
0e:fa:07:36:bb:87:c1:60:14:be:41:41:01:1b:4b:bc root@655f62a4ed82
The key's randomart image is:
+--[RSA 2048]----+
| .+o*+ |
| ..*. |
|oooo|
| E oo |
| ..o. S |
| .*o |
| .. *. |
| .oo |
| o+ |
+-----------------+
[root@655f62a4ed82 ssh]# ssh-keygen -t dsa //Generate dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
ee:8c:db:a8:24:68:0d:33:79:eb:09:33:ed:74:c3:66 root@655f62a4ed82
The key's randomart image is:
+--[DSA 1024]----+
| |
| |
| |
| . |
| = . S |
| .B o . |
|.=.=.E . |
|.Bo= .* |
| +..+.+ |
+-----------------+
[root@655f62a4ed82 ssh]# ssh-keygen -t ecdsa //Generate ecdsa
Generating public/private ecdsa key pair.
Enter file in which to save the key (/root/.ssh/id_ecdsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_ecdsa.
Your public key has been saved in /root/.ssh/id_ecdsa.pub.
The key fingerprint is:
84:74:de:d1:e4:98:a1:5c:27:25:8e:b7:d6:27:fd:c9 root@655f62a4ed82
The key's randomart image is:
+--[ECDSA 256]---+
| . . *++ |
| . = * X. |
| . * * . |
| . . o . |
|S ooo |
| . o...|
| E.|
| |
| |
+-----------------+
[root@655f62a4ed82 ssh]# ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/root/.ssh/id_ed25519): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_ed25519.
Your public key has been saved in /root/.ssh/id_ed25519.pub.
The key fingerprint is:
d8:40:95:1f:07:96:8a:83:7f:af:19:01:3b:b4:79:91 root@655f62a4ed82
The key's randomart image is:
+--[ED25519 256--+
| ....oo |
| . .oo . |
| .+.Eo o |
| ..oO... |
| .*.S |
| .o.. |
| ... |
| o. |
| o. |
+-----------------+
[root@655f62a4ed82 ssh]# cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys

After the key pair is generated, you need to modify the location of the above files in sshd_config.

HostKey /root/.ssh/id_rsa
HostKey /root/.ssh/id_dsa
HostKey /root/.ssh/id_ecdsa
HostKey /root/.ssh/id_ed25519

Run /usr/sbin/sshd to check whether port 22 is enabled. If it is enabled, it indicates successful startup.

[root@655f62a4ed82 ssh]# /usr/sbin/sshd
[root@655f62a4ed82 ssh]# lsof -i:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 37 root 3u IPv4 250907 0t0 TCP *:ssh (LISTEN)
sshd 37 root 4u IPv6 250909 0t0 TCP *:ssh (LISTEN)

Additional knowledge: When running the sshd process in the Docker container, remote login crashes (Exit status 254)

Note:

background

An sshd process is running in the container, mapping a port for external remote connection. Every time you connect, you will be logged out immediately after entering the password. The phenomenon is as follows:

[root@localhost /]# ssh [email protected] -p 8000
[email protected]'s password: 
Last login: Tue Nov 6 14:46:17 2018 from 192.168.0.6
Connection to 192.168.0.6 closed.

Check the debugging information and the final exit printout is as follows:

......
Connection to 192.168.0.6 closed.
Transferred: sent 2264, received 2224 bytes, in 0.0 seconds
Bytes per second: sent 235367.6, received 231209.1
debug1: Exit status 254

analyze

From the printout, there is already Last login information, so the password must have been entered correctly, and I have logged into the system, but it failed during the initialization of the environment. First, I considered the configuration of hosts.deny. After commenting the relevant configuration, the problem still exists.

It is said on the Internet that commenting out the UsePAM configuration in the sshd configuration file means not using the pam authentication module.

#UsePAM yes

After modifying and restarting the sshd process, it works as expected. As for the reason, all of them said that the timeout disconnection function was enabled under the default configuration. This is nonsense. The default link disconnection time cannot be so short, and why the sshd process runs normally in a non-docker environment. I don't accept this reason. Then let’s take a look again. There is no problem if pam authentication is not used, so I commented out the sshd-related configurations in /etc/pam.d/ one by one, but still couldn't find the problem.

At this time, I thought I could take a look at the pam log, which should provide some clues. By the way, RedHat and CentOS store pam logs in /var/log/secure, and Ubuntu and Debian store authentication information in /var/log/auth.log.

Sure enough, there is an error message in pam.

Nov 6 15:36:56 bbb sshd[11016]: Accepted password for root from 192.168.0.6 port 56394 ssh2
Nov 6 15:36:56 bbb sshd[11016]: pam_limits(sshd:session): Could not set limit for 'nproc': Operation not permitted
Nov 6 15:36:56 bbb sshd[11016]: pam_limits(sshd:session): Could not set limit for 'nofile': Operation not permitted
Nov 6 15:36:56 bbb sshd[11016]: pam_limits(sshd:session): Could not set limit for 'memlock': Operation not permitted
Nov 6 15:36:56 bbb sshd[11016]: pam_unix(sshd:session): session opened for user root by (uid=0)
Nov 6 15:36:56 bbb sshd[11016]: error: PAM: pam_open_session(): Permission denied
Nov 6 15:36:56 bbb sshd[11016]: Received disconnect from 192.168.0.6: 11: disconnected by user

It can be seen that this is caused by insufficient permissions to set parameters such as nproc, nofile, memlock, etc., and these configurations are in the pam component and are saved in the following two files:

/etc/security/limits.conf
/etc/security/limits.d/90-nproc.conf

Comment out the relevant settings in these two files, turn on pam authentication, and the ssh connection will be successful. That's the problem.

There are other methods

1. Because it is caused by insufficient permissions, bring the --privileged parameter when starting the container and use a privileged user to solve the problem

2. Because there is an error in configuring ulimits, you can use the --ulimit=[] parameter to configure it when starting the container

The above article about enabling sshd operation in docker is all I have to share with you. I hope it can give you a reference. I also hope that you will support 123WORDPRESS.COM.

You may also be interested in:

Solve the problem of starting two ports that occupy different ports when docker run
Two ways to exit bash in docker container under Linux
Docker uses Supervisor to manage process operations

<<: Summary of common functions and usage methods of WeChat applet development

>>: MySQL query data by hour, fill in 0 if there is no data

Detailed explanation of InnoDB architecture and features (summary of InnoDB storage engine reading notes)

Enable sshd operation in docker

Detailed explanation of InnoDB architecture and features (summary of InnoDB storage engine reading notes)

Forty-nine JavaScript tips and tricks

Detailed tutorial on installing qt5.12.8 and environment configuration on ubuntu18.04

Should I abandon JQuery?

Several ways to schedule backup of MySQL database (comprehensive)

11 Linux KDE applications you didn't know about

Detailed steps for installing nodejs environment and path configuration in Linux

A brief introduction to Tomcat's overall structure

Detailed explanation of MySQL index selection and optimization

Detailed explanation of the three major front-end technologies of React, Angular and Vue

Recommend

Nginx reverse proxy forwards port 80 requests to 8080

Some parameter descriptions of text input boxes in web design

Vue+Openlayer uses modify to modify the complete code of the element

Application of CSS3 animation effects in activity pages

HTML blockquote tag usage and beautification

Summary of 11 common mistakes made by MySQL call novices

How to build pptpd service in Alibaba Cloud Ubuntu 16.04

ThingJS particle effects to achieve rain and snow effects with one click

How to implement mobile web page size adaptation

CSS Back to Top Code Example

The problem of introducing specified font @font-face in CSS to be compatible with various browsers

Steps for Docker to build a private warehouse Harbor

Linux CentOS6.9 installation graphic tutorial under VMware

A comprehensive understanding of Vue.js functional components

How to run multiple MySQL instances in Windows